Voice

Panetta's Wrong About a Cyber 'Pearl Harbor'

The Internet doesn't work that way.

In recent months, the specter of a looming cyber "Pearl Harbor" has reappeared -- the phrase having first come into use in the 1990s. But it is the wrong metaphor. Given the surefire emotional effect evoked by memories of the "day of infamy," how can this be? How are good cyber security legislation and regulations to be enacted and pursued in the absence of such galvanizing imagery? Clearly, the Obama administration thinks that trotting out the Pearl Harbor metaphor is essential, and so a range of officials, right up to Defense Secretary Leon Panetta, have been using it recently. But there is a fundamental problem: There is no "Battleship Row" in cyberspace.

In December 1941, a great deal of American naval power was concentrated at Pearl Harbor and Japan dealt it a sharp blow, enabling Imperial forces to pursue their expansionist aims for a while. Of the eight U.S. Navy battleships that were there, four were sunk and the other four were seriously damaged. And if the Kido Butai, the Japanese carrier strike force, had caught the three American aircraft carriers deployed to the Pacific in port -- they were out to sea at the time of the attack -- or had blown up the base's massive fuel storage tanks, the damage would have been catastrophic. Pearl Harbor was a true "single point of failure."

Nothing like this exists in cyberspace. Indeed, part of the logic behind the creation of the Internet, going back more than 40 years now, was to ensure continued communications even in the wake of a nuclear war. Redundancy and resilience are the key notions that shaped the structure of cyberspace. Yes, there are very important nodes here and there; but workarounds and fallbacks abound. Cyberspace is more like the oceans that cover two-thirds of the world: it has its choke points, but there are always alternate routes.

If the Pearl Harbor metaphor is misleading -- encouraging the belief that strong defenses concentrated in one or a few major areas can protect most, if not all, threatened spaces -- there may be another harbor metaphor that does much more good. This one comes from World War II as well and has to do with the harbor lights of the Eastern seaboard cities. Very soon after Germany declared war on the United States -- in the immediate aftermath of Pearl Harbor -- U-boats were dispatched to attack shipping on our side of the Atlantic. German submarine skippers were assisted in their task by the failure of President Franklin Delano Roosevelt to order a blackout along the coast. And so the U-boats had what their crews called "the happy time," teeing up targets for night attacks because they were illuminated against the backdrop of blazing city and harbor lights.

For several months in 1942, mayors of coastal cities resisted pressure to enforce blackouts because of the loss of business they feared would ensue, plunging an economy still not fully recovered from the Depression into a new downward spiral. It was only when shipping losses grew dangerously high -- over a million tons were sunk in the first four months of 1942 -- that a blackout was finally put in place and merchant ships began to move in escorted convoys. This didn't put an end to the U-boat menace, but did bring it under control.

Today, the "harbor lights" are on all over cyberspace. A wide range of targets is well illuminated, highly vulnerable to all manner of cyber mischief. Our armed services, increasingly dependent upon their connectivity, can be virtually crippled in the field by disruptive attacks on the infrastructure upon which they depend -- but which are not even government-owned. Leading commercial enterprises hemorrhage intellectual property to cyber snoops every day -- a point Governor Romney made twice in his debates with President Obama. And countless thousands of Americans, having had their personal security hacked, are now serving unwillingly and unknowingly as drones or zombies, pressed into service in the robot networks, or "botnets," of master hackers.

Why do the harbor lights remain on in cyberspace? Because, rather than focusing on security, information technology manufacturers and software developers have been driven for decades by market forces that impel them to seek greater speed and efficiency -- at the most competitive prices. In short, the virtual harbor lights stay on because the perceived economic cost of improved security -- that is, of enforcing a blackout, in metaphorical terms -- is seen as too high. And, just like FDR, American political leaders have shied away from forcing their hand.

Where the metaphor breaks down -- no metaphor can address every aspect of a problem -- is in its invisibility. Mass ship sinkings in the early months of 1942 were tangible events that horrified the nation. Today, the ongoing compromise of sensitive military information systems, the theft of intellectual property, and the recruitment of men, women, and children into zombie armies, all these pass largely beneath our levels of awareness. Cyberwarfare is a lot like Carl Sandburg's fog, coming in on "little cat feet."

To be sure, senior civil and military leaders know the gravity of the situation. A deeply alarming study of our cyber vulnerabilities by the National Academies was just declassified; it makes quite clear the grave nature of the threat. At the same time, word of a new presidential decision directive (PD-20) about responding aggressively to the cyber threat has leaked out. Reporting about the still-classified directive suggests that it follows the line of Secretary Panetta's comments in recent weeks about taking pre-emptive action against cyber threats.

All this implies clear awareness of the problem, but the pro-active recommendation to seek out and "attack the attackers" is problematic, given how well-hidden so many of them remain. Eleven years after the Code Red and Nimda computer viruses were unleashed -- shortly after 9/11 -- the identity of the perpetrators remains unknown. And this is true of many, perhaps most, cyber attacks. Digital warriors and terrorists today hide in the virtual ocean of cyberspace as well as U-boat skippers did during their "happy time" along the Atlantic seaboard 70 years ago. And efforts to track them in advance of their attacks, to hearken yet again to the harbor lights metaphor, will be as fruitless as the U.S. Navy's original strategy in 1942 of sending out hunter-killer squadrons to search the ocean for the U-boats.

