Brookings: Topics - Technology and Development

The "Oceans 11" of Cyber Strikes

Peter W. Singer — Mon, 21 May 2012 09:45:00 -0400

There is perhaps no contemporary security policy issue that is as important, but so poorly understood, as cybersecurity. A major part of the problem is a simple lack of familiarity with the most basic terms and definitions.

Almost all policymakers today are digital immigrants — people who grew up in a world where computers were rarely used, but who now live in a world where they are ubiquitous. Unlike younger digital natives to whom computers are a natural feature, these leaders often feel like strangers in a new land, unable to speak the language, and thus more likely to keep silent for fear of embarrassment or misunderstanding. These immigrants are also the ones whose ignorance is most often taken advantage of by get-rich-quick schemes and other bad policy advice.

I recently watched a good example of this at a meeting in Washington of government officials and business leaders. A so-called consultant in cybersecurity (at least that’s what his business card and website said, and who are we to question the Internet?) spent half his presentation talking up the massive boogeyman of cyber danger that loomed for any and all, mentioning again and again the new specter of APTs, or advanced persistent threats. Fortunately, he spent the second half explaining how all that was needed to deter such threats was to be “good enough.” As long as you make sure your defenses are slightly better than the next guy’s, the attackers will give up and quickly move on. And lo and behold, his firm had a generic package for sale that would solve for just those needs. It was a presentation that was slick and effective — and wrong.

APTs are a phenomenon that has gained more and more notoriety in recent years but still is poorly understood. They illustrate the challenge in the policy world of calling attention to very real emerging challenges in cyberspace but also avoiding overreaction, hype and hysteria.

What is an APT?

If cybersecurity threats were movies, an advanced persistent threat would be the “Ocean’s Eleven” of the field. It’s not that APTs star handsome actors like George Clooney or Brad Pitt in Armani suits; indeed, they are more likely to be run by their polar opposites, in sweat-stained T-shirts. Rather, APTs have a level of planning that sets them apart from other cyber threats. Like the plots in the “Ocean’s” movies, they are the work of a team that combines organization, intelligence, complexity and patience. And because of that, like the kind of major casino heists depicted in the movies, APTs are actually quite rare.

While there are some 60,000 new pieces of malware created by cyber criminals each day, a miniscule percentage have anything to do with an APT. And even more, much as every group of criminals would like to think they are just like the gang in “Ocean’s Eleven,” only a subset of groups behind APTs are actually that good. One defense firm, for example, is aware of a number of APTs targeting its systems, but divides them in the A-team group that spooks them and a wider set of Z-team groups, which they laugh about.

An APT starts with a specific target in mind. The perpetrators know what they want and who, specifically, they will go after to get it. APT targets have ranged from military jet designs to classified diplomatic documents to oil company trade secrets. While everyone would like to think they are important enough to be targeted by an APT, the reality is that most of us don’t rise to that level. Sorry, you’re not going to be played by Al Pacino, as in the last “Ocean’s” movie.

Once the target has been identified, the hallmark of an APT is how it reflects the work of a coordinated team of specialized experts, each taking on different roles. Much like a robber casing a bank or a spy observing a military base, a surveillance team performs target development — learning everything they can about the person or organization they are going after and key vulnerabilities. In this effort, online search tools and social networking are a blessing to the attackers.

Want to steal a new defense widget and therefore need to know who is the vice president of product development? In the past, you would have had to send James Bond to seduce the receptionist in Human Resources and then sneak into her files while she was sleeping off a night of romance and martinis. Now, just have your Red Bull-sipping targeting guy use a search engine and he can get everything from that executive’s résumé to the name of her daughter’s pet iguana. As cybersecurity expert Gary McGraw notes, “The most impressive tool in the attackers’ arsenal is Google.”

These groups might not just use search from afar, but also work to bring themselves closer to the target with physical or even virtual means, such as social networking. Perhaps the most innovative recent example was when senior British officers and defense officials were tricked into accepting friend requests from a fake Facebook account claiming to be Adm. James Stavridis. As the Telegraph reported, “They thought they had become genuine friends of NATO's Supreme Allied Commander — but instead every personal detail on Facebook, including private email addresses, phone numbers and pictures were able to be harvested.”

It is this phase that also explains why such attacks are differentiated as persistent. The reconnaissance and preparations conducted can literally take months. The teams are not just trying to understand the organizational structure of the target, but also its key concerns and even its tendencies. One APT, for example, was casing a technology firm headquartered in Minnesota. They ultimately figured out that the best way to crack the system was to wait until a major blizzard. Then they sent a faked email with a document purporting to be the firm’s new snow day policy. Another effort, reported by Reuters in 2011, was allegedly conducted by Chinese intelligence and military units, who gathered details not only on who were the key friends and associates of U.S. national security officials, but even what farewell message they typically signed off with in their emails.

Once the target is understood, an intrusion team of professional hackers will then work to breach the system. One of the most common compromise activities is spear phishing, where an individual or group is targeted with a communications that seems to come from a trusted source. When they open files or links in the message, they instead trigger a download of malware, as in the “snow day” email. A faked email is frequently used by such attackers. Take Operation Shady RAT (remote access tool), a highly successful campaign that targeted some 72 organizations around the world, from aerospace firms to the World Anti-Doping Agency (notably right before the 2008 Olympics). When the counterfeit email attachment was opened, malware was implanted inside the target’s network. This created a backdoor communication channel to an outside Web server, which had, in turn, been compromised with hidden instructions in the Web page’s code in an effort by the attackers to cover their tracks.

What is notable here is that the initial target is frequently not the end target. Often, the best way into a network is via trusted outsiders, often with lower levels of defense. One defense firm was penetrated in 2010 via smaller company vendors. Next, the attackers may target people in the network who have some level of access that will open the gates wider. Last year, an APT was launched at various think tanks. The attackers sought access to scholars who worked on Asian security issues, but aimed initially at employees who had administrative rights and access to passwords.

Email is not the only way in. Other APTs have used Facebook and other social networks to figure out the friends of individuals with a high level of privilege inside a targeted network. Then, they compromise these friends’ instant messaging chats as a way to sneak in.

The malware used in these attachments is often quite sophisticated. Polymorphic malware, for example, changes form every time it runs, to stay ahead of defenses, and then can burrow deep into computer networks to avoid discovery. The best APTs might use even more advanced tools, like malware that is tailored to the system it is targeting or avoids automatic propagation that might lead to detection, or even goes after a new vulnerability known as a zero day. (In this case, the attack is acting before the first or “zeroth” day of developer awareness of the weakness, meaning there is not yet a security fix available to users of the software.) Much like a military unit or even a sports team would do, APT groups often conduct dry runs and even quality assurance tests to minimize the number of anti-virus programs that can detect them.

Once the team is in, they branch out like a viral infection, often with more personnel joining the effort. They jump from the initial footholds, compromising additional machines inside the network that can run the malware and be used to enter and leave. This often involves installing keystroke-logging software and command-and-control programs, which allow them to direct the malicious code to seek out sensitive information.

At this point, the target is “pwned” (a common mistyping of “owned” and a term used by hackers and online gamers when they have gotten the better of a target or opponent). An exfiltration team begins work on retrieving what the APT was targeting all along. Here is another hallmark of a real APT: Such a team eschews the usual criminal ethic of “grab what you can get” in favor of a disciplined pursuit of specific files. In many cases, the attackers don’t even open the files during a theft, suggesting that their earlier reconnaissance was thorough enough that they didn’t need to double-check. Many analysts believe this discipline suggests the hidden hand of military or intelligence officials, either as team members or advisers, in many APTs.

Many APTs are detected during exfiltration, when data is leaving the network in massive amounts that are hard to mask. Exfiltration teams therefore use all sorts of tricks to cover their tracks. One frequently used tactic is to have the data routed through way stations in multiple countries, akin to a money launderer running stolen funds through banks all over the world. This makes it not only harder to track them down, but also routes their activities through different legal jurisdictions.

Some APTs do more than just copy the data. French officials, for example, said an APT run out of China gained access to the computers of several high-level French political and business leaders, and then activated the devices’ microphones and Web cameras so that they could eavesdrop on their owners’ conversations.

Even more nefarious, some APTs alter the files to which they gain access. By definition, this is the point at which an action moves from theft or spying into sabotage or even attack. It may also become the line international law ultimately decides is the difference between espionage and war.

What makes APTs even more of a challenge is that even if a target finds out it has been attacked, the pain is not yet over. Finding which machines and accounts inside the system have been infected can take months. Even more, if the effort is truly persistent — say, if the target has some sort of ongoing value to the attacker — there might be an additional unit in the APT whose very job it is to maintain an electronic foothold in the network. Their job is to ensure there is a sequel — an “Ocean’s Twelve,” so to speak. Rather than focusing on what information to steal, this team might, for example, monitor internal emails to learn how the defenders are trying to get them out, in order to stay one step ahead.

With their electronic communications compromised, some defenders’ response here is often old-school. They will do things like literally yank hard drives out of their computers and post handwritten signs in the hallways about needed password changes.

In sum, APTs are a nightmare scenario for any organization. Many don’t know they’ve been hit until it is too late. And even if they do find out, it is often impossible to prove who did it. Indeed, that is why APTs may be the most controversial of all the threat vectors in cybersecurity. Except in cases where the attackers are sloppy (such as when a high-ranking officer in China’s People’s Liberation Army employed the same server to communicate with his mistress that he was also using to coordinate an APT), there is little actual proof that would stand up in a court of law or even the court of public opinion. What we are often left with instead are just suspicions and finger-pointing, which is why APTs have become so poisonous for diplomatic relations, especially between the U.S. and China.

This is exactly why it is important to better understand the nature of such threats: to be able to better respond effectively. APTs are not as pervasive as they seem from the level of discussion in business pitches and congressional hearings. Their very sophistication both creates a problem and acts as a limiting factor.

But in turn, that sophistication means the threat is not likely to be stopped by some “secret sauce” sold by the many firms that have followed the federal budget money train into cybersecurity. A good defense is complex and layered, taking on each of the attacker’s phases, from surveillance to exfiltration. This means that the best counters will range from the highly sophisticated (such as new mechanisms to monitor anomalies in network traffic) to simply spreading better understanding of the basics of the issue.

Take the relatively simple but important job of getting network users to observe basic cyber hygiene. In one noteworthy case in 2008, a DoD network was reportedly compromised via a memory stick left in the parking lot outside the base. A foreign intelligence agency was alleged to have left it there, thinking U.S. soldiers wouldn’t be able to resist its lures. And they were right: Someone picked it up and plugged it into a computer. Yet, you wouldn’t stick something you found in a parking lot into your mouth, so why would you think it OK to stick it into your computer?

In APTs, as well the wider issues of cybersecurity, information is power. This cuts both ways, however. The very real threats, as well as those who would profit from them, are targeting some valued bit or byte of knowledge. But their success, whether at stealing that information, or from banking on our fears, depends on our ignorance.

Authors

Peter W. Singer

Publication: Armed Forces Journal

Image Source: Samantha Sais / Reuters

Mords-Maschinen

Peter W. Singer — Tue, 01 May 2012 00:00:00 -0400

Editor's Note: Each new year brings more change, from unmanned systems’ growing autonomy to a growing range of capabilities and roles and missions they serve in war and beyond. Peter Singer explores the latest technological developments and examines their implications for international politics.

Nur wenige Autominuten trennten das Wohnzimmer von Colonel Gary Fabricius von den Schlachtfeldern im Irak. Morgens setzte sich der US-Soldat in seinen Wagen, fuhr zum nahe gelegenen Stützpunkt in Nevada und begann seine Schicht im “Krieg gegen den Terror”. Abends war pünktlich Feierabend und danach Zeit für die Familie – denn Fabricius kommandierte eine Staffel von “Predator”- Drohnen. Kein einziges Mal musste der Colonel seine sichere Militärbasis im Westen der USA verlassen, um seine Gegner im Irak anzugreifen. “Du bist zwölf Stunden lang im Krieg, feuerst Waffen auf Ziele ab, leitest die Tötung feindlicher Kämpfer ein – danach steigst du in dein Auto, fährst nach Hause, und nach 20 Minuten sitzt du am Esszimmertisch und sprichst mit deinen Kindern über ihre Hausaufgaben”, berichtet Fabricius von der “Front”.

Noch vor wenigen Jahren wäre diese Art der Kriegsführung per Joystick undenkbar gewesen – inzwischen sind ferngesteuerte Kampf- und Aufklärungsroboter aber dabei, die Schlachtfelder der Welt zu erobern: Als das US-Militär 2003 im Irak einmarschierte, verfügte es nur über eine Handvoll unbemannter und unbewaffneter Aufklärungsflugzeuge, am Boden hatte die Truppe überhaupt keine unbemannten mobilen Geräte. Heute gibt es in den Beständen der USA mehr als 7500 fliegende Drohnen wie den Predator (“Raubtier”) und weitere rund 12 000 unbemann te Fahrzeuge am Boden – etwa den „Packbot“, ein Produkt der Firma iRobot, die auch den Staubsaugerroboter “Roomba” und den Bodenwischroboter “Scooba” herstellt.

Nicht nur die Zahl der Drohnen ist in nur neun Jahren geradezu explodiert, auch technisch haben sich die ferngesteuerten Roboter in dieser Zeit dramatisch weiterentwickelt. Vor dem 11. September 2001 war der MQ-1 Predator kaum mehr als ein fliegendes Fernglas mit Fernsteuerung – sehr zum Ärger der US-Militärs: Sie konnten Osama bin Laden zwar in seinen Trainingscamps beobachten, hatten aber keine Möglichkeit, ihn anzugreifen. Das änderte sich nach den Anschlägen von New York und Washington: Das neun Meter lange Flugzeug wurde mit lasergesteuerten Hellfire-Raketen ausgestattet und erwies sich als derart nützlich, dass der Kommandeur der US-Streitkräfte im Mittleren Osten es als sein „wertvollstes Waffensystem“ bezeichnete.

Auch auf dem Boden wurden Roboter zuerst nur für Beobachtungszwecke eingesetzt, sind inzwischen aber mit allen möglichenWaffen ausgestattet. Der Talon beispielsweise ist ein Roboter von der Größe eines Rasenmähers, mit dem sich Bomben am Straßenrand entschärfen ließen. Nachdem die Militärs seinen Greifarm durch einen Waffenträger ersetzt hatten, war SWORDS geboren (Special Weapons Observation Reconnaissance Detection System): SWORDS kann mit jeder Waffe ausgestattet werden, die weniger als 140 Kilogramm wiegt – vom M16- Karabiner über ein Maschinengewehr bis hin zu einem 40- Millimeter-Granatwerfer oder einer Abschussvorrichtung für
Anti-Panzer-Raketen.

Diese Entwicklung zeigt: Drohnen sind auf dem besten Wege, im wahrsten Sinne des Wortes zu Killer-Applikationen zu warden – eine neue Technologie, die nicht nur tödlich ist, sondern auch die Spielregeln des Kriegshandwerks komplett verändert. Wie tiefgreifend diese Umwälzung sein wird, lässt sich kaum abschätzen, denn nach Meinung vieler Experten stehen wir mit den unbemannten Systemen heute erst dort, wo wir zu Beginn des 20. Jahrhunderts mit den Automobilen angelangt waren. Kein Wunder, dass Wissenschaftler eine Parallele zur Atombombe ziehen: Nach ihrer Meinung entwickeln wir gerade eine Technologie, die bisher nur ins Reich der Science-Fiction gehörte – die aber so mächtig ist, dass wir ihre Erfindung eines Tages noch bereuen könnten.

Downloads

0501_military_robotics_singer

Authors

Peter W. Singer

Publication: Technology Review

Why the Supreme Court GPS Decision Won't Stop Warrantless Digital Surveillance

John Villasenor — Wed, 25 Jan 2012 00:00:00 -0500

On January 23, the U.S. Supreme Court ruled unanimously that law enforcement authorities do not generally have a right to affix a GPS tracking device to a suspect's car without first obtaining a valid warrant. Of the many things that can be said about the case, which has been called the most important Fourth Amendment test in a decade, perhaps the most sobering in the long run will be this: the decision is based on technology assumptions that are rapidly becoming irrelevant.

The case, formally known as United States v. Jones, has its roots in the technologically distant past of 2005, when smart phones, tablets, mobile apps, social networking and license plate cameras had not yet become ubiquitous—when it was still possible to make a trip to the grocery store without leaving a megabits-long trail of digital footprints.

Read the full article at scientificamerican.com »

Authors

John Villasenor

Publication: Scientific American

Image Source: Richard Newstead

Metropolitan Business Plans Bring Regional Industries Into the 21st Century

Bruce Katz and Judith Rodin — Fri, 20 Jan 2012 09:42:00 -0500

With the economy still reeling from the effects of the recession, metropolitan areas have become increasingly willing to explore new approaches to economic development. Moving away from traditional one-size-fits-all approaches that emphasized Starbucks, stadium-building, and stealing businesses, metro leaders are instead crafting metropolitan business plans that grow jobs from within, building on their distinct market advantages.

By partnering with private industry, nonprofit intermediaries, universities, civic leaders, research institutions, and other interested parties, regional public sector leaders are working to strengthen their economies by focusing on those industries with the greatest potential for future growth.

For some regions, these efforts have involved helping existing firms make the transition to emerging industries. Northeast Ohio’s long struggle with post-deindustrialization was made worse by the Great Recession and the collapse of the auto sector and the foreclosure crisis.

In response, regional leaders came together to launch PRISM, the Partnership for Regional Innovation Services to Manufacturers initiative. The goal of PRISM is to help small and medium-sized manufacturers in old commodities industries, like steel and automotive, reinvent their products and business models to take advantage of growth opportunities in emerging markets like bio-science, health care and clean energy.

Led by the Manufacturing Advocacy and Growth Network (MAGNET), a regional intermediary organization, PRISM brings together higher education institutions, regional economic development organizations, and Ohio’s Edison Technology Centers to provide market research and business consulting services, increase firms’ access to capital and talent, and foster stronger relationships within growing industry clusters. [Full disclosure: The Brookings-Rockefeller Project on State and Metropolitan Innovation provided initial advisory support to PRISM.]

“Through PRISM, we hope to demonstrate that a growing manufacturing sector is not only possible, but desirable for the region,” says MAGNET president and CEO Daniel Berry. “Reclaiming the legacy of manufacturing innovation in Northeast Ohio will enable the region’s companies to create more well-paying jobs.”

In other parts of the country, partnerships are linking up existing industry strengths to create new growth opportunities. To ensure the Seattle region continues to be a global hub of innovation, public and private sector leaders have formed the Building Energy-Efficiency Testing and Integration (BETI) Center and Demonstration Network to develop new products, services and technologies around energy efficiency for customers around the world. BETI capitalizes and integrates this region’s distinct, competitive advantages – unparalleled software and information technology, strong sustainability ethos, an emerging building energy efficiency sector, and strong post-secondary institutions and talent that can support future demand. This is not a cookie cutter idea but one that can best work with the market formula found in the Puget Sound region.

With financial support from a federal i6 Green Challenge grant and a state match, BETI will help local businesses commercialize innovations in building energy-efficient technologies, platforms, and materials by providing product validation and integration services. In addition, BETI will foster greater collaboration among industry stakeholders, including businesses, entrepreneurs, trade associations, local and state government agencies, state universities, research networks, venture capitalists, and regional utilities.

Both Northeast Ohio and the Puget Sound region arrived at these collaborative partnerships during the course of their efforts to develop metropolitan business plans. Like private sector business plans, these regional economic development plans are rooted in market dynamics and competitive assets. The metropolitan business planning process offers a framework for regional business, civic, and government leaders to assess their metro’s distinctive market position, identify pragmatic economic development strategies that capitalize on regional assets and set forth detailed implementation-ready plans for economic growth. Once established, these metropolitan business plans will act as roadmaps for metro economies as they drive the nation toward greater prosperity, increased job creation, and a leading position in the next economy.

Authors

Bruce Katz
Judith Rodin

Publication: The Atlantic Cities

In New York City, Growing a Technology Hub

Bruce Katz and Judith Rodin — Tue, 17 Jan 2012 00:00:00 -0500

New York City has long been known as a hub of innovation and opportunity, a place where creativity and sheer force of will can produce achievements previously unimagined. Companies that have changed how we experience the world—from Alexander Graham Bell’s Bell Laboratories to Jay-Z’s Roc-A-Fella Records—all got their start in the city that never sleeps.

