Three Wars on Terror

Ronald Reagan and the battle for Obama's strategic soul.

One of Barack Obama's earliest acts as president was to discard the phrase "war on terror," yet he has been waging just such a campaign these past four years -- with a skillful mix of subtlety and ferocity. Several major al Qaeda plots have been thwarted by aggressive, innovative intelligence programs, often conducted in a deeply networked fashion with our allies. In addition to the killing of Osama bin Laden, many other operatives in the late terrorist capo's organization have found themselves on the receiving end of commando raids or Hellfire missiles, from Waziristan to Yemen -- and beyond. Those not yet in the crosshairs have gone to ground, or dare to move about only sparingly, furtively.

Obama's counter-terrorism strategy has extended to other malefactors as well, from madmen like Joseph Kony and his Lord's Resistance Army to the Libyan state terrorist, Moammar Qaddafi. Kony is being hunted by local African forces of order, which are themselves being assisted by about a hundred American special operators. Qaddafi was taken down when Obama engineered and enabled a NATO air campaign that began by preventing a slaughter of innocents in Benghazi, then went on to effect regime change in Tripoli -- in a far less costly manner than was undertaken in Iraq by George W. Bush.

Indeed, the difference in the approaches taken by our two most recent presidents really speaks to there being two different wars on terror. Bush chose to attack other nations in his attempt to create a less permissive international environment for terrorist networks. Obama has decided to take the more direct approach: going straight after the networks.

Bush's strategy proved exceptionally costly and highly problematic in Iraq, and even his initial success in "going small" in Afghanistan was all too soon overtaken by a stalemate-inducing impulse to send large numbers of troops there. Obama's concept of operations, on the other hand, has been working well, and will never break the bank or exhaust our military -- especially in the wake of his realizing, and reversing, the folly of surging more troops into Afghanistan, as senior military leaders persuaded him to do early in his presidency.

It is tempting, on the eve of the 11th anniversary of 9/11, to believe that the problem posed by terrorist networks is at last well on its way to being solved -- and this may be the case. But this is a moment to remember, in a cautionary way, that there was an earlier war on terror, crafted by Ronald Reagan and his close advisers in the mid-1980s, that began subtly and skillfully, too -- yet which soon foundered.

In the weeks and months after the October 1983 bombing of the Marine barracks in Beirut that killed 242 Americans, Reagan and his team became deeply concerned about the terrorism problem. But it was the abduction and torture of the CIA's Beirut station chief, William Buckley, in March 1984 that truly brought matters to a head. Secretary of State George Shultz called a Saturday meeting of terrorism experts, led by Brian Jenkins of the RAND Corporation, and the team brainstormed until a strategy emerged, one that called for something that strongly resembles the kind of campaign that Obama is now pursuing. Rather, the resemblance is in reverse, as Reagan's plan came first.

Soon after that weekend conclave of experts, President Reagan signed National Security Decision Directive 138 -- most of which is still highly classified. Christopher Martin's declassified history of political and military policy during this period points out that the directive called for "secret FBI and CIA paramilitary squads and use of existing Pentagon military units -- such as Green Berets and the Navy SEALs -- for conducting what amounted to guerrilla war against guerrillas...a de facto declaration of war."

The signal success of this first war on terror came in a campaign against the Abu Nidal Organization -- the al Qaeda of the ‘80s -- which was conducting terrorist hits for hire on behalf of Iraq, Libya, and Syria. Some of the network's hidden finances were detected and, instead of freezing or seizing these funds, they were covertly moved about in ways that convinced Abu Nidal that many of his operatives were embezzling. He had about a hundred of his agents bumped off, which did little good for the morale of the others. Soon the organization was all but defunct.

Despite this success, and for all of Reagan's enthusiasm and Shultz's support, little else came to pass. This was because many senior military leaders worried about the ethics of Reagan's war on terror -- specifically that the use of paramilitaries and special operators would lead to what then-Secretary of Defense Caspar Weinberger called an "unfocused revenge approach" that would lead to the deaths of innocents. Besides, the Pentagon preferred more conventional uses of force -- like the massive air raid on Libya in 1986 in retaliation for the bombing of a Berlin discotheque frequented by GIs. Soon there was a Weinberger Doctrine that codified this conventional approach, a later corollary to which, the Powell Doctrine, demanded that this kind of force be applied "overwhelmingly."

Weinberger won what William Safire called "the battle for Reagan's strategic soul," and nothing like the clever coup against Abu Nidal was ever repeated. Thus the pressure on nascent subversive networks eased, and the hydra's teeth were sown, soon to bring forth a new generation of 21st century terrorists. And the Weinberger/Powell approach was slavishly followed -- for the most part -- in the wake of 9/11, embroiling the United States in the two costly nation-building debacles that have characterized its second war on terror.

Barack Obama has, as noted above, done much better by hewing close to the concept that Reagan initially embraced. But, as was the case with Reagan, there is now a similar battle going on for Obama's strategic soul. For all the nimble, networked operations he has overseen, Obama did allow senior military advisers to talk him into surging large numbers of conventional forces into Afghanistan -- at great cost and, at best, with mixed results. He also acceded to a status-of-forces agreement made by his predecessor, allowing senior political advisers to talk him into living with the consequences of a complete withdrawal from Iraq -- where keeping even a slight residual force of special operators would have done wonders in deterring the resurgence of violence that now threatens to undo all the progress of the past decade.

In the battle for Reagan's strategic soul, the conventional thinkers won out because they convinced him that there was far too much of the "dark side" in the Shultz-inspired plan. In the battle for Barack Obama's strategic soul, the "overwhelming force" approach has not yet carried the day -- and with luck it won't. Here's hoping that Mephisto wins this one.

Chip Somodevilla/Getty Images

National Security

Cyber Fail

Why can't the government keep hackers out? Because the public is afraid of letting it.

The world's leading cyberpower is … North Korea. This is the considered opinion of Richard Clarke, former cyberczar and advisor to four presidents. How has he come to this conclusion? Very sensibly, by assessing countries in terms of their offensive and defensive capabilities, along with the degree to which they are dependent on the Net and the Web. North Korea has only modest attacking capabilities -- don't look for the next Stuxnet to come slinking out of Pyongyang -- but its cyberdefenses are formidable, and there is little in that sad land that requires connectivity to cyberspace in order to keep working.

How does the United States fare in Clarke's analysis? Despite fielding the world's best computer worms and viruses, America rates only a fourth-place position -- Russia comes in second and China third. The United States gets dragged down by its pitifully poor defenses, coupled with very high cyberdependence. At the Aspen Security Forum this summer, the head of Cyber Command, Gen. Keith Alexander, went so far as to give a grade of "3" to U.S. defenses on a scale of 1 to 10. He observed that cybersnooping is now so rampant that the theft of intellectual property constituted the "greatest transfer of wealth in history."

Things don't look so good -- and they're not getting better.

The recent defeat of the Senate's Cybersecurity Act of 2012 is just the latest reverse in a nearly 20-year run of repeated failures to master the challenge of protecting the virtual domain. Back in President Bill Clinton's first term, the "clipper chip" concept was all about improving the security of private communications. Americans were to enjoy the routine ability to send strongly encoded messages to each other that criminals and snoops would not be able to hack, making cyberspace a lot safer.

But the government was still to hold a "key" that would let it tap into and monitor said messages, primarily for purposes of law enforcement. The initiative foundered over this too-intrusive capacity. All these years later, the Cybersecurity Act called for a similar (though less encompassing) monitoring capability -- along with the request that commercial firms voluntarily share more information -- and died because of the concerns it rekindled.

These events are just the bookends of a long policymaking trail of tears. In the years after the clipper-chip debacle, commission after commission rose up to study how to improve cybersecurity without unduly violating privacy. Yet, even as the government considered snooping and hacking central concerns, it opposed the very idea of improving individual security by encouraging the use of powerful encryption -- largely because the intelligence and law enforcement communities strongly resisted any initiative that might reduce their ability to conduct cybertaps.

The government's intransigence was only countered in the end by the actions of "code rebels," to use tech journalist Steven Levy's term, who broke the rules -- and, arguably, the law -- by making top-tier encryption available to the people. Thanks to them, average Americans now have access to the same strong encryption capabilities available to their leaders -- as well as to the range of criminals, terrorists, and other rogues who are so utterly reliant on keeping their communications secure.

Sadly, industry leaders have never emphasized the value of strong crypto sufficiently either. There are many reasons for this neglect -- the most likely being that encouraging ubiquitous use of strong crypto could weaken sales of the firewalls and anti-viral products that form so much of the cybersecurity business model. Most importantly, though, cybersecurity today is poor because the market hasn't demanded it. Consumers are much more interested in features such as speed, variety of apps, weight, even color -- so this is what drives production. It's a classic case of market failure.

Thus, the complex, constantly growing virtual world -- upon which individuals, commercial enterprises, and militaries are increasingly dependent -- is plagued by rampant insecurity. So say top governmental officials today. So say those who know the results of the CIA's extensive (and still classified) cyberwar game, Silent Horizon, conducted several years ago. And so say all involved in defending against the serious, real-life intrusions into defense information systems known to the public under names like Moonlight Maze and Titan Rain -- the former apparently involving sophisticated Russian hackers, the latter seemingly emanating from China.

Unless there is a profound change in perspective, the market will continue to fail, with manufacturers focusing on speedy, attractive tech products instead of secure ones. Unless a fresh mindset emerges among the public, the fear of Big Brother will prevent legislative action, even though the data-mining about individuals and consumer habits conducted by marketers and social networking sites -- a lot of Little Brothers -- already dwarfs what the government knows. It is odd indeed that people freely allow organizations like Facebook a level of access into their private lives that they resist giving their elected leaders in Washington. And unless presidents and their advisors start taking cyberthreats more seriously and stop saying things like "There is no cyberwar" (as President Barack Obama's former cyberczar, Howard Schmidt, used to), the lack of leadership on this issue will leave America gravely vulnerable.

But ways ahead do exist. There is a regulatory role: to mandate better security from the chip-level out -- something that Sen. Joseph Lieberman's Cybersecurity Act would only have made voluntary. Encouraging the widespread use of encryption can assuage fears about the loss of privacy. And finally, we should treat cybersecurity as a foreign-policy issue, not just a domestic one. For if countries, and even some networks, can find a way to agree to norms that discourage cyberwar-making against civilian infrastructure -- much as the many countries that can make chemical and biological weapons have signed conventions against doing so -- then it is just possible that the brave new virtual world will be a little less conflict prone.