, , , , , , , , , , , , , , , ,

Terrorism has understandably grabbed all the recent national security headlines lately, but two big articles this week have also valuably reminded us that major cyber threats still loom. Unfortunately, these pieces also (unwittingly) remind of all the reasons to worry that Washington still doesn’t have its arms around two of the biggest challenges facing the nation on the cyber front. The first is the asymmetry issue, which is a fancy way of saying that many of America’s current and likely cyber adversaries have much less to lose than the United States in a computer-war exchange. The second is the unlikelihood that the kinds of legalistic foreign policy approaches favored by much of the American establishment can meet this challenge.

Actually, the asymmetry issue has several cyber-related dimensions. One, widely noted (and especially by Chinese strategists), is that today’s civilian computer networks, whose development has long emphasized openness and information sharing, are vulnerable to attacks even from relatively low-tech countries. So for that reason alone, cyber-war can be a great geopolitical equalizer.

The second, however, is less widely noted. As I’ve written, the decision to launch a cyber attack against an adversary with significant cyber-war capabilities of its own rests on much more than a calculation of whether any assets the attacker values (its own cyber forces, its other military forces, its economy or broader society) can survive a retaliatory strike in meaningful form. This decision also hinges on more than how “meaningful” is defined for one or both parties to the conflict. It depends as well on a more fundamental, more political assessment regarding how much pain the two countries and societies can withstand.

Paradoxically, and especially relevant to Americans, the more advanced a country is, the less able it arguably is to deal satisfactorily with the disruptions stemming from a major cyber strike. And because the converse makes sense, too, it may not be decisive that the United States could inflict more damage in absolute terms in a cyber exchange on foes such as North Korea or Iran or Russia or even China than vice versa. The kinds of hardships stemming from the disabling of modern infrastructure could be much more tolerable for the peoples of these less developed, less prosperous countries than for Americans because much greater percentages of them rely so much less on these systems. Moreover, life without them is a much more recent memory – as are knowledge of and experience with coping.

That’s where, for all the information it contains (and keeping in mind that national cyber capabilities are closely guarded secrets), this detailed new Politico article on U.S. forces in this realm falls short. Even if America’s technological edge is as strong as portrayed, some of its adversaries might not be impressed enough to be deterred. One big possible policy implication: Asymmetry means that shoring up the nation’s cyber defenses, difficult as that is, is at least as important for ensuring cyber-security as creating matchless offenses. And as RealityChek readers know, U.S. intelligence chief James Clapper and other senior officials have said – for attribution – that these offenses actually aren’t so matchless. Another big implication – at least against China, trade and broader economic sanctions may be the most effective cyber counter-moves, since China’s dictators will struggle so to remain in power without the growing prosperity created largely by exporting to the United States.

One conclusion that shouldn’t be drawn from this cyber predicament is that a realistic way out is an international treaty or code of conduct banning or limiting cyber war. In this respect, it’s encouraging that Joseph S. Nye’s new essay for Project Syndicate is hardly a ringing endorsement of such legalisms and their effectiveness. But he does suggest that these measures can strengthen deterrence, and notes approvingly that

major states have agreed that cyber war will be limited by the law of armed conflict, which requires discrimination between military and civilian targets and proportionality in terms of consequences. Last July, the United Nations Group of Government Experts recommended excluding civilian targets from cyberattacks, and that norm was endorsed at last month’s G-20 summit.”

Nye isn’t an Obama administration official, but he has been at the center of Democratic Party foreign policy circles for decades, and his pioneering emphasis on “soft power,” multilateralism, and other supposed substitutes for military might fits right in with Mr. Obama’s belief that world affairs is coming to be dominated by a fundamentally new, more cooperative set of dynamics and relationships. 

So it’s important to note that these ideas are simply efforts to define America’s biggest international problems – and international tensions in general – out of existence. Think about it: If the United States faced cyber-armed adversaries who were willing to abide fully by the conflict-limiting agreements they signed, these agreements wouldn’t be needed in the first place. For those countries would never take such commitments seriously unless they decided that their stake in maintaining whatever degree of (shaky) global peace and order prevails significantly outweighs whatever goals they could hope to achieve through major use of cyber-weapons – or any other weapons.

That is, if the world’s Chinas, Russias, and Irans were truly devoted to competing for influence peacefully and according to a set of rules, the rules would simply codify that reality. Their existence on a piece of paper cannot create it. And the asymmetry problem makes assuming their reasonableness (at least as Americans judge it) or perceived support for the global status quo even less reasonable.

Moreover, anyone believing that the history of nuclear arms control debunks that pessimism doesn’t understand that the various Cold War agreements signed by the United States and Soviet Union had nothing important to due with preventing armageddon. Instead, in this case, the conditions for a successful “balance of terror” – of mutual deterrence – were obviously in place. Fears of final physical destruction trumped all other considerations and produced restraint.

Sadly, there’s no evidence that any of the presidential candidates this year have better ideas. But as I wrote above, what the public doesn’t know about America’s cyber-war programs and strategies greatly (and properly) exceeds what it knows. So perhaps there’s some hope that truly realistic approaches are being developed, and that the next president will start learning about them once he or she is elected.