However, despite a burgeoning community of tech entrepreneurs, over 100 academic and research institutions, and more than 626,000 post-secondary students, New York City still lags the Bay Area in tech capacity and research commercialization. Silicon Valley remains the foremost location for dot-com entrepreneurialism and technological innovation—home to tech legends Apple and Google, social media giants Facebook and Twitter, the social philanthropy innovators at Kiva and the design visionaries at IDEO, among many, many others.

The Bloomberg administration wants to change all that. Its Applied Sciences NYC initiative aims to boost tech R&D, spark job growth, foster entrepreneurial endeavors and diversify the area economy by establishing a state-of-the-art applied sciences and engineering campus in the heart of New York City. To support this project, the city has pledged up to $100 million as well as a 99-year lease for nominal rent at one of three city-owned sites— the Goldwater Hospital Campus on Roosevelt Island, the Navy Hospital Campus at the Brooklyn Navy Yard or historic buildings and property on Governors Island. Applicants were to be judged based on proposed support for research commercialization and job creation, academic program strength, plans for community engagement, sustainability of design, and sensitivity to existing neighborhoods and surroundings.

In late December, the city announced its decision to partner with Cornell University and the Technion-Israel Institute of Technology to create the “NYCTech” campus on Roosevelt Island. Phase one of the campus build-out will develop 300,000 square feet by 2017, though the two universities aim to start classes at a temporary site this September. By the project’s culmination in 2043, NYCTech will encompass two million square feet with 280 faculty members and up to 2,500 graduate students. Cornell and Technion also plan to contribute to area K-12 education by training 200 science teachers each year.

Based on current projections, the city expects that the new campus will create up to 20,000 construction jobs; up to 8,000 permanent, well-paying jobs for a broad range of skill levels; 600 new companies; and billions in additional economic activity. For Cornell President David Skorton, the prospect of job creation is especially compelling. "The most exciting thing to me in this election season is that we don’t have to roll over and die for lack of a way to create jobs. This is an example of a public-private governmental partnership: it’s government, it’s private industry and higher education," he says. "I think this could be a model that could be replicated across the country."

Authors

Bruce Katz
Judith Rodin

Publication: The Atlantic Cities

The Future of National Security, By the Numbers

Peter W. Singer — Fri, 06 May 2011 12:24:00 -0400

“Figures often beguile me,” Mark Twain wrote in his autobiography, “particularly when I have the arranging of them myself; in which case the remark attributed to Disraeli would often apply with justice and force: ‘There are three kinds of lies: lies, damned lies, and statistics.’”

Most of those who work in the realm of international security would tend to agree with Twain. We have all seen academics spit out statistics and models in a way that was of no actual use to those who cared about the real world. Similarly, we have watched politicians run fast and loose with all sorts of numeric data. The result is that we often more agree with the witty Scottish statesman who said, “You might prove anything by figures.”

And yet, as much as those of us who despised calculus back when we were in school hate to admit it, numbers do matter. The unadulterated cleanness of a number does have a certain way of driving home the truth of a matter, most importantly in cutting through the rhetoric and the often intentional confusion that surrounds complex matters. Figures can show a cold, hard reality that we often want to ignore. As Aristotle wrote, “Numbers are intellectual witnesses.”[1]

Today, we are entering a period in national security that various strategic documents ranging from the Pentagon’s Quadrennial Defense Review (QDR) to the new British Security Strategy have entitled “an age of uncertainty.” We have been left grasping for some type of certainty in everything from threats to resources. So, if looking through the mathematical lens offers “the poetry of logical ideas,” as Albert Einstein claimed, what are the key numbers that we should be paying attention to in trying to understand where we might be headed next in the realm of national security?

$13.7 Trillion

In October 2010, Prime Minister David Cameron issued a new British national security strategy that entailed a wave of cutbacks, including 17,000 fewer soldiers and 25,000 fewer civilians in the British military. Also left on the cutting room floor were all its Harrier jets, several ships including an aircraft carrier, and 40 percent of the army’s tanks. Cameron’s government made this decision not because it wanted to (conservative governments in the United Kingdom have traditionally been defense hawks when it comes to budgets), but because it felt that it was the only way to stave off short-term currency and fiscal crises and a long-term economic security collapse.

While many commentators have focused on what these cuts mean for the British military role in the world, the numbers underlying the report illustrate the type of tough decisions that are also likely looming in American policy circles moving forward. That is, a quick run of the numbers shows that the British conservative government felt obligated to act when facing a fiscal environment that pales in comparison to the U.S. predicament. The United Kingdom had a roughly $242 billion budget deficit and (more useful for comparative purposes) was running almost to a 60 percent debt-to–gross domestic product (GDP) ratio. By comparison, the U.S. debt stands at $13.7 trillion and an 89 percent debt ratio, with the Office of Management and Budget showing the deficit coming in at another $1.3 trillion in fiscal year 2011. In essence, Britain’s nightmare scenario remains America’s blissful normality. If action is not taken to rein this in, the Congressional Budget Office estimated that in 2050, the U.S. gross debt will have reached about 344 percent of GDP.

At some point, these numbers’ growth will become unsustainable for both U.S. economic and national security, and thus the British experience may well be looked to for guidance by American policymakers, either by fellow conservatives or liberals. As in the United Kingdom, most of the savings will have to come out of reduced government spending and dealing with unfunded social welfare commitments (which in the United States are mainly driven by making social security promises that no longer reflect demographic reality), but no one should believe that the debate will spare the defense and foreign policy world. As in Britain, there will likely be an expectation that the pain of any cuts will have to be spread out. Notably, this likelihood seems to be borne out by the various bipartisan debt and deficit reduction task forces that released various reports last fall, all of which brought up the need for tightening a Pentagon funding spigot that has been opened more and more over the last decade.

While Secretary Robert Gates has tried to preempt such cuts with efficiency measures designed to wring $100 billion in savings across multiple years, two realities stand in the way. The first is that the current process is not about actual cuts, but is instead an attempt to shift funds internally. The second is that these measures are unlikely to yield anywhere near $100 billion. For example, the big talk about closing U.S. Joint Forces Command should save at most $250 million—and that is if the entire shop were closed versus the likelihood that many of the offices will emerge intact within other commands. Similarly, a substantial portion of the claimed cuts in the new Department of Defense (DOD) budget offer depends on a changed assumption on inflation figures. Shifting numbers across accounts did not work for Enron over the long term, nor will it work for the Pentagon.

Defense hawks should take solace in the fact that, much like what is likely to happen in the United States, the British number-crunchers found savings but avoided harming current operations. Moreover, the British defense cuts were far less severe (at only one-third of the scale) than those experienced by other agencies of foreign policy, such as the 25 percent level of cuts at the Foreign and Commonwealth Office. (Indeed, if the numbers in the British experience indicate tough times looming for the Pentagon, it indicates cuts to the bone for agencies such as the State Department.)

The exact size of the potential cuts will certainly be a matter of much projection and debate in the coming years (my colleague Michael O’Hanlon, who tends to have a good history at this sort of thing, predicts that DOD ultimately will be asked to find roughly $60 billion in savings), but what is clear is that we are entering an era in which leaders will have to make some actual decisions in defense policy, not only in spending but also in fiscal and strategic priority-setting.

$10,500 per American, $1.3 billion per al Qaeda

The U.S. military’s newspaper, Stars and Stripes, found that at $747 billion spent in direct funds, each American citizen has paid $2,435 for the Iraq War. If one includes indirect spending and broader economic consequences, it comes out to just over $9,000 per citizen. This does not include the roughly $500 billion that will have to be spent in medical and disability compensation for Iraq War veterans over their lifetimes, which comes out to another $1,500, for a total of $10,500 per U.S. citizen. When it comes to dealing with nonstate actors, our investment ratio is even more draining. Defense News found that U.S. military spending on its operation in Afghanistan was just over $1.3 billion per suspected al Qaeda member.

These numbers define the environment of another key aspect emerging in national security: not merely what to spend, but what we can afford to do operationally. That is, if we are entering an “era of persistent conflict,” as our strategy documents project, can we persistently sustain such cost ratios against our foes? Moreover, these numbers are leading many to question whether an approach based on territorial seizure is the best manner for defeating a global nonstate network, and, in so doing, driving an evolution of how the United States conducts counterterrorism.

In the wake of 9/11, when it came to responding to a real (in the case of Afghanistan), or at least publicly claimed potential (in the case of Iraq), terrorist attack, the rejoinders were preemption and “regime change,” the seizure of the territory from which the attack had or might emanate, and the remaking of the government there to ensure it was no longer a terrorist organizing and recruiting ground. These responses, initially framed as counterterrorism missions, gradually shifted into counterinsurgency missions in the midst of civil wars, and U.S. forces became bogged down in local political and ethnic disputes. As David Kilcullen noted in The Accidental Guerrilla, the irony was that such efforts to undermine recruiting by extremists may have made it easier.

Seemingly unable to contemplate the costs for a new operation of such scale, the responses to recent plots of terrorism seem to be moving to another model, or perhaps a “back to the future” model of the cruise missile diplomacy of the late 1990s. Bob Woodward’s Obama’s War outlines that the planned U.S. response to a successful attack on American soil—tracked back to Pakistan—is not to set large numbers of boots on the ground. Instead, the response is a simple expansion of the number of unmanned airstrikes already being conducted there. This is not particularly notable, given that the undeclared U.S. air war in Pakistan has so far hit 202 targets with drones. Similarly, when a series of plots were tracked back to Yemen and Somalia in 2010, other black holes of governance, no one contemplated anything beyond more unmanned strikes and a few covert action teams.

35 Bands, 1 Diplomat

This shift actually makes perfect sense when one looks at the other key numbers that shape this space, establishing the parameters of not just what the United States can afford or not, but also who should carry them out and how.

While counterinsurgencies and nation-building efforts are certainly tough, they are not impossible tasks. Rather, they require a deep and enduring commitment. A RAND study found, for example, that the average length of an insurgency is about 10 years; wars won by the government side (what we are fighting in Afghanistan) take an additional 2 years on average.

For the last decade there has been constant discussion of building up our capabilities to deliver engagement, stability, aid, devolvement, and justice programs on the ground, the nonmilitary aspects so key to success in these types of operations. And yet for all the discussion in leveraging agencies other than the military, the numbers show something else: that nearly 10 years into such fights, Washington still has not faced the deep and enduring commitment part of the battle.

