Rather than pulling the cyber domain away from deterrence, current policy has brought cyber elements closer to the U.S.’s broader strategic deterrence strategy. Strategic deterrence now incorporates a well-defined role for cyber that is likely to expand in the future, and strategic deterrence has begun to play a role in cyber deterrence strategy.
The adversaries of today are still human, and the threats of today may not be so conceptually different from those of the Cold War. By looking back at how a previous generation of strategists considered and communicated their strategic challenges in context, we may be able to gain insights into how to address these modern threats. 21st Century Power: Strategic Superiority for the Modern Era is a useful resource toward that end.
A successful cyber doctrine must epitomize Clausewitz’s argument in favor of an active or attack-based defense, found in a relatively unknown but rich section of On War entitled “Methods of Resistance.” The chapter opens with a compelling reminder that the advantage of the defense is its defining purpose is to ward off an attack, and this warding off has as its principal strength the idea of awaiting.
The international stage is complex and fluid, continuously changing, but human nature and the selfish intentions to achieve power have not changed in millennia. The Kremlin has added another facet to their political warfare through the savvy exploitation of new media. They are taking advantage of the West’s belief systems by conducting an end-around and using a form of malicious soft power to gain a position of advantage.
Tales of the demise of non-kinetic, information effects are greatly exaggerated, but that doesn't stop information operations from being controversial at best, and ineffective at worst. The reason is a matter of preference: deliver the emotional impact of a kinetic strike against a threat, or endure the statistical drudgery of sorting non-kinetic signal from noise. The US spends more on kinetic hardware than many militaries combined, so the Pentagon’s preferences are obvious. Yet information flows, their data generating processes, their interpretation and their implications for battlefield and non-battlefield environments are set to increase exponentially. The challenge in a national security context is not only to think all the way through the information effects of the structure behind the transmission of signal but also through how the signal is received, processed and acted upon by behavioral agents. The national security context has largely focused on the former, to the detriment of the latter.
The most important lesson from Russia’s involvement in the 2016 presidential election may be this: foreign hackers and propagandists are not afraid to launch attacks against the United States in and through cyberspace that they would not dare risk in a real theater of war. So as cyber aggression gets worse and more brazen every year, it’s crucial that the Department of Defense figures out how to deter foreign actors in cyberspace as effectively as in nuclear and conventional warfare. The Pentagon can take five steps to better deter foreign cyber attacks.
The information age, a phrase famously coined by Berkeley Professor Manuel Castells in the 1990s, described a tectonic shift in our culture and economy which we generally take for granted at present. From our current vantage point, replete with ubiquitous pocket-sized personal computing and communications devices, it is hard to imagine a world we cannot convert our data or social networks into physical resources and access. We keep our data in the cloud and call upon it when we need it, regardless of where we are. We log into AirBnB, and somehow money we have never seen transfers to someone else who will never see the money, and that becomes a room for an evening. The idea of a brick-and-mortar video store, such as the 1990s-staple Blockbuster Video, is hopelessly anachronistic in the era of Netflix.
It remains to be seen whether or not the current administration’s approach to China will bring further progress in terms of limiting cyber attacks. Ultimately, extending the terms of the 2015 agreement to explicitly ban attacks, to encourage co-operation in hardening financial institutions against them, and perhaps even mandate bi-lateral responses should they occur, would be in the mutual interest of both the U.S. and China.
In a year when the breadth, extent, and impact of cyber attacks continues to expand as geopolitical tensions escalate, the creation of norms remains essential to shape behavior in cyberspace and identify which targets are off limits. However, as these latest attacks may demonstrate, absent any coherent cybersecurity strategy and response framework, adversaries will disregard norms as long as they can attack with impunity.
Over the last 30 years the international security environment has been characterized by several security deficits, which are defined as a government’s inability to meet its national security obligations without external support. Intra-state, transnational, and regional actors challenge a sovereign government’s ability to provide a secure environment for their citizens. While evident in countries like Syria and Afghanistan, it is also true in the cyber world.