Back then, the right answer from the start was to black out coastal cities at night. Then, when ships sailed, they were evasively routed and escorted by anti-submarine vessels. Losses still occurred, but soon fell to acceptable levels. This is the lesson of the "harbor lights" metaphor. In cyberspace, the analogous approach would consist of far greater use of strong encryption and "evasive routing" of data via the Cloud, making it much harder for the virtual U-boat wolf packs that stalk them to find their targets.

Forget Pearl Harbor. Remember the harbor lights.

STF/AFP/Getty Images

National Security

Casualties of History

The thing we shouldn't forget about the origins of Veterans Day.

All of our nation's veterans are honored on November 11, but it is important to recall that the origin of this observance was revulsion at the horrific casualties suffered by so many countries during World War I. Yes, a second and even more destructive conflict followed all too soon after the "war to end all wars," impelling a name change from Armistice Day to Veterans Day. And the rest of the 20th century was littered with insurgencies, terrorism, and a host of other violent ills -- most of which persist today, guaranteeing the steady production of new veterans, of which there are 22 million in the United States.

But despite the seemingly endless parade of wars waged and fresh conflicts looming just beyond the bloody horizon, World War I still stands out for its sheer horror. Over ten million soldiers died, and more than twice that number were wounded. This is a terrible enough toll. But what makes these casualties stand out even more is their proportion of the total numbers of troops mobilized. For example, France put about 7.5 million soldiers in the field; one in five died, and three out of four who lived were wounded.

The other major combatants on both sides suffered horribly as well: the Austro-Hungarian Empire's 6.5 million soldiers had a combined rate of killed and wounded of 74 percent. For Britain and Russia, the comparable figures totaled a bit over 50 percent, with German and Turkish losses slightly below one-half of all who served. The United States entered the conflict late, and so the overall casualty rate for the 4.3 million mobilized was but 8 percent. Even so, it is more than double the percentage of killed and wounded from the Iraq War, where total American casualties amounted to less than 4 percent of the one million who served.

Few conflicts in all of military history have seen victors and vanquished alike suffer such shocking losses as were incurred in World War I, so it is worth taking time to remember how this hecatomb came to pass. A great body of evidence suggests that this disaster was a product of poor generalship. Historian Alan Clark's magisterial The Donkeys conveys a sense of the incredible stubbornness of high commanders who continued, for years, to hurl massed waves of infantry against machine guns and rapid-firing artillery. All this went on while senior generals stayed far from the front. A British field commander, who went riding daily, even had soldiers spread sand along the country lane he followed, to make sure his horse didn't slip. 

But intransigence in the face of failure was not the only source of the tragedy of the Great War; incomprehension was the true cause of disaster. Neither the generals nor those who built the weapons of the time, and especially not the political leaders who sent the troops into battle, understood the likely effects of the destructive capabilities they were unleashing. Many "battle studies" before the war suggested that machine guns would favor attacking forces trying to cover open ground over defenders firing from trenches. And most military experts thought that artillery's extended range and greater accuracy would flatten defenses and greatly ease the task of advancing forces. Wrong on both counts.

The only fellow who called things correctly was a Polish banker -- and sometime logistician to Tsar Nicholas II -- Ivan Bloch. Over a decade before the disaster hit, he predicted the grievous losses that would be suffered. He based his conclusions in large part on simple calculations of the range and rate of fire of weapons versus the pace of advance of infantry. The tsar took Bloch's warnings to heart and lobbied for an international peace movement. Indeed, the first great conference at The Hague was his doing. But nobody else listened, as Bloch's work was considered unduly alarmist and "unprofessional."

By recalling the roots of Veterans Day in this way, as a cautionary tale as well as a remembrance, we may end up honoring our service members in the best way possible -- by making sure that we send them out to fight backed by senior leaders and strategies that fully appreciate the implications of the technologies of war in our time.

In Vietnam we seem not to have done this, relying all too heavily on fixed artillery firebases and heli-borne "vertical envelopment" to engage elusive insurgent forces. But the terrain blunted the American technological advantage, and helicopters proved highly vulnerable to ground fire -- over 4,000 were brought down during the war. The result: a leap in casualties to 14 percent of the 2.6 million who served in Vietnam, more than double the rate from World War II and over triple the loss rate incurred in Iraq.

For all the debate and divisiveness surrounding the Iraq War, what comes through clearly is that it was the persistence and professionalism of American forces -- from the lowest ranks to the highest -- that finally won the battle on the ground there, and with relatively low losses. The record in Afghanistan is even better. 

In Iraq, the key to improvement was to de-emphasize costly, larger-scale operations and focus instead on working from platoon-sized outposts located right in the towns in Anbar Province that were at the heart of the unrest. In Afghanistan, even as we draw down our forces to very low levels, we are increasing the numbers of small outposts in rural areas in which our remaining troops will are deployed.      

In both campaigns our soldiers -- and their senior commanders -- have demonstrated admirable ability to learn and adapt. However the political endgames of these wars may eventually play out, all Americans can take pride of the performance of their armed forces in the field. Our military is truly mastering the tactical and technical challenges of conflict in this odd new era of seemingly perpetual warfare. Our service members are doing so in a way that can only make the soldier-ghosts of World War I gaze on in frank admiration. 

MIKE NELSON/AFP/Getty Images