The State Department, for instance, has roughly 6,500 Foreign Service Officers and 5,000 Foreign Service Specialists. They are spread across 265 diplomatic missions, with the Washington, DC, headquarters housing the bulk. When it comes to the actual ability to deliver at the field level where it matters most, the numbers show a hard truth. Roughly 4 percent of the operational budget for Afghanistan goes toward civilian operations. The entire U.S. Government has been able to generate only 13 Provincial Reconstruction Teams (PRTs) there, each of roughly 80 personnel. Moreover, the only way to staff these PRTs has been to draw primarily from the military Services (even though the PRTs do not have a traditionally military role), most often by bringing officers from other taskings (meaning that their background and training do not match the type of aid, development, and reform advisory work the teams conduct). The PRT in Farah, Afghanistan, for example (which was ably commanded for the past year by a Navy officer with a background in helicopter operations), had one State Department civilian advisor for an area roughly twice the size of Maryland and containing 1 million Afghan citizens.

To put this in a numeric comparison, the U.S. Army alone has 35 Regular Army bands, ranging in size from 50 to 250 members. In addition, there are 18 Army Reserve bands and 53 Army National Guard bands. The numbers are on a similar scale for the other Services. These numbers show where we stand between the rhetoric of counterinsurgency and interagency planning and the reality of executing it at DOD as well as non-DOD agencies.

8 Percent of Voters

The reason for this shift in operational responses and the continued lack of capacity may be found within another set of figures: the numbers that tell us about the underlying political support for such expanded operations today, and their likely future.

Again, the important point here is not whether such operations are doable, but whether the intervening party has the long-term will necessary for them. And here, too, the numbers may be painting a different sort of message about the American body politic, one that is increasingly becoming disengaged from foreign policy issues. Indeed, in the last election, less than 8 percent of voters told CNN that their votes were determined by foreign policy issues.

When we look at future trends, the numbers grow worse. I recently completed a survey of over 1,100 young American leaders between the ages of 16 and 24 who have attended National Student Leader conferences and expressed an interest into going into politics and policy. While not all will achieve this goal, it is interesting that in this set of would-be future Barack Obamas and John McCains, 58 percent believed that the “United States is too involved in global affairs,” roughly twice that of older generations. The polling shows there is a strong emerging narrative of isolationism, shaped by their formative experiences of 9/11, Iraq, and Katrina (comparable to the impact of Pearl Harbor or the Kennedy assassination and Vietnam for prior generations). Notably, this is not a trend being driven by the new Tea Party movement, but rather one occurring among young leaders who identify as Democrats or Independents, who are 20 percent more likely to have such isolationist attitudes than young Republicans.

These are just attitudes, which may change or even reverse in the future; the isolationist youth of the 1920s and 1930s, of course, ended up having to fight World War II in part because of such attitudes. But whether it is the strange coalition-building between the left and right wing on withdrawing from Afghanistan or declining new commitments in Yemen, Pakistan, Somalia, or elsewhere, the American public and its policy leaders seem to be steering away from any mission of scale. Indeed, the changing appetite is even illustrated by recent actions in our own hemisphere. In 1994, the fear of a failed state in Haiti led to the deployment of more than 20,000 military personnel, with a broad mandate to uphold democracy. By comparison, after the 2010 earthquake created an actual collapsed state in every sense of the term, the United States sent just over 4,000 troops, with a mandate to get aid in quickly and then get out as rapidly as possible.

18 Months, 1 Billion Times as Powerful

The prime numbers of national security’s future lie not only in dollars, voters, terrorists, or diplomats, but also in how we handle an emerging wave of “killer applications.”

It used to be that an entire generation would go by without one technologic breakthrough that altered the way people fought, worked, communicated, or played. By the so-called age of invention in the late 1800s, these breakthroughs were coming once every decade or so. Today, the ever-accelerating pace of technological development is best illustrated by Moore’s Law, the finding that, over the last 40 years, microchips—and related developments in computers—have doubled in both power and capability every 18 months or so. The total amount of computing power that the entire U.S. Air Force had in 1960, for example, is now contained in a single Hallmark greeting card that plays a little song when you open it.

Moore’s Law predicts that such technologies will be one billion times more powerful within 25 years. While the historic pace of change does not have to hold true (but note that even with a pace one-thousandth as fast as it has historically been, we will still see technologies one million times more powerful within 25 years), it is inarguable that wave after wave of new game-changing inventions are bursting onto the scene with an ever-increasing pace. From robotic planes that strike targets 7,000 miles away to “synthetic life,” manmade cells born out of laboratory chemicals, these astounding technologies grab today’s headlines with such regularity that we have become almost numb to their historic importance.

Looking forward, the range of technologies already at the point of prototyping is dazzling in potential impact. Directed energy weapons, “smart” improvised explosive devices, nanotech and microbotics, bio-agents and genetic weaponry, chemical and hardware enhancements to the human body, autonomous armed robots, and electromagnetic pulse weaponry all may seem straight from the realm of science fiction but are on track to be deployable well before most of us have paid off our mortgages.

This raises two sets of questions: how has our national security structure changed in light of these massive changes in the tools at our disposal (answer: not enough), and how will we deal with the massive changes looming? What makes such technologies notable is not just the new possibilities they open up, but also the difficult issues they raise for policy. Even the first generation of unmanned systems today (the Predator may seem advanced, but it is actually the Model T of the field, already obsolete) has raised deep military, political, moral, and legal questions that touch on everything from when our nation goes to war (the air war campaign in Pakistan that has achieved over 6 times the number of airstrikes as the Kosovo war’s opening round) to the individual experiences of soldiers themselves (many remote warrior units have levels of combat stress and fatigue that are as high as their counterparts physically deployed to the battlespace).

7 Degrees of Security and 1493

But new discoveries do not just affect the tools at our disposal and how we choose to use them; they also can lead to entirely new realms of commerce and conflict that national security leaders must wrestle with. As one Air Force general told me, “The greatest change moving forward is the changing of domains.”

Historically, whenever humans have discovered something of value, they often have fought over it. For example, in past periods of political landscape shift in European history, the discovery of gold and silver in the New World in the 1500s and the scramble for African gold and diamonds in the late 1800s were greater catalysts for diplomatic and then armed conflict among the rising and established powers than was intracontinental behavior.

Similarly, new technologies also shaped the very battlespaces where such powers contended. Through most of human history, for example, we only fought on the land and on top of the sea. Then, at the turn of the last century, technologies that had only recently been the stuff of science fiction (Jules Verne’s 20,000 Leagues Under the Sea and A.A. Milne’s “The Secret of the Army Aeroplane”) allowed powers to fight in entirely new domains, under the sea and in the air, which required entirely new forces to be created to carry out these battles and new laws to regulate them.

Today, the numbers show how a series of 21st-century parallels are emerging. While we are no longer filling in the blank spaces in the world’s map, we are discovering immense value in locales that previously either were not accessible or did not exist, and, in turn, gearing up to fight there.

For example, the white space on the map of the Arctic region has always been a harsh, inaccessible area that no one particularly cared about in policy circles—until today. As a result of the changes that our technologies have wrought upon the global climate itself, the Arctic is warming up and opening up, and thus creating new issues for global security that cannot be ignored. Indeed, global warming appears to be playing out far more dramatically in the Arctic than elsewhere due to two key numeric factors: the sharper angle at which the sun’s rays strike the polar region, and the faster rate at which retreating sea ice is turning into open water, which absorbs far more solar radiation. Thus, the Arctic is seeing temperature increases in the 7-degree range rather than the 2- to 3-degree rises seen elsewhere. As a result, this part of the globe is yielding new and valuable navigable trade routes, as well as potential drilling spots for significant energy and mineral resources (some believe there may be as much oil and natural gas at stake as Saudi Arabia has).

But opening up a new part of the globe yields new security questions; indeed, there has not been such a geographically large area-of-sovereignty issue to solve since 1493, when Pope Alexander VI divided the New World between Spain and Portugal (which, of course, prompted wars with powers left out of this deal for the next few centuries). Thus today, while conflict is by no means inevitable, various players are preparing for a polar scramble. An advisor to Vladimir Putin declared, “The Arctic is ours and we should manifest our presence,” while Canada, Norway, the United States, and even noncontiguous states such as China have started to build up their capabilities to operate in this once forbidding space (the United States has no nuclear-powered icebreakers, while China has two and plans for several more).

947 Satellites, 80 Percent of Communications

Outer space is another domain that was once inaccessible but that is increasing in commercial and military value. Technology has allowed us to turn this place of science fiction into a realm populated by 947 operational satellites.[2] Through these systems now runs the lifeblood of global commerce and communication, as well as (arguably) U.S. military operations. About half of the 175 dedicated military satellites orbiting the world are U.S. military systems. But this only tells part of the story. Over 80 percent of U.S. Government and military satellite communications travel over commercial satellites. As General Lance W. Lord, commander of Air Force Space Command, explains, “Space is the center of gravity now.”

To give an example of the importance of space, global positioning system (GPS) satellites are used to direct the movement of 800,000 U.S. military receivers, located on everything from aircraft carriers to individual bombs and artillery shells. A “glitch” in GPS in early 2010 left almost 10,000 of these receivers unable to log in for days, rendering them useless and their systems directionless.

The result is that starting with the 2001 Rumsfeld Space Commission, which served as the springboard for the former Secretary of Defense’s return to government; the Pentagon has conducted at least 21 studies of space warfare. Of course, as senior colonel Dr. Yao Yunzhu of the Chinese Army’s Academy of Military Science has warned, if the United States believes that it is going to be “a space superpower, it’s not going to be alone . . . it will have company.” The Chinese have aggressively moved into the satellite and launch sectors, with plans to add more than 100 civilian and military satellites in the next decade.[3] They also have a manned program on pace to pass the United States, hoping to place a taikonaut on the Moon’s surface by 2020.

More important to conflict scenarios is that China has demonstrated antisatellite capabilities repeatedly over the past 3 years, with Russia and India, and even a few nonstate actors also at work in the field, indicating that the future of conflict back on Earth will not stop at the edge of the atmosphere for long.

90 Trillion Emails, 90,000 Cyberwarriors

Unlike underwater, the air, the polar cold, or outer space, cyberspace is a domain that not only was inaccessible, but also literally did not exist just a generation ago, which perhaps explains why the current crop of senior leaders seems so flummoxed by it.

