Private Entities & the State in the Cyber Era
2019 American Democracy Fellowship
Cyber operations are unlike traditional acts of force or violence that have traditionally elicited state response. Yet, there is a major strategic emphasis by states to address cyber operations as a national security threat. The United States has closely guarded the right to cyber force, but there are limits to the state’s capacity for cyber defense. American businesses have been subject to consequential exploits, but are required to stand their ground within their own networks. There is little recourse for businesses when they have been compromised without the government’s decision to act. Often, these recourses are slow and limited. Recently, the U.S. government has acknowledged shortcoming in its ability to provide comprehensive cyber defense. This manifested in the introduction of a Congressional bill that would allow businesses to provide more active defense outside their networks. At the root of this legislation is a fundamental question: What is are the limits of the state in cyber defense? To what extent is the state accountable for providing security in the cyber domain? In order to answer this question, I intend to survey the public to understand what characteristics and conditions make the public more likely to support a response to a cyber operation and which actor they hold accountable for providing the response: business or government.