America is at war in cyberspace and is losing badly. The US has some of the world’s most advanced cyber weapons, but no political will or a coherent national strategy. As a result, America’s enemies see a fatal weakness, and are exploiting it every day.
In July, the Senate Intelligence Committee reported that Russia hacked into the electoral systems of all 50 US states. The committee did not find that the Russians directly interfered with the voting, but is clear that they have developed that capability.
‘While the Committee does not know with confidence what Moscow’s intentions were, Russia may have been probing vulnerabilities in voting systems to exploit later,’ the report said. ‘Alternatively, Moscow may have sought to undermine confidence in the 2016 US elections simply through the discovery of their activity.’
This follows the US intelligence community’s unanimous finding that Russia waged an information warfare campaign to influence the 2016 presidential election, using thousands of fake names and accounts to plant hundreds of false stories on social media.
In recent weeks, analysis of intercepts and other intelligence reports have led the CIA to conclude that both Russia and Iran are planning a concerted effort to undermine the 2020 presidential election. Although the reports do not say so explicitly, intelligence sources suggest that the goal of the Russian campaign is to get Donald Trump reelected.
While election meddling has received much publicity, the covert war between America and its political and economic rivals has been going on for years. China has used literally millions of cyberattacks to steal billions of dollars worth of US technology, and has done so with impunity. Iran has probed and placed viruses inside some of America’s most sensitive networks, including power grids and banking systems. Even friendly countries such as Israel and France routinely use cyberspace to gather secrets from America.
If these attacks against the political and economic wellbeing of America had been accompanied by artillery fire, missiles and visible casualties, the response would have been obligatory, swift and devastating. Even the threat of it would be a deterrent. But America’s enemies see little risk of any consequence for their aggression. On the contrary, cyberspace offers an apparently risk-free environment for countries like Russia and Iran to attack, steal and borrow with impunity.
This is an extraordinary development for the world’s most powerful superpower, a pre-emptive surrender. Unassailable in the nuclear or conventional arenas, the US’s political leadership appears to have admitted defeat in cyberspace. And that makes continued conflict there all the more likely.
The Trump administration has issued only a muted response to these attacks against America, in part because President Trump does not want to acknowledge that his election could be attributed to anything other than his own genius. This has led to a disconnect between the intelligence community, which believes that America has become uniquely vulnerable in cyberspace, and the administration, which prefers not to talk about cyber threats at all.
Yet the US intelligence community spent billions of dollars over the past decade to develop highly effective cyber weapons. Today, it is perfectly possible for American cyber attacks to cut the power in Tehran or Moscow, or to kill millions by raising the sluice gates on a dam to flood towns and cities downstream.
In June, when it looked like America was planning a series of strikes against Iran in retaliation for the shooting down of a drone, the US Cyber Command prepared to launch a series of attacks against Iran. These were designed to take out command and control systems which would have prevented the Iranians from stopping the US assault. President Trump called off the attack at the last minute, and caused much frustration in the Pentagon and the intelligence community.
So sensitive has the Pentagon become to White House interference that the Pentagon has carried out a series of covert operations against Russians believed to be behind some of the 2016 election meddling — without White House approval. These operations were targeted at the computers of individuals involved in the attacks. Their computers were fried.
While this might have demonstrated America’s cyber-capability, US intelligence sees no sign that the Russians are chastened by the attacks, or deterred from future actions.
In the wilderness of mirrors that is the US intelligence community, there is more to these cyber challenges than simple political indolence. There is intense rivalry between different parts of the intelligence community over who owns what part of cyber defense and cyber attack. The CIA likes to think it runs everything, but the NSA believes it owns everything with a bit or a byte.
Just as importantly, the intelligence world has yet to come to terms with the 21st century world of openness, and the leveling of knowledge and power between the public and private sectors. Even though our enemies understand many of our cyber capabilities, there is a reluctance to discuss any of this with friend or foe. The default to maximum secrecy means that any effort to create an international agreement around cyber behavior is doomed.
Further, cyberspace has become the vehicle of choice for many different types of crime. As there is no common national approach to the challenges, criminals range widely and lucratively. In June, the database of Bulgaria’s National Revenue Agency was hacked. Information on five million citizens (70 percent of the population) was posted to hacker forums online and sold to interested bidders.
In multiple countries, including the US, a rash of hacks have closed down networks belonging to state and local governments, and local agencies. The networks remain out of action until a ransom has been paid. Attacks have led two American states, Louisiana and Florida, to declare a state of emergency until normal service could be resumed.
In On War, the Prussian general Carl von Clausewitz defined war as ‘an act of violence intended to compel our opponent to fulfill our will’. He also famously wrote: ‘War is merely the continuation of policy by other means…it is the exact fulfillment of silent suppositions, it is the noiseless harmony of the whole action which we should admire, and which only makes itself known in the total result.’
Clausewitz would have readily identified cyber warfare as a classic illustration of policy continued by other means. Although On War is taught at every American military academy, there is a determination among generals, admirals and their political masters that America is not at war in cyberspace.
This dereliction of duty is all the more remarkable because much of the evidence is no longer hidden behind layered veils of secrecy. Instead, it’s reported on regularly by the news media and cyber intelligence companies. Rather than pretending war in cyberspace does not exist, America should be leading the world in addressing this new form of conflict to create a safer world — and avoid a more dangerous one.