The centrality of cyberspace to our entire global pattern of life is almost impossible to fathom, as the numbers involved are so high as to sound imaginary. Almost 90 trillion emails were sent in 2009, at a pace of roughly 47 billion a day. The Internet is made up of some 234 million Web sites, with the number growing at a 25 percent annual rate.[4] The military use is equally astounding. DOD operates 15,000 computer networks across 4,000 installations in 88 countries. While a substantial portion is kept in its own classified version of cyberspace, the Secret Internet Protocol Router Network, DOD computers access the broader Internet over 1 billion times a day.[5] Indeed, former Director of National Intelligence Admiral Michael McConnell estimated that 98 percent of U.S. Government communications, including classified communications, travel over civilian-owned and -operated networks.

But with so much value being located in this new space, it is also becoming a locale for crime, contestation, and even conflict. Symantec identified more than 240 million distinct new malicious programs in 2009, a 100 percent increase over 2008.[6] Many of these are various types of spam and low-level annoyances or criminality, but there is a serious undercurrent. More than 100 foreign intelligence organizations have been reported trying to break into U.S. systems, and known cyber attacks against U.S. Government computers rose from 1,415 in 2000 to 71,661 in 2009.[7] Indeed, the Federal Bureau of Investigation described cybersecurity as the third most important national security threat—a notable designation, considering that its director did not even have a computer in his office until 2001.

While the majority of the focus in public discussion has been on mostly overblown scenarios of “electronic Pearl Harbors” or “cyber Katrinas” (the vast majority of these attacks on U.S. Government Web sites are actually nuisance defacements, the equivalent of cybergraffiti), the numbers show how the real national security danger may lie in the gradual undermining of the U.S. economic and national security edge, especially in innovation and intellectual property. It is estimated that U.S. firms lose approximately $1 trillion a year in business, wasted research and development investment, employee downtime, and added spending due to cyberattacks. The Joint Strike Fighter program, for instance, lost several terabytes of data related to design and electronics systems to a cyber attack. To put this amount of lost information into context, the overall size of the Internet did not reach a single terabyte until around 1997. Such numbers represent not only lost bytes and billions of investment dollars in research, but also 10 to 20 years of lost technological edge in the battlefield and marketplace.

As a result, much as what happened in other new domains, security in the cyber domain is drawing a skyrocketing amount of policy attention, organization, and budget dollars. Much as Marines consider November 10, 1775 (the Corps’ birth date), as the most important day of the year, future cyberwarriors may well celebrate May 21, 2010, the date that U.S. Cyber Command stood up. Nonexistent just a few years ago, this new entity now has 90,000 personnel and acts as the coordinator of over $3 billion in DOD spending on information security.

What these numbers tell us is that war confined to the real world may be passé.

70 Percent Living in the Volcano

The shift in domains is not just a matter of the changes technology has wrought on the world around us; it is also about where we are. And here, too, the numbers show a monumental shift under way, with huge resonance for the future of national security.

To many, the U.S. military has rounded an intellectual corner in the last few years. From the writings of the QDR to the training given to Army captains, there has been an increased emphasis on the ability to navigate the complex geographic and social patterns of simultaneously defeating a guerrilla army while winning tribal elders’ hearts and minds in the midst of perhaps the most rural, remote, and mountainous part of the world.

Yet the rest of the world seems to be going in a different direction than the type of villages we are training for, which remain essentially unchanged from the time of Alexander the Great’s invasion to our own operations in rural Afghanistan. Rather than its rural history, the future of humanity lies in the cities.

In 1800, only 3 percent of the world’s population lived in urban zones. By 2008, it crossed the 50 percent mark and is on pace to reach the 70 percent mark within the next 25 to 30 years, the same period our strategies claim to plan for.

But as we add 3 billion new souls to the planet, 99 percent of them in the developing world, it is not only a move to the cities that is afoot, but a move to cities of ever-increasing size and scale. More than 40 percent already live in cities with populations of more than 1 million. These staggering statistical trends are driving the evolution of the “megacity,” an urban agglomeration of more than 10 million people. Sixty years ago, there were only two: New York and Tokyo. Today there are 22 such megacities—the majority in the developing countries of Asia, Africa, and Latin America. By 2025, there will be another 30 or more.

Most importantly, each of these cities is characterized less by its glittering skyline than by its “megaslums,” the miles upon miles of shantytowns and squatter communities that house millions of young, urban poor, the angry losers of globalization. As Mike Davis writes in Planet of Slums, the city that was once the capstone of civilization and wealth creation is increasingly surrounded by “stinking mountains of shit” that are “volcanoes waiting to erupt.” What this means is that despite our understandable current focus on how to deal with tribal elders in the mountains of Afghanistan, the numbers tell us that the future focus of global security will most likely be an urban one.

This shift is not just because of the mass movement into the cities, but it is also because the city is increasingly where the anger that causes insurgency, terrorism, and war originates. Historically, rebellion and conflict usually started in the rural regions and, only if successful, spread to the city. But as analyst Ralph Peters notes, the 21^st century has seen the reversal of that trend: “Cities are now center[s] of rebellion . . . because the city is dehumanizing, breaking down traditional values and connections.”[8] And for the young citizens of this place, “Habituated to violence, with no stake in civic order . . . there is only rage.”[9]

Moreover, these broken cities are their home turf, the more likely Sherwood Forest to any future insurgent or terrorist than a village or forest itself. Describing a scene that could be straight out of Mogadishu, Fallujah, Freetown, Gaza, Grozny, or Sadr City, Peters notes that cities are where professional forces tend to face more problems, and thus the “future of warfare lies in the streets, the sewers, high-rise buildings, industrial parks, and the sprawl of houses, shacks, and shelters that form the broken cities of our world.”[10]

3 Times the Size

The final change lies within the very people who will increasingly staff the military and will be making the decisions that shape how the United States and its allies react to these changing numbers.

From 1980 to 2005, the U.S. population experienced a historic demographic shift. The generational cohort born in this period—known as the Millennials, Generation Y, or the Facebook and 9/11 Generation—came in at slightly larger than the Baby Boomers in numbers and three times the size of the preceding Generation X. Indeed, these comparative ratios were what propelled Barack Obama into the White House.

This generation has already produced the young voters, soldiers, and diplomats of today, who will in turn be the leaders of tomorrow (and given their numbers, at faster rates and of greater power than the X-ers who now fill middle management roles). Thus, any national security policymaker (and, arguably, boss, teacher, coach, or pastor) who wants to succeed in this future will need to understand this new generation.

The numbers show how this emerging generation brings different perspectives to everything from historic experiences to political and strategic values. They grew up in a world in which there was no divided Germany, cameras lacked film, and the Internet is a primary news source. For instance, Vietnam has been a touchstone experience for American policymakers for the last few decades, creating a lens through which they view the world even today (Newsweek, The New York Times, and Washington Times have all led with stories as to whether Afghanistan is “Obama’s Vietnam”). And yet to a Millennial, the Vietnam War is as distant as World War II is to the Obama White House. Polling has found that young leaders coming of age in the post-9/11 world have far more mixed views of traditional allies such as Israel, Pakistan, or Saudi Arabia, while the shifting demographics of America (becoming over 30 percent Latino, for instance) may well bode changes to the idea that the U.S. focus can be either trans-Atlantic or trans-Pacific only. Indeed, the U.S. population is expected to rise by roughly 142 million over the next four decades, but most of this growth would not be domestic. Newly arriving immigrants would account for 47 percent of the rise, and their U.S.-born children and grandchildren would represent another 35 percent.

Perhaps most importantly, the emerging generation that will shape national security brings its own way of doing things. For example, nearly every business and government agency is now wrestling with the recruitment and management of young workers who have different sets of career goals, who seem to be looking for shorter-term jobs rather than long-term careers, and who are focusing more on “finding their passion” than did previous generations. Has our 1950s-era personnel and benefits system similarly changed?

Having grown up as “digital natives” in a world in which computers always existed and 97 percent regularly use them, this new generation brings vastly different expectations of the technologies that stress our systems and bureaucracies. Indeed, perhaps no organization has faced this in tougher terms than the U.S. military, which has struggled with everything from whether to allow social networking (the Pentagon spokesperson set up Facebook and Twitter accounts at the very same time it was banned at many U.S. military bases) to the slow acquisitions system, which particularly annoys this young and very impatient generation. A young Soldier in Afghanistan, for example, who has yet to get his Joint Tactical Radio System (a multibillion-dollar defense contractor radio system first funded in 1997 but still undelivered) can buy an application for his personal iPhone that tracks sniper bullet flights for 99 cents.

This generation also brings in a different approach to how it uses, processes, and shares information itself. Prior generations had information pushed to them and were taught to hoard it, whether they were students taking a test or policymakers shaping a nation’s foreign policy. By contrast, Millennials tend to have a “Google mindset.” Information’s value lies not in its limitation, but in its distribution. Knowledge is valued not in terms of ownership, but rather in accessibility, how easily it can be “pulled” and applied to rapidly changing problems.

The outcome of this is different patterns of thinking. As an example, this generation is amazingly adept at multitasking; I once watched a young Airman sitting behind a bank of computer screens at a Combined Air Operations Center in the Middle East simultaneously working within 36 different Internet chatrooms, each an airstrike mission. But as any parents who have had the experience of speaking with their children at dinner while they text under the table could attest, this multitasking sometimes comes at the price of reflection and long-term problem-solving.

Unfortunately, what psychologists are calling this “continuous partial attention syndrome” could describe not only our young men and women, but also perhaps our nation as a whole. We are getting very good at multitasking, but it is hard to see much strategy in terms of directly facing the realities that the above numbers raise. And for that our nation could pay a tragic price.

One could draw differing lessons and conclusions from the key numbers above of national security, and indeed how to face them should lie at the heart of any policy debate moving forward. And they will surely evolve and change. But as Stendhal once wrote, the beauty of numbers lies in the fact that they “allow for no hypocrisy and no vagueness.” No one seriously wrestling with understanding, planning, and preparing for the national security world of today and tomorrow can afford to ignore the cold, hard reality that each of these statistics and figures underscores about the deep challenges we face in rapidly our changing world.

[1] Aristotle, The Metaphysics (10f–1045a).

[2] Union of Concerned Scientists Satellite Database, available at <www.ucsusa.org/nuclear_weapons_and_global_security/space_weapons/technical_issues/ucs-satellite-database.html>; and the United Nations Convention on Registration of Objects Launched into Outer Space, available at <www.unoosa.org/oosa/en/SORegister/regist.html>.

[3] Peter Brookes, “The Not-So-Final Frontier,” Armed Forces Journal, June 2008.

