A Doctrinal Thesis

authentication and identity on the Internet is not, in fact, a debate about the mechanisms per se but is a proxy for the debate about a doctrine of deterrence through accountability. This doctrine equates attacks with crimes and focuses on policy and structures to support forensics, identify perpetrators , and prosecute them. However , this doctrine has no teeth and will fail absent an effective means for retribution. Moreover, the doctrine depends on attribution of a machine's actions to individuals, requires international agreements about illegality, and presumes cross-border enforcement that depends on unprecedented levels of cooperation among nations. Other cybersecurity policy proposals currently under discussion derive from an analogy between computer malware and biological pathogens. The 2009 US National Leap Year Summit, for instance, discussed the creation of a Cyber-CDC, inspired by the existing Centers for Disease Control and Prevention (www.nitrd. gov/NCLYSummit.aspx). The dialogue, however, is again proceeding piecemeal and bottom-up, although it is easy to imagine that a higher-level view—a cyberspace analogy to public health—could serve as the rationale for a Cyber-CDC proposal. But why should anyone accept this specific analogy as a basis for a doctrine? Public health concerns inform people's behaviors as does religion, yet " patch and pray " aside, few would argue that an analogy with religion is a good since plenty of evidence indicates that technology alone can't lead us to a trustworthy cyberspace. New policy and new institutions are required. Today's policy discussions, however , are profoundly disturbing. The problem is not only the specific policy proposals, but the bigger picture—a potpourri of narrowly focused initiatives. If there is an over-arching policy framework, it's that new proposals be consistent with increasingly irrelevant norms, incentives, and mechanisms from the past century. Entrenched special interest groups and single-issue advocates flourish in such a retrograde framework, but the policy landscape resulting from such " bottom-up " policy design won't be pretty, nor will it be effective. Rather, it will exhibit the well-known deficiencies of any bottom-up system design: components that won't interact easily, have overlapping instead of independent functionality, and with inconsistent semantics. We must break out of the current dialogue and its focus on piecemeal solutions. New policy proposals need to be rationalized in terms of their support for a cy-bersecurity doctrine, which defines goals and means. • The goals state which system properties will be preserved, as well as which policies will be enforced, …