The United States fights another counterinsurgency -- in cyberspace
On Jan. 25, the New York Times published a story that discussed a cyberwarfare exercise conducted earlier this month inside the Pentagon. The purpose of the exercise was to examine how top civilian and military leaders would respond to sudden cyberattacks that targeted the country's power grids, communication systems, or financial networks. According to the article, the result was confusion and paralysis -- the Pentagon decision makers did not know where the attacks came from, who instigated them, or whether they even had the legal authority to respond.
COMMENTS (1)
More...
Cyberwarfare has characteristics that are similar to the matchup between insurgents and counterinsurgents. Like an insurgent picking up a rifle or a homemade bomb, the cost of becoming a cyberwarrior is minimal. Like insurgents, cyberwarriors hide among the population and do an even better job at remaining anonymous. Their anonymity provides leaders with plausible deniability if they desire it. Even more than insurgents, they are inaccessible to counterattack and are not subject to deterrence. Worst of all, it is the cyberwarriors and not the U.S. military, who enjoy "escalation superiority" -- the more a cyberwar escalates, the worse things would get for the United States.
It is therefore very timely that the Center for a New American Security published a report this week on protecting the global commons, the maritime, air, space, and cyberspace realms through which people, commerce, ideas, and military forces flow.
Chapter Five of the report focuses on the threats to cyberspace. How should the United States deal with the threat of malicious cyberattacks on its infrastructure? The authors of this chapter draw an analogy to how officials in the public and private sectors coordinate their actions during a public health threat, such as a flu outbreak. There is a no single action that brings flu under control. Success requires a wide variety of actions, including data collection, public service announcements, the targeted distribution of vaccines, and individual self-help, such as voluntary isolation and hand-washing. According to the authors, the same pattern of responses applies to a computer virus attack.
Yet in at least one sense, the analogy breaks down. A bad flu outbreak is a random act of nature. National governments and populations have an incentive to cooperate on containing these outbreaks and generally appear do so. At least it doesn't appear to be the case that countries or non-state actors are engineering flu bugs, deliberately distributing them, or actively disrupting efforts to contain their spread.
According to the CNAS authors (see page 149), the Russian and Chinese governments have been doing exactly this in cyberspace. If a nation-state were found to be deliberately distributing a flu virus, it seems reasonable to assume that sanctions and a quarantine of the offender would follow. Cyberattackers have yet to kill somebody, at least directly. Perhaps this is why they still enjoy virtually complete impunity.
The U.S. government understands the country's vulnerability to cyberattack and is attempting to organize a defense. Yet at the same time, most Americans view cyberspace much like the air or oceans, an open and neutral commons. By contrast, various non-state actors, along with the Chinese and Russian governments, view cyberspace as a tool of power and leverage. Cyberwarfare, although a concern for a few in the United States, has not become a concern for the vast majority. As long as that is the case, the U.S. government is likely to remain a passive defender against an army of anonymous cyberinsurgents.
SUBJECTS:
(1)
HIDE COMMENTS LOGIN OR REGISTER REPORT ABUSE