[4] See “Internet 2009 in numbers,” January 22, 2010, available at <http://royal.pingdom.com/2010/01/22/internet-2009-in-numbers/>.

[5] Eric T. Jensen, “Cyber Warfare and Precautions against the Effects of Attacks,” Texas Law Review (June 1, 2010), available at <www.allbusiness.com/government/government-bodies-offices/14878449-1.html>.

[6] “Symantec Report Shows no Slowdown in Cyber Attacks,” available at <http://h30458.www3.hp.com/us/us/smb/974594.html>.

[7] Jensen; Gary McAlum, “U.S.-China Economic and Security Review Commission, Hearing on China’s Proliferation Practices, and the Development of its Cyber and Space Warfare Capabilities,” hearing before the U.S.-China Economic and Security Review Commission, 110^th Congress, 2^d Sess., May 20, 2008; author telephone interview with staff member, U.S. Strategic Command, August 28, 2009; author email interview with staff member, U.S. Cyber Command, August 17, 2010.

[8] Author interview with Ralph Peters, Washington, DC, March 29, 2007.

[9] As quoted in Christopher Coker, Waging War Without Warriors? The Changing Culture of Military Conflict, IISS Studies in International Security (Boulder, CO: Lynne Rienner, 2002), 10.

[10] Ralph Peters, “Our Soldiers, Their Cities,” Parameters (Spring 1996), 43.

Authors

Peter W. Singer

Publication: Joint Forces Quarterly

The State of Global Governance: An Audit

Hakan Altinay — Tue, 26 Jan 2010 00:00:00 -0500

Management of transnational issues through voluntary international cooperation has come to be referred as Global Governance. The term sounds like global government, but it is really the opposite, as it refers to management of the transnational challenges in the absence of a world government. Neither transnational challenges, nor attempts to manage them are new. We have had things like the Rhodian Law of the Sea, which provided a framework to govern maritime losses. The Hawala system has worked over a thousand years through the proactive participation of countless actors across South Asia, Middle East and the Mediterranean. The Hanseatic League provided an early glimpse of true multilateralism. Nevertheless, the depth and breath of current international cooperation around transnational issues is unprecedented.

Let’s review some of the manifestations of our existing international cooperation: It took several decades to develop a system to have telegrams across national borders. And yet, today owners of four billion mobile phones have a reasonable expectation that their phones will work seamlessly when they travel to another country. World GSM operators have agreed to sensible standard practices such as every operator dedicating 112 to emergency services.

At a mundane level, money can be wired across countries with tremendous speed and little inconvenience. SWIFT, the Society for Worldwide Interbank Financial Telecommunication, and IBAN, International Bank Account Number, are two systems which expanded to many a task which would not have been routine even for Rothschild.

We cooperate around the internet actively and every day. Tremendous amount of data, information and knowledge is open to all 6.7 billion of us. Encylopédistes of the 18^th century would be awe-struck by what is available through Wikipedia, JSTOR, Google Scholar and the like. Popular VOIP facilities such as Skype have rendered international telephony, a facility not available to Napoleon or Cengiz Khan, practically cost free for billions. CreaticeCommons is becoming a popular alternative to conventional trademarks practices. And, we all have access to trans-border broadcasting through satellite TVs, which makes diverse ideas, lives and sufferings accessible to great many, and nurturing awareness and a feeling of common humanity along the way.

We have assumed that traditional sovereign competencies of national states have been more resistant to international cooperation schemes. However, countries have the facility to ask other countries to apprehend criminal suspects through Interpol, which reports to have enabled 5,600 arrests in 2008. This is not a minor achievement.

We have rules governing safety at sea, pollution, and even a system for a global maritime distress, search and rescue system. There exists an audit scheme, albeit a voluntary one, to monitor compliance. Furthermore, we have a way to allocate satellite orbits, and the system is working with relatively little discontent.

We have mechanisms for global health challenges and even some vital successes. Small pox has been eradicated though international cooperation; And polio may be next. The world has had the wherewithal to come up with ad hoc responses when traditional mechanisms did not suffice; The Global Fund to Fight TB, AIDS and Malaria is one such ad hoc response with encouraging results. We have also managed to cooperate to protect the genetic diversity of our main crops, and have established the Global Crop Diversity Trust.

The world has demonstrated crucial capacity to identify ozone depletion as a potential problem with global consequences, and was capable of hammering out a set-up where the ozone depleting gases have been phased out. The basic grammar of the ozone problem is not very different from the climate change predicament, and the Vienna Convention and the Montreal protocol are no small accomplishments.

The first example of an international normative campaign for global rules was the anti-slavery movements of 19^th century, and their efforts took more than 50 years to produce the first international treaty on the issue. Another seemingly gargantuan task was around the land mines, one of the most popular ammunition of armed forces around the world. In the latter case, it took a mere seven years for a global consensus to be achieved, and for this once-popular weapon to be outlawed. There is now a new movement to establish norms concerning the trade and transfer of small weapons, which are responsible for many more deaths than nuclear weapons.

Another very significant development was the formation of the International Criminal Court. Not all the states are party to the International Criminal Court, and yet the mere existence of ICC would surpass even the most optimistic utopias of the multilateralists from the last century.

Amartha Sen has recently warned us against excessive fascination with ideal justice at the expense of multiple and seemingly disjointed ways of decreasing injustice. The patterns of global cooperation of the last decades seem to support Sen’s argument. Progress has been uneven and less than ideal, but, on balance, we should be encouraged by the advance of international cooperation and global governance on these multiple tracks. The more visible absence of progress is the exception, and should not be the basis of a debilitating cynicism; We need to celebrate our accomplishments and in the process muster the energy to overcome remaining challenges to a fuller global cooperation.

Two glaring gaps in the existing global governance schemes are effective procedures for Responsibility-to-Protect, and of course a framework to thwart climate change. One of the earliest modern attempts to set transnational norms was around proper conduct during the time of war. The first Geneva Convention dates back to 1864. Humanity has been aware of the ultimate crime of genocide, and has profusely sworn not to let it occur again since 1940s. Yet, what has come to be known as the Responsibility to Protect, has been systematically abdicated. As long as humanity is organized primarily through national states, there is an inherent problem to send national armies to harm’s way without clear national interest. Yet, that is not the only option we have. Humans have always taken up arms in other countries for their beliefs. The international brigade at the Spanish Civil war is the most celebrated example, but the practice is older. UN needs to have a mechanism to accept volunteers; ensure adequate representation of all regions so that no particular group ends up dominating the UN Army at any given conflict; and, of course ensure their discipline during their mission as there are too many examples of presumed rescuers harassing the very people they are meant to rescue. One can even imagine a set up where not just UNSC but UNSG or the college of all former UNSGs can endorse a given mission, so that action cannot be held hostage to veto by P5.

Climate change is clearly the most pressing issue facing us. Business as usual means that we will soon cross the point of no return in triggering a chain reaction of catastrophic results for human existence and civilization on Planet Earth. The qualities of the underlying dynamics make climate change an especially difficult challenge: There is some 30 years between cause and effect; that is carbon emissions and the full consequences of those emissions. The fact that significant percentages of adults continue to smoke demonstrates that humans find it difficult to give up immediate gratification in anticipation of deferred costs in 30 years. As such, climate change is the collective action problem from hell. After years of neglect, denial and foot dragging, humanity now seems to have harnessed the wherewithal to address climate change. No other challenge we face brings home our epic interdependence. Therefore, a solution to the climate change challenges could serve as the paradigm for solving other global public goods problems.

Ours have been a story of trial and error, and slippages as we found ways to cooperate across border, a process which we began thousands of years ago. The audit of current state of international cooperation and global governance patterns show that perseverance, creativity, pragmatism and vision are the answer, not despair or cynicism.

Authors

Hakan Altinay

Publication: YaleGlobal Online

Expanding the Financial Services Frontier: Lessons From Mobile Phone Banking in Kenya

Mwangi S. Kimenyi and Njuguna S. Ndung'u — Fri, 16 Oct 2009 12:00:00 -0400

A large proportion of households in developing countries lack access to financial services, which impedes economic growth and development. A large body of evidence shows that access to financial services, and indeed overall financial development, is crucial to economic growth and poverty reduction. Yet in Sub-Saharan Africa, only 1 in 5 households have access to financial services. In 2007, over 70 percent of Kenyan households did not have bank accounts or relied on informal sources of finance. In 2006, there were only 35 bank branches in Benin, a country with a population of 7 million. This lack of formal financial services limits market exchanges, increases risk and limits opportunities to save. Without formal financial services, households rely on informal services that are associated with high transaction costs. Thus, increasing access to formal financial services to the majority of households in developing countries remains an important policy goal. It has also been recognized that even for those with bank accounts, physical distances to branch banks or points of financial service adds significantly to transactions costs.

Traditionally, mainstream financial institutions in developing countries operated under the premise that low-income populations do not save and are bad borrowers, and therefore, institutions that provide services to the poor are essentially unsustainable. However, the microfinance revolution effectively shuttered these myths by demonstrating that when poor households have access to financial services, not only do they save, but, they also have high repayment rates when they borrow. Thus, financial institutions that extend services to those households can be profitable and sustainable. Nevertheless, while microfinance institutions have made financial services available to millions of poor households worldwide, this still represents a tiny fraction of the population in developing countries and the majority lack access to formal financial services. However, the traditional approach of branch-banking requires substantial investments in both infrastructure and personnel, and thus is not an effective in reaching millions of unbanked households, especially those in rural settings.

In Kenya, the last three years have seen dramatic changes in the financial sector landscape. First, commercial banks recognized that lowering barriers to entry (no requirements of minimum balances in opening bank accounts) can increase retail accounts. Second, banks realized that lowering costs of transacting across other bank accounts attracts more customers to open accounts. As a result of these changes, the number of bank accounts has increased from 2.3 million in 2006 to about 6.7 million in July 2009. Equally, deposits increased from Ksh 540bn (US$ 7.2bn) in 2006 to Kshs 950bn (US$12.6bn) in July 2009. This growth notwithstanding, many Kenyans still do not have access to financial services.

