Here’s a suggestion for Fox News Sunday anchor Chris Wallace – start watching some recent episodes of your own show before conducting interviews. You might be able to move the public debate on vital issues forward, rather than trodding over well-worn ground.
Wallace led off this morning’s show with a look at this past week’s news that the federal government’s personnel agency has been hacked twice in the last year, and that China is widely suspected as the attack’s source. And that’s entirely understandable. The examination of whether the Obama administration is dealing adequately with cyber threats, moreover, is vitally important. What was completely weird was how Wallace – not to mention his two Congressional guests, who both have key national security posts on the intelligence committee – handled the issue of retaliation.
It began with Representative Adam Schiff of California, ranking Democrat on the House Intelligence Committee, stating that “one of the big things that we really have to do in addition to our defense is figure out when we’re going to go on offense and how we’re going to provide a deterrent to future attacks.”
Wallace then asked Republican Congressman Peter King of New York, a member of the House Homeland Security Committee, “Do we need to retaliate against the people that we believe are conducting cyber warfare against us?” King answered, “I believe we do. I don’t think we should announce what we’re doing. I think the president and his administration have the capacity to respond once they find out, you know, sort of malware signature, who they believe this is. Then, I think, yes, there has to be a price to pay for this.”
Sounds perfectly reasonable, right? Except that only this January, no less than the nation’s top uniformed military officer told Wallace that the United States currently lacks superiority in cyber-war capabilities. According to Chairman of the Joint Chiefs of Staff Martin Dempsey, “In every domain…we generally enjoy a significant military advantage. We have peer competitors in cyber….We don’t have an advantage. It’s a level playing field, and that makes this Chairman very uncomfortable.”
Now Dempsey might have been mistaken (though that’s unlikely) or engaged in a head fake against America’s adversaries (though I can’t imagine the rationale for this one). But why didn’t Wallace remember that this is the most plausible reason for the nation’s failure to strike – fear that attackers can cause still further damage? Moreover, hadn’t Schiff or King been aware of Dempsey’s statement? If they were, do they have their own reasons for considering Dempsey mistaken?
In any event, the more I think about the issue, the more I wonder if the United States would retaliate even with clear-cut superiority. Think of it this way. Relatively few Americans nowadays – particularly in the big cities, which would be most vulnerable to a truly debilitating cyber attack – have any recent experience with the kind of privation and disruption that such a hack could create. Even most prosperous Russians and Chinese do – and then some. So even though these two countries are increasingly networked and enjoying the advantages thereof, it seems clear that they’re much better positioned to cope with cyber-generated confusion than Americans.
Another important point recently was brought to my attention. For all the damage done by foreign hackers to date, they haven’t yet (apparently) launched the kinds of attacks that could bring such massive disruptions – e.g., by bringing down the banking system, or the communications and energy infrastructure. It’s possible that these systems are adequately protected. But it’s also possible that China’s hackers in particular understand that their country would be victimized as well, since it’s so heavily dependent on exporting to the United States for continued growth and economic progress.
So although it’s certain that cyber attacks will continue, it’s also distinctly possible that many will stay relatively restrained. This could mean that America has more scope to retaliate than seems currently to be the case, but also that it has less need – and that we’ll need to (keep) getting used to greater levels of cyber risk if we want to keep reaping the benefits we perceive from more networked lives. In other words, we may be seeing the emergence of a cyber balance of terror similar to the nuclear balance of terror that helped avert great-power conflict during the Cold War.
But there would still remain the risk of attacks from sources that don’t feel any stake in America’s continued viability, and could have even more broadly destructive aims. Dealing with these hackers – who could belong to major terrorist groups – will be complicated by the asymmetry problem: Relatively modest capabilities seem able to inflict tremendous damage on America’s economy and society. Moreover, the perpetrators could be exceedingly difficult to track down and hack in return, and these enemies would have relatively little to lose in terms of physical assets and large-scale social systems. These observations lead me to the conclusion that the key to defeating these hackers lies not in the cyber realm but in the domain of broader counter-terrorism policies.