The Fifteenth Annual Sommerfeld Lecture: The Structure of the Cyber Military Revolution

• Author: Paul Rosenzweig
• Pages: 344-362

344 MILITARY LAW REVIEW [Vol. 220

THE FIFTEENTH ANNUAL SOMMERFELD LECTURE1

THE STRUCTURE OF THE CYBER MILITARY REVOLUTION

PAUL ROSENZWEIG*

Thank you. Thank you, thank you very much for the introduction

and thank you for the invitation. I must say, I am deeply, deeply honored

* This is an edited transcript of a lecture delivered by Mr. Paul Rosenzweig to members

of the staff and faculty, and their distinguished guests, on September 3, 2013.

Paul Rosenzweig is the founder of Red Branch Consulting PLLC, a homeland

security consulting company, and a Senior Advisor to The Chertoff Group. Mr.

Rosenzweig formerly served as Deputy Assistant Secretary for Policy in the Department

of Homeland Security. He is a Distinguished Visiting Fellow at the Homeland Security

Studies and Analysis Institute. He also serves as a Professorial Lecturer in Law at

George Washington University, as a Senior Editor of the Journal of National Security

Law & Policy, and as a Visiting Fellow at The Heritage Foundation. In 2011 he was a

Carnegie Fellow in National Security Journalism at the Medill School of Journalism,

Northwestern University, where he now serves as an Adjunct Lecturer.

Mr. Rosenzweig is a cum laude graduate of the University of Chicago Law School.

He has an M.S. in Chemical Oceanography from the Scripps Institution of

Oceanography, University of California at San Diego, and a B.A from Haverford

College. Following graduation from law school, he served as a law clerk to the

Honorable R. Lanier Anderson, III of the United States Court of Appeals for the Eleventh

Circuit.

He is the author of Cyber Warfare: How Conflicts in Cyberspace Are Challenging

America and Changing the World and of the video lecture series, Thinking About

Cybersecurity: From Cyber Crime to Cyber Warfare from The Great Courses. He is the

coauthor (with James Jay Carafano) of Winning the Long War: Lessons from the Cold

War for Defeating Terrorism and Preserving Freedom and co-editor (with Timothy

McNulty and Ellen Shearer) of National Security Law in the News: A Guide for

Journalists, Scholars, and Policymakers.

1 Established in 1999, the Sommerfeld Lecture series was created at The Judge Advocate

General’s Legal Center and School to provide a forum for discussing current issues

relevant to operational law. The series is named in honor of Colonel (Ret.) Alan

Sommerfeld. A graduate of the 71st Officer Basic Course, Colonel Sommerfeld’s Army

judge advocate career was divided between the Active and Reserve Components. After

six years of active duty, he became a civilian attorney at Fort Carson, Colorado, and then

at the Missile Defense Agency. He continued to serve in the Army Reserve, and on

September 11, 2001, Colonel Sommerfeld was the Senior Legal Advisor in NORAD’s

Cheyenne Mountain Operations Center, where he served as the conduit for the rules of

engagement from the Secretary of Defense to the NORAD staff. He was subsequently

mobilized for two years as a judge advocate for Operation Noble Eagle and became a

founding member of the U.S. Northern Command (USNORTHCOM) legal office, where

he served as its Deputy Staff Judge Advocate and then interim Staff Judge Advocate. He

retired from the Reserves in December 2003.

2014] FIFTEENTH SOMMERFELD LECTURE 345

to have been invited to give you the Fifteenth Annual Sommerfeld

Lecture.

I am particularly honored because, of course, I am not a military

lawyer. Indeed I am not a military man much at all. I practice in the

national security sphere, but mostly from the civilian side. So it’s quite

an honor for me to be invited to speak with you, many of whom know far

more about military law than I do.

I assume that the reason I was invited was to bring to this meeting a

bit of an outside-of-the-box perspective on issues of cyber law and

policy. I hope to honor that spirit by being at least a little provocative if

not iconoclastic. My goal at the end of this discussion will be to have

given you some things to think about, even if you don’t agree with

everything I say over the next couple of hours. If you walk away

thinking, “Oh, yeah, he has a point there,” then that will be a successful

event, I think. My plan of attack is to talk for about forty-five or fifty

minutes—we have more than that—and then have Q&A for as long as

you guys like. If I say anything at all during this talk that is unclear, feel

free to interrupt. I am not like an automaton or anything. So please, by

all means, if you want to dispute something in the midst of this, you

don’t have to wait for the Q&A.

As I said, I am not a military man, but I have been to enough military

briefings to know that the time-honored way to begin them is to give

your audience the bottom line up front so that you all know exactly

where I am going. So I have written this one down because I want it to

come out exactly right. Here is my bottom line: Much of what the U.S.

military is doing to prepare for conflict in cyberspace is misguided. We

are, in effect, preparing to fight the last war against the last enemy. We

conceive of the conflict as involving a contest against a peer nation

states—China, for example. What we are systematically missing is

something I would call the democratization of conflict in cyberspace.

The capability of nonstate actors, ad hoc groups, and even individuals to

compete on an almost level playing field with nation states and to do

significant damage to our national security interests. If we do not

reconceptualize how we are thinking about cyber security, policy, and

conflict, we are going to miss the boat.

To illustrate the point, let me begin by asking you a question. I want

you to think about the last ten years, and I want you to confine yourself

to the cyber domain, broadly speaking, and ask yourself what has been