On 15 October 2036, the USS ZUMWALT (DDG-1000) glides through the Philippines Sea on the twentieth anniversary of its commissioning. Nearby, the USS ENTERPRISE (CVN-80) launches both the F-35C and the unmanned F-47C to jointly conduct bombing raids on the Navy’s Western Pacific bombing range. Both ships, along with the entire ENTERPRISE Carrier Strike Group, are headed toward the South China Sea to participate in the annual US-India-Singapore naval exercise called DRAGON FURY. Below the surface, the USS MONTANA (SSN-794) deploys the unmanned underwater vehicle called SEA-EYE to assist in trailing a Russian Dolgorukiy class SSBN as it leaves port headed to its strategic patrol areas.
It seems not a day passes that a new cyber security incident is not reported. Whether it is the breach of email accounts at Yahoo, the networks at the Democratic National Committee (DNC) or John Podesta’s digital recipe box, the revelations draw the attention of a wide variety of news organizations, and the stories each seem to approach a level of critical mass until a new story emerges. These incidents are all different in scope, and their targets are in the crosshairs of both criminals and hostile intelligence organizations - for motives that vary from political, to monetary, to just plain mischief. No matter the intent of the cyber criminal, the government’s response ought to prevent escalation along the cybercrime continuum. What Americans have seen to this point is network access and data exfiltration – or more simply said: breaking, entering, and theft.
Right away The Rise of the Machines must be declared a fantastic work, conveying an accessible history of a distant in time (yet still strikingly present) and technical scientific story. To succeed in making wave after wave of scientific innovations not only understandable, but to also place them in their intellectual, cultural, political, and strategic contexts in such a compelling manner is testament to why Rid’s book must hold high position in any technologically-focused reading list.
While there have been many valuable contributions to our understanding of the digital realm from the social sciences, it has been a struggle on all fronts to transform those theoretical and empirical observations into cohesive, strategic and policy recommendations. Cyberspace in Peace and War is a huge stride in the right direction. Anyone interested in cyber security should have a copy of in their library, and going forward it should be regularly cited and referred to.
it is important to reintroduce many of the well understood concepts of strategy to the cyber-Security debate precisely because it adds clarity to an otherwise murky topic. While it is good to come to the right answer, it is also important that we understand the strategic relationships of different behaviors so that we can consistently prescribe proper policy. Understanding why negotiations are a good idea today will better help us determine if they are a good idea tomorrow, and hopefully forestall deleterious decisions based upon improper analogs.
Few at CyConUS were optimistic about the future of cyber restraint among states. Rather, it was the assertiveness of nation-states that featured prominently in many of the keynotes and panel discussions. Whether the U.S. and its allies can respond effectively to these challenges, and the many others likely to follow, remains an open question. The cyber era is one of asymmetric conflict. For all of the billions of dollars the U.S. spends on cybersecurity through the departments of Defense and Homeland Security, determined attackers can find success for a minuscule fraction of that cost. Bending that cost-curve in a more favorable direction must be a top priority for the U.S. and its global partners.
Deterrence strategy, too, is essentially timeless, which inherently means it is applicable even to cyber warfare. While a legitimate threat of force lies at the heart of deterrence, different modes of warfare may be necessary to accomplish the true purpose of strategy as Clausewitz saw it: the accomplishment political goals. The U.S. political goal in this case is to prevent attacks and other wicked acts perpetrated against America in the cyber realm. Though the U.S. definitely has heavy hands in the cyber boxing arena, a better strategy is to avoid punches altogether, rather than slugging it out in the middle of the ring.
Maneuvering through cyberspace in support of strategic objectives and Unified Land Operations requires cyber leaders to develop into “agile and adaptive leaders who are flexible, critically reflective, and comfortable with ambiguity and uncertainty.” The Army’s Cyber Branch must prepare leaders to improve competence in their technical requirements, remain operationally focused, seek lifelong development, and possess an entrepreneurial mindset through the application of learner-centric, adult learning models in the classroom to meet the needs of the Army as it defends the nation.