Technological innovations have now made it possible to extend financial services to millions of poor people at relatively low cost. A case in point is mobile telephone money transfer services that allow mobile phone users to make financial transactions or transfers across the country conveniently and at low cost. Kenya’s mobile payment service, known as M-PESA, provided by the main mobile phone company, Safaricom in conjunction with Vodafone, represents a good example of how low-cost approaches that use modern technology can effectively expand the financial services frontier. Today, millions of Kenyans use M-PESA to make payments, send remittances and store funds for short periods. Many of those without bank accounts are able to use this service, at low risk and cost. As noted in a recent article in the Economist (September 26, 2009), Kenya’s M-PESA is probably the most celebrated success story of mobile banking in a developing country. What started as a mobile money transfer has become a success story of financial services development with a technological platform that makes it cost effective and safe.

Innovations that extend non-standard means of financial services to millions hold potential to reach those without bank accounts at low costs, but can also be associated with various risks with the potential to destabilize the financial system. Although M-PESA has expanded at an extremely fast pace, access has not been achieved at the expense of financial stability. In essence, expanding access need not result in instability if appropriate regulatory and supervisory safeguards are in place. Although the success of M-PESA is as a result of a multiple of factors, we make the case that the primary factor is creation of an enabling environment through the establishment of prudent oversight that guarantees the simultaneous achievement of access and financial stability. In addition, investment in background research and continued improvements of the operating platform has ensured safety of the transactions. As other countries seek to expand access to financial services through mobile phone banking, there is need to take into account the possible trade-off between access and financial stability. In particular, regulatory oversight must not lag technological innovations.

This note highlights the importance of mobile phone banking to Kenya’s economy and especially in regard to its success in extending the financial services frontier. The note also discusses policy lessons emanating from the success of mobile banking in Kenya including a conducive environment for business, private sector-public dialogue in the formulation of policy, prudent oversight that keeps abreast of innovations and removal of barriers to entry into both supply of mobile telephone and banking services.

Growth and Significance of Mobile Phone Banking to the Kenyan Economy

M-PESA was introduced in March 2007. At inception, M-PESA operated on one commercial bank platform, but currently it has moved to other banks, which provides evidence that it has led to financial sector growth rather than contribute to risks and instability. In July 2007, there were 268,499 registered M-PESA customers and by July 2009, the number of registered customers was 7,387,980—an increase of 2,652 percent. This is about 21 percent of the population of 35 million covered in a two-year period. Also impressive has been the increase in the number of monthly transactions, which increased by 4627 percent over the same period (354,298 in July 2007 to 16,747,419 in July 2009). In July 2007, the total value of monthly transactions (deposits and withdrawals) was Kenya Shillings 1.065 billion (US$14.2 million). This figure was Ksh. 40.176 billion (US$535.6 million) in July 2009, a growth rate of 3671 percent. These numbers show impressive growth in the utilization of mobile payments within a relatively short period of time. But several factors are important as well: first, the level and speed of adoption has been quite impressive because, perhaps, its safety coupled with financial vibrancy and stability in this period. Second, this is a financial service with low value and high volume, generating substantial returns and creating job opportunities. The minimum payment per transactions is Ksh 35 (US$0.46) and currently there are about 12,300 agents in the country.

The significance of mobile banking to the Kenyan economy is better captured by looking at the value of M-PESA transactions relative to the commercial bank deposits and also the country’s GDP. In July 2007, the value of M-PESA transactions was about 0.17 percent of commercial bank deposits. In July 2009, the value of M-PESA transactions was 4.36 percent of commercial bank deposits. Kenya’s annual GDP in 2008 was estimated at US$ 30.24 billion. Yet in July 2009, M-PESA transactions during the month of July 2009 alone accounted for US$ 535 Million. Clearly, mobile banking is a significant aspect of the Kenyan economy and this is likely to be even more important as other providers enter the market.

The data also does not show the significant improvements and cost savings associated with using the service. Money transfers to pay for services, including weekly labor in remote parts of the country, have transformed life in rural Kenya and revolutionalized national payments system.

Lessons From Kenya’s Mobile Banking

The Kenyan experience with mobile phone banking is testimony to how technological innovations coupled with a supportive policy environment and appropriate oversight can expand the financial services frontier. Nevertheless, mobile banking in many other countries has not met the success recorded in Kenya. We focus on the lessons emanating from the experience of mobile banking in Kenya.

Conducive Environment for the Private Sector

During the 1990’s, Kenya lagged behind some African countries, such as Tanzania, in mobile phone penetration rates. This was primarily because of artificial barriers to entry erected by the government. However, this changed with the government taking a more liberalized stance and making it possible for competitive supply of mobile telephony, especially regarding the dismantling of the state monopoly. The enabling legislation “the Kenya Communication Act” that was implemented by the Communication Commission of Kenya (CCK) has provided an environment that has facilitated reforms in the telecommunications sector and has seen mobile telephony expand exponentially, providing a base for successful mobile banking as a value-added service. The mobile phone penetration rates increased rapidly starting in 2000 while the cost of mobile telephony decreased sharply. In 1999, there were 15,000 mobile phone subscribers. The number of subscribers had increased to 3.4 million in 2004 and to 16 million in 2008. With the rapid growth in ownership of mobile phones, suppliers have exploited the opportunity to compete on various margins. Other aspects of Kenya’s private sector environment that has helped in the expansion of the mobile phone market and mobile banking include an increasingly efficient tax system and a stable legal structure governing both domestic and foreign investments. In addition, the policy of the government is to promote and support innovation and the country’s current development planning emphasizes the fact that its economic development will be driven by innovation.

Thus, the first lesson for successful mobile phone banking is that developing countries must focus on creating a conducive environment for the private sector in order to attract investors into the mobile phone sector and also ensure that the market is open to competition.

Private-Public Policy Dialogue

A major shift in the way that the government of Kenya approaches policy making has been the opening up to dialogue with the private sector. In the process of introducing new technologies such as M-PESA, the private sector and relevant government authorities (Central Bank of Kenya, Ministry of Finance, Communication Commission of Kenya, and the Ministry of Information and Communication,) have engaged in consultations to ensure that that the providers receive the necessary support from government and also evaluate possible repercussions of new products to the integrity of the financial system. We believe that it is critically important for countries to engage with the private sector.

In implementing policies on mobile telephony and banking in Kenya, the role of private sector advocacy has been appreciated and adequately accommodated by the relevant authorities. Of importance has been advocacy based on well founded research. In this respect, we believe that the input of the private sector in the policy making process is more effective when private sector presents positions that are backed by evidence.

Balancing Access with Stability

Technological innovations in provision of financial services may result in situations whereby the appropriate legislation lags the innovations. One policy approach would be to not allow new products until appropriate legislation was in place. However, given that most often the process of enacting legislation takes a long time, such an approach risks the possibility of stifling innovation and thus undermining access. The other alternative is to allow products into the market and then enact legislation. This approach would achieve the goal of access but could associate with financial instability. In Kenya, the strategic policy choice has been to allow technological innovations in mobile banking, but under prudent monitoring and review to ensure that the integrity of the financial system is maintained. The Central bank of Kenya was proactive in that, together with the Ministry of Finance, it amended the Central Bank of Kenya Act in 2003. This enhanced its mandate whereby section 4 (A) (1) (d) mandates the Bank to “formulate and implement such policies as best to promote the establishment, regulation and supervision of efficient and effective payment, clearing and settlement system.” At the institutional level, the Central Bank of Kenya has undertaken various strategies to enhance the oversight capacity effectively keeping abreast of innovation and technologically driven financial services. This has made it possible to increase access to financial services but at the same time maintain stability.

In their desire to expand access to financial services through mobile banking, relevant authorities must seek to balance access and stability. In particular, it would be extremely unwise to expand access at the expense of financial stability and integrity of the payment system. Countries that do not have adequate supervisory capacity of their payment system would be ill advised to allow new technologically-driven financial products and should carefully weigh the potential costs of instability. Some vulnerabilities of mobile phone banking that can destabilize the financial system and lower the efficiency of the payment system include fraudulent movement of funds, network hitches, mismatch of cash balances at the pay points, and problems that associate with high velocity of funds making it difficult to stop suspect transactions.

Ensure a Contestable Market

The rapid expansion of M-PESA reveals that there is a risk that the market could be dominated by initial entrants. Such a result could create uncompetitive outcomes raising consumer protection concerns. In countries where there is only one provider, it would be important for authorities to monitor the pricing of mobile banking services. Nevertheless, the best strategy is ensuring that other providers can enter the market for mobile banking. In Kenya, another company, Zain, has introduced a mobile banking service known as Zap. Other providers are also expected to enter the market. The result is a contestable market where, although there are only a few providers, the threat of entry is sufficient to protect consumers and ensure that pricing is competitive.

Mobile phone banking has opened opportunities for many Kenyans and others in developing countries. The rapid growth of mobile phone banking in Kenya is evidence of the great need for low-cost financial services in developing countries. This growth is expected to continue and to benefit other sectors of the economy and thus contributing to economic growth in the country. The note has highlighted some of the main factors that have contributed to the growth of mobile telephony and successful mobile phone banking. We have also emphasized the fact that such innovations, while extending financial services to many, can also compromise the integrity of the financial system and we have cautioned that relevant authorities must be careful to ensure that oversight capacity does not lag behind innovations.

Downloads

Download

Authors

Mwangi S. Kimenyi
Njuguna S. Ndung'u

Information Technology and Development: Beyond ""Either/Or""

James B. Steinberg — Sat, 01 Mar 2003 00:00:00 -0500

After years of drift and inattention to the problems of global development, during the past half decade the international community has dramatically increased its focus on strategies to help the people of the world's poorest countries share in the benefits of globalization and escape the traps of poverty, disease, and lack of education. The decision of the world's leaders at the United Nations Millennium Summit in September 2000 to adopt eight specific development goals provided an agreed political benchmark for measuring progress. Left open, however, were crucial issues about how best to achieve those goals.

A key unanswered question is the potential contribution that information and communication technology (ICT) can make to this effort. The question is not new. In 1984 the Commission for Worldwide Telecommunication Development (the Maitland Commission) issued an influential report, The Missing Link, citing the lack of telephone infrastructure in developing countries as a barrier to economic growth. The advent of the global information technology revolution in the 1990s set off a heated, sometimes acrimonious debate among development specialists and policymakers about the place of ICT in development.

On the one hand are those who see wiring the global South as a way to transcend decades of painful economic development and catapult even the poorest countries into the information age. As United Nations Secretary-General Kofi Annan observed in his Millennium Report, "New technology offers an unprecedented chance for developing countries to 'leapfrog' earlier stages of development. Everything must be done to maximize their peoples' access to new information networks." Proponents of this view not only stress the potential benefits of ICT but also argue that in an increasingly globalized economy, countries that fail to "get connected" will fall further and further behind.

