Sandeep Baliga, Ethan Bueno de Mesquita, Alexander Wolitzky
Security, Americas
U.S. strategy has not kept pace with the evolving cyber threat. Recent proposals ignore key strategic features of the cyber domain, resulting in overly narrow policies. We must take a global approach to cyber-deterrence, and we must blend aggressive retaliation when the origins of attacks are clear with forbearance when they aren’t.
Here’s a scenario that should trouble America’s political leaders:
Top-secret plans for a next-generation fighter jet are stolen from a U.S. defense contractor’s computer. It appears the intrusion originated in China. Then again, it’s easy for other actors to make it look as if the culprit is China. Also, some signs point to North Korea. Ultimately, the United States blames China. It launches a retaliatory cyber strike that paralyzes Chinese military computer networks for a week. U.S. diplomats tell their counterparts that they’ve been warned against future incursions, but the move backfires.
It turns out the initial attack came from Iranian Revolutionary Guard operatives routing the attack through a server in China and using North Korean coding techniques. Chinese leaders are incensed—viewing claims about misattribution of an Iranian
attack as mere pretext for U.S. aggression. They respond with a cyberattack on the electrical grid in the Washington, DC area, causing rolling blackouts amid a summer heat wave. Several people die. As the dust-up becomes public, U.S.
officials feel pressure to retaliate further. The president orders a missile strike against a Chinese military computer facility. Two-dozen Chinese coders are killed. What started as a limited cyber-intrusion now threatens to turn into a full-fledged military conflict.
Each element of this hypothetical has occurred in the recent past in one form or another. And it shows how complicated the strategic landscape has become in the cyber age. Unfortunately, our strategic thinking has not kept pace. The United States needs a new strategy for deterrence in cyberspace.
Read full article