By the Hon. James E. Baker
(Re-published from ABA Journal | May 9, 2019) Cybersecurity is necessarily an issue that crosses international boundaries, raising complex questions of sovereignty, jurisdiction, law and policy. In response, lawyers have struggled to find the right legal metaphor or framework to apply to cyberspace. Each of these issues concerns the American Bar Association Rule of Law Initiative because the way we as a society choose to address these challenges implicates what it means to live and operate under the rule of law.
The United States government produces almost as many reports and strategies as the ABA. One recent document warrants the attention of the bar, and not just security practitioners. The Department of Defense Cyber Strategy released in September—or more precisely, the unclassified part of the Strategy available to the public—breaks new and important ground, potentially marking a significant shift in the federal government’s strategic posture. How important the Strategy is will depend in large part on whether it is tied to an effective policy and decision-making process.
If I were briefing a senior policymaker on the substance and import of this new Strategy, I would highlight the following key statement:
What is remarkable here is not the content of the statement, but the willingness to say it publicly. What would be even more remarkable would be if the U.S. government did in fact use all the instruments of national power to enforce cyber norms, as it once used all the instruments of national power to contain the Soviet Union. Gen. Paul Nakasone, in his capacity as the commander of U.S. Cyber Command, has advocated this approach encapsulated in the concept of “persistent engagement” …