At the opposite end are those who assert that "you can't eat computers." In the words of Microsoft's Bill Gates, "Let's be serious. Do people have a clear view of what it means to live on $1 a day? . . . There are things those people need at that level other than technology. . . . About 99 percent of the benefits of having [a PC] come when you've provided reasonable health and literacy to the person who's going to sit down and use it." Investing in ICT for poor countries, they argue, draws precious resources away from more urgent development needs. The lack of critical infrastructure, such as adequate energy grids, and of education keeps citizens of poorer countries from tapping ICT's potential.

Modern ICT began to have an impact in some developing countries even before widespread adoption of the Internet. In Brazil, for example, the computer industry accounted for more than 74,000 jobs and $4 billion in revenue by 1990. In 1988 India launched a set of policies that fostered a software-development industry whose exports grew to $5.7 billion by 1999-2000.

But the explosive growth of the Internet in the mid- to late 1990s drew increasing attention to the so-called digital divide. Just how serious is the gap? For telephones, the picture is mixed. In 1991, total telephone penetration (fixed plus mobile) per 100 inhabitants stood at 49.1 for the developed world, 3.3 for emerging economies such as Eastern Europe and China, and only 0.3 in the least developed countries (LDCs). By 2001, the gap between developed (121 per 100) and emerging (18.7) had narrowed considerably (from a ratio of 15:1 to 6:1), but that between emerging countries and LDCs had grown (from 12:1 to 17:1). For the Internet, the gap remains significant, although bright spots exist. China, for example, saw a 75 percent increase in Internet users, to 59 million, from 2001 to 2002, making it the second-largest Internet-using country in the world (in addition to being the largest mobile telephone market). Africa now has 5 million Internet subscribers. Moreover, according to the IMF World Outlook, 2001, "The rate of diffusion of IT to developing countries has been rapid compared to earlier all-purpose technologies" such as railroads. But today, says the International Telecommunications Union's World Telecommunications Report 2002, "[T]he 400,000 citizens of Luxembourg between them share more international bandwidth than Africa's 760 million citizens." In October 2000, 95.6 percent of all Internet hosts were in the industrialized countries; Africa had only 0.25 percent and its share was falling.

Taking Action

Growing awareness of the digital divide spurred several initiatives by the developed world and the international organizations responsible for development, including the United Nations Development Program (UNDP) and the World Bank. At its July 2000 summit the Group of Eight (G-8) industrial countries created the Digital Opportunity Task (DOT) Force. The DOT Force, composed of representatives of G-8 and developing countries, as well as members of industry and nongovernmental organizations, was asked to make concrete recommendations for fostering policy, regulatory, and network readiness; improving connectivity; increasing access and lowering cost; building human capacity; and encouraging participation in global e-commerce networks. Its report, Digital Opportunities for All: Meeting the Challenge, became the basis of the Genoa Action Plan, adopted at the G-8 2001 summit. The focus of the plan was on "mainstreaming" ICT as an essential component of overall development strategies "as a fundamental tool for reducing poverty and for spurring sustainable development."

The private sector also stepped up. In January 2000 the World Economic Forum launched its Global Digital Divide Initiative involving leading ICT, communications, and media executives. Hewlett Packard announced a $1 billion "World e-inclusion" program to sell, lease, and donate products and services to developing countries. Cisco Systems (in partnership with the ITU) set up Internet training centers for students and ICT and telecommunication professionals in the developing world.

The increasing international attention to the digital divide has moved to the forefront a key policy question—just how significant is the divide for the overall prospects for developing countries, and what role should closing that gap play in overall development strategies?

Four characteristics of ICT make it an attractive element of any strategy to meet development challenges. First, ICT is highly versatile. It can be tailored to meet a variety of diverse challenges and need not be "purpose built." The same network, server, and peripheral devices (such as PCs or cell phones) can help support distance education and remote health delivery and connect rural communities to global markets. Second, ICT can help transcend barriers of geography. It allows individuals and entities anywhere in the world access to the same information without the time and cost associated with physical transportation, an advantage substantially enhanced by the advent of wireless and satellite communications, and voice-over-Internet protocol long-distance service. Third, it allows users, even in poor and small communities, to harness the benefits of scale and "network effects" (the exponential increase in value that comes with each additional user). Finally, it facilitates the transfer of know-how across the full spectrum of knowledge, allowing developing countries to reap productivity gains and harness state-of-the-art technology.

Several problems have nevertheless impeded the widespread adoption of ICT in the developing world and led to some deep disillusionment. Images of unused computer screens in rural schools and telecenters attest to good intentions gone awry. Among the reasons for ICT's failure to deliver on some of its more overheated hype are lack of skilled workers to maintain equipment and train potential users, inadequate infrastructure (such as electricity), poor government telecommunication policies that have put costs for interconnection out of reach, and lack of applications tailored to meet the unique needs of developing countries (including language barriers).

ICT's Development Potential

Assessing the potential value of ICT in supporting development requires addressing the three different channels through which it could work: its inherent worth in bringing new ideas to those outside the global mainstream; its part in helping to achieve specific development objectives; and its role in fostering broader economic development.

First, ICT has enormous potential to enrich the lives of people everywhere—regardless of any instrumental role it may play in meeting broader development needs. These technologies can help bring ideas and experience to even the most isolated, opening to them the world outside their village, town, and country—including family members and friends who have moved away. It also allows their experience to be shared with the world at large, at the tap of a keystroke or the touch of a cell phone keypad. The case for including information technology in development strategies would be strong even if it contributed little to explicit development goals. ICT can also empower individuals to participate in the social and political institutions of their community, giving voice to those who have traditionally been excluded.

Second, ICT-based solutions have already proved their value in addressing several specific challenges identified in the UN's Millennium Development Goals (MDG). Health care workers in more than 150 countries, for example, are using Health Net to bring needed expertise and help deliver health services in underserved, often remote communities. Distance learning initiatives, such as those at the University of South Africa, are training a new generation of teachers, who are critical to meeting the MDG's objective of universal primary education by 2015. The contribution of ICT is not confined to Internet-related projects: radio- and telephone-based services, for example, are making real contributions in areas such as training for health workers in Uganda and Kenya.

Third, in the end the key to self-sustaining development is economic growth. Although supporters have a strong intuitive sense that ICT can make a significant contribution to economic growth by increasing productivity, the empirical evidence remains somewhat uncertain. Anecdotal evidence suggests that effective use of ICT does, at least under some circumstances, make a difference. In the first place, it can provide an important source of income. India's software sector attests to as much. And Costa Rica has attracted some 32 foreign electronic firms since 1995, including Intel and its investment of more than $1 billion. Even more important in the long run, however, ICT can strengthen overall productivity in developing countries by increasing efficiencies and technological competitiveness and by linking local producers to global markets. The experience of Estonia, which sought to overcome its lack of natural resources and outdated manufacturing sector by embracing an all-encompassing strategy of promoting ICT throughout its society and economy is an example of ICT's potential. A recent study analyzing the positive impact of access to telephones on income in rural China has helped further our understanding of the ways in which ICT can contribute to overall development.

Other studies seem to confirm that with the proper "enabling environment," developing countries can increase their rate of adoption of ICTs, a valuable, though not sufficient, condition for accelerating economic growth.

In 2001 a report by the Digital Opportunity Initiative, a collaboration between the Markle Foundation, the UNDP, and Accenture, identified five core elements to a comprehensive approach to create such an enabling environment—infrastructure (the hardware and "pipes," physical and wireless); human capacity (skilled individuals who can maintain, adapt, train, and use the technology); government policies (telecommunication policies that facilitate the adoption of ICT, along with sound governance and trained regulators more generally); content (applications geared to the specific need of developing communities, such as local language and tools for rural agricultural development); and support for enterprise (much of the ultimate gains from employing ICT largely stem from a vibrant private sector, but the public sector too can improve productivity and performance through ICT).

Although getting each element right can make a significant contribution, an integrated strategy offers the best promise for greatest gain. As a result, many developing countries—from Tanzania to Kyrgyzstan—are beginning to adopt "national strategies" to address in a comprehensive way these various elements. A key to success is to bring together all the stakeholders—government, the local private sector, and civil society, as well as the donor community—both to develop the plans and to oversee their implementation. Studies suggest that local "ownership" and the involvement of stakeholders is especially critical to successfully harnessing ICTs.

How can the developed world help developing countries make effective use of ICTs? The lesson of the 1990s was that simply providing technology will have marginal impact. This supply-side approach has led to inflated expectations and mistrust that the purveyors of the technology care more about opening markets than helping the poor. Rather, the idea behind mainstreaming ICT into a broader development context is to seek ways to leverage ICTs to achieve core objectives. Sharing expertise (such as training programs for policymakers and regulators in the developing world) and best practices is often more valuable than the hardware itself. Recognizing the limits on the role of official assistance is also critical. Ultimately the broad-scale adoption of ICTs in the developing world will depend on the private sector. But government assistance can play an essential role, both in providing public goods and in helping to create the enabling environment that will encourage private investment.

For developing countries to benefit fully from the ICT revolution, they must have a voice in setting the policies that will affect them—and that voice must be heard not simply in organizations involved in development policy, such as the World Bank and UNDP. On issues ranging from international telephone tariffs to spectrum allocation to property rights, in institutions ranging from ICT-specific groups like the ITU and ICANN (the Internet Corporation for Assigned Names and Numbers), to the multisector World Trade Organization, key decisions are often made with little or no input from the poorest countries. All these institutions will need to take concrete actions ranging from increased transparency, to technical assistance, to training and financial support if these nations are to overcome structural barriers to participation.

Debate on the place of ICT in development has moved beyond the black-and-white arguments of proponents and skeptics in the 1990s. These new technologies, it is now clear, are not an end in themselves. Nor will a one-size-fits-all approach work—the challenges faced by developing countries vary too greatly by history, geography, and level of economic attainment. In particular, the challenges facing larger countries and economies (even where the overall level of poverty is high) differ considerably from those facing smaller nations whose internal markets are small and who are thus critically dependent on linkage to markets and knowledge beyond their borders. But evidence is growing that ICT is a potentially powerful tool when used judiciously as a part of an overall development strategy. The challenge, both for developing countries and for the broader international community, is to build on the experience to date to make these tools available to the stakeholders who are best positioned to adapt and apply them to their most pressing needs.

Authors

James B. Steinberg