For many of us, the cyber threat to U. S. national security is amorphous and not easy to comprehend. At the same time, in the last two years of the Bush administration and through the first year of the Obama presidency, cybersecurity has been characterized as “one of the most urgent national security problems facing the new administration.”1 Our cyber systems have increasingly been infiltrated in recent years by malefactors with widely ranging motivations and associations. Experts point to stunning amounts of sensitive material lost to cyber thieves.
Given the increasing dependence on cyber technology, the vulnerabilities within insecure cyber networks are hard to quantify and even harder to understand and protect against. We have devoted the current issue of the Journal of National Security Law & Policy (JNSLP) to cyber threats in an attempt to raise awareness and focus national debate on what should be done in a variety of contexts to improve cybersecurity.
Many have helped in this project, but particular thanks go to Gary Sharp, special editor for this issue, who conceived the idea and did much to shape its content. Thanks are also due to Richard Shiffrin, who graciously served as an unofficial editor of this special issue, reviewing and critiquing significant amounts of material.
For many reasons, the collection of views presented in this issue is especially timely. By any measure, developing and implementing a forward-looking cybersecurity policy is among the most compelling items on the Obama administration national security agenda. It may also be the most complex. Developing such a policy requires a sophisticated understanding of the technology, interests, and motivations involved in perpetrating cyber attacks, on the one hand, and an appreciation of the tradeoffs implicated in decisions to create new authorities and institutional arrangements for cyber defense, on the other. That the Administration has not yet implemented a blueprint for action, despite the issue’s priority, may simply reflect its understanding that, given the intricacies of the threat and its management, leadership means showing restraint, rather than acting precipitately.