The latest Bond flick, Skyfall, could well be the most realistic of the entire series. Its villain, disgruntled ex-MI-6 operative and creepy cyber-hacker Raoul Silva, launches massive cyberattacks from his high-tech lair on a deserted island somewhere off of Macau. He threatens to commandeer the infrastructure of entire nations at the speed of light with the mere push of a button, leaving nary a trace. Who needs cyclopytic henchmen or sharks-with-frickin'-laser-beams-attached-to-their-heads when you can invisibly disrupt power grids around the globe by merely hitting the "Enter" key?
More...
As it turns out, our most senior defense officials and intelligence chiefs, as well as top CEOs, are now grappling with this very issue: What to do about the Raoul Silvas of the world before they wreak cyber-havoc on the nation? The problem is that some in the Pentagon are threatening "deterrence" via kinetic reprisals -- including nuclear counterattacks in the most extreme cases -- that could actually encourage the very cyberattacks the government hopes to prevent.
In the latest report from the Office of the Director of National Intelligence (DNI), cyberthreats climbed from being the number-three threat last year to the number-one position -- beating even terrorism to claim the top spot. In introducing the Worldwide Threat Assessment to the Senate, DNI James Clapper said that "when it comes to the distinct threat areas, our statement this year leads with cyber.... [I]t's hard to overemphasize its significance." And yet cyberattacks have yet to cause damage in the way a military strike could. A sobering article by Thomas Rid in Foreign Policy points out that not a single fatality has yet been attributed to any cyberattack.
On the other hand, about $100 billion is believed to be lost annually to cyber-crime, cyber-extortion, cyber-espionage of corporate secrets, and in cleaning-up and addressing those threats. So it certainly makes sense to get out ahead of cyber-insecurities instead of waiting and reacting to a more metastasized crisis in a few years. The question is, when do cyber-intrusions cross the line from being an expensive criminal nuisance to a national-level concern requiring military intervention or military threats? And, relatedly, how should the United States divide the nation's cybersecurity mission between the civilians (at the FBI and the Department of Homeland Security) and the military?
This is where the recent 146-page report from the Pentagon's Defense Science Board, "Resilient Military Systems and the Advanced Cyber Threat," comes in. A 33-member panel of government and civilian experts was charged with reviewing the robustness of Pentagon defenses against cyberattacks and making recommendations to improve them. Although the report contains many sensible recommendations, it also makes an outrageous and counter-productive one: It suggests threatening the use of nuclear weapons in response to the most severe cyberattacks. "Deterrence is achieved with offensive cyber, some protected-conventional capabilities, and anchored with U.S. nuclear weapons," the report states, adding, "Cyber risk can be managed through the combination of deterrence (up to a nuclear response in the most extreme case) and improved cyber defense."
Nuclear deterrence isn't the best analogy for addressing cyber-threats, and it is certainly the wrong policy. All through the Cold War, and even now, the United States had early-warning satellites that used infrared sensors to pinpoint where nuclear-tipped missiles may have come from, thus fulfilling the critical attribution criterion on which deterrence hinges. Nothing remotely equivalent exists in cyberspace. Another critical difference is the involvement of subnational groups. During the Cold War, if U.S. sensors indicated that missiles were coming from the Soviet Union, we had no doubt they were launched by the Soviet government. The same is not true of cyberattacks, which a group of teenagers in Russia could launch without the permission of their parents, let alone the government. Massive attacks can be carried out with cheap technology available to individuals. It's as if all citizens worldwide had easy access to squadrons of stealth fighters.
SUBJECTS:
