To each American administration, its war. For Truman and Eisenhower, Korea. For Kennedy, Johnson and Nixon, Vietnam. For Carter and Reagan, the culmination of the Cold War. For both Bushes, Iraq. For Clinton, ex-Yugoslavia. For Obama, Afghanistan.
Which will be Donald Trump’s war? There is good reason to fear it could be the Second Korean War. Or it could be yet another quagmire in the Middle East. His most excitable critics warn that the Third World War will happen on his watch. But I am more worried about the First Cyber War —because that war has already begun.
Last week’s cyber-attack was just the latest directed against America by WikiLeaks: the release of a vast cache of documents stolen from the CIA. In a tweet, WikiLeaks claimed these revealed “CIA hacker malware a threat to journalists: infests iPhone, Android bypassing Signal, Confide encryption”.
Actually, none of the documents mentions Signal, but that’s not the point. In the strange land of Cyberia — the twilight zone inhabited by Russian intelligence operatives — cyber-warfare is mainly about the spread of disinformation under the guise of leaking classified or confidential information.
To visit the WikiLeaks website is to enter the trophy room of Cyberia. Here is the “Hillary Clinton Email Archive”, over there are “The Podesta Emails”. Not all the leaked documents are American, but you will look in vain for leaks calculated to embarrass the Russian government. Julian Assange may still skulk in the Ecuadorean embassy in London but he lives in Cyberia, an honoured guest of Vladimir Putin.
In Washington they are worried. “We’re at a tipping point,” warns Admiral Michael Rogers, head of the National Security Agency and US Cyber Command. Dan Coats, Trump’s nominee for director of national intelligence, puts cyber-activities at the top of his list of threats. This is not just about WikiLeaks. The Pentagon alone reports 10m attempts at intrusion each day.
Of course, most of what the media call “cyber-attacks” are just attempts at espionage. To understand the full potential of cyber-warfare, you need to imagine an attack that could shut a substantial part of the American power grid. It was done in December 2015 to the Ukrainian electricity system, which was infected by some computer malware called BlackEnergy.
Computer scientists have understood the disruptive potential of cyber-warfare since the earliest days of the internet. At first it was adolescent hackers who caused mayhem: geeks such as Robert Tappan Morris, who almost crashed the internet in 1988 by releasing a highly infectious software worm.
It is still the case that a lot of cyber-attacks are carried out by non-state actors: teenage vandals, criminals, “hacktivists” or terrorist organisations. However, the most striking development of the past year has been the advent of Cyberia.
As the country that built the internet, America was bound to lead in cyber-warfare. During the 2003 Iraq invasion, US spies penetrated Iraqi networks and sent messages urging generals to surrender. Seven years later America and Israel unleashed the Stuxnet virus against Iran’s nuclear enrichment facilities. The problem is not just that two can play at that game. It is that no one knows how many people can play at any number of cyber-games.
In recent years, the US has found itself under cyber-attack from Iran, North Korea and China. However, these attacks were directed against companies (notably Sony Pictures). The Russians are the first to wage war directly against the US government. They learnt the ropes in attacks on Estonia, Georgia and Ukraine. Last year, using WikiLeaks and the blogger Guccifer 2.0 as proxies, they launched a sustained assault on the US political system, using the Clinton emails and those of her campaign manager John Podesta to undermine the credibility of the Democratic Party’s presidential candidate.
Let’s leave aside the question of whether or not that interference decided the election in favour of Trump. The critical point is that Moscow was undeterred. For specialists in national security, this is only one of many perplexing features of cyber-war. Accustomed to the elegant theories of “mutually assured destruction” that evolved during the Cold War, they are struggling to develop a doctrine for an entirely different form of conflict, in which there are countless potential attackers and numerous gradations of destructiveness.
For Joseph Nye of Harvard’s Kennedy School, deterrence may be salvageable, but that can only be true now if America is prepared to make an example of an aggressor. The three other options Nye proposes are to ramp up cyber-security, to try to “entangle” potential aggressors in trade and other relationships (so as to raise the cost of cyber-attacks to them), or to establish global taboos against cyber, like those against biological and chemical weapons.
Nye’s analysis is not very comforting. Given the sheer number of cyber-aggressors, defence seems doomed to lag behind offence. And the Russians have proved themselves to be indifferent to both entanglement and taboos, even if China seems more amenable to Nye’s approach.
How scared should we be of Cyberia? For Princeton’s Anne-Marie Slaughter, our hyper-networked world is, on balance, a benign place and America “will gradually find the golden mean of network power”. At the other extreme is Joshua Cooper Ramo, whose book The Seventh Sense argues for the erection of real and virtual “gates” to shut out the Russians and other malefactors. But Ramo himself quotes the three rules of computer security devised by the NSA cryptographer Robert Morris Sr: 1) Do not own a computer 2) Do not power it on 3) Do not use it. If we all ignore those rules, how will any gates keep out the Cyberians?
An intellectual arms race is on to devise a viable doctrine of cyber-security. My 10 cents’ worth is that those steeped in the traditional thinking of national security will not come up with it. A realistic goal is not to deter attacks or retaliate against them but to regulate all the various networks on which our society depends so that they are resilient — or, better still, “anti-fragile”, a term coined by Nassim Taleb to describe a system that grows stronger under attack.
Those, like Taleb, who inhabit the world of financial risk management saw in 2008 just how fragile the international financial network was: the failure of a single investment bank brought the whole system of global credit to its knees. The rest of us have now caught up with the bankers and traders; we are all now as interconnected as they were nine years ago.
Like the financial network, our social, commercial and infrastructural networks are under constant attack from fools and knaves. There is nothing we can do to stop them. The most we can do is to design our networks so that the ravages of Cyberia can’t cause a total outage.
Trump’s war has begun: it is the First Cyber War. Like all wars, its first casualty was truth. Unlike other wars, it will have no last casualty, as it is a war without end. Get used to it. Or get rid of your computer.