Cyber Is the Perfect Weapon
Cheap, deniable and hard to trace, cyber is a plague to be managed.
Cyber is fundamentally changing the national security landscape. David Sanger, national security correspondent for The New York Times and author of The Perfect Weapon, used his keynote address on day two of the AFCEA-GMU C4I and Cyber Center Symposium not to explain what is happening, but why this is happening.
To illustrate the new age of weaponizing information, Sanger described the differences between Watergate and the hack of the DNC in December 2016. The Russians didn’t have to do anything the Watergate hackers did.
“They didn’t have to break into the building, jimmy the lock or tape the door. In fact they never left Red Square,” said Sanger. “We know this because Dutch intelligence had cameras on them. This technology has enabled a kind-of long distance approach into the U.S. that we are only starting to get our heads around,” Sanger stressed.
Cyber attacks have become the primary way states conduct short-of-war operations against each other. “For years we looked chiefly for technological solutions,” said Sanger. “Now we recognize that, like climate change and terrorism, this is a problem we’ll have to manage for decades.”
No one wants to take on the United States’ military directly. “But they have no problem coming into the United States’ networks because it is not going to bring about a military response,” Sanger related.
One of the fascinating things about cyber attacks over the last seven-to-eight years is that they have been carefully calibrated to be just below the level that the actor would warrant a response, said Sanger.
Cyber is cheap. Unlike nuclear weapons, which require millions if not billions of dollars, uranium and plutonium, cyber weapons need “some laptops, millennials, stolen code from the NSA, Red Bull and pizza,” Sanger stated.
And that may help explain why more than 70 years after the first dropping of the atomic bomb, Sanger estimates that at this point there are only about nine nuclear arms states but around 35 states capable of launching sophisticated cyber actions.
Why? “Because [cyber] is an incredibly easy technology to proliferate. It’s deniable. It’s hard to trace. There is attribution but it’s frustrating and slow,” Sanger stressed.
Cyber is not going away. Like climate change and terrorism “you aren’t going to eliminate it. You’re going to come up with strategies to mitigate and manage it,” he said.
Sanger has also learned over time that countries use it in dramatically different ways. He shared what Rob Joyce, senior cybersecurity strategy advisor to the director, National Security Agency, says about that. “Russia is like a hurricane; it comes in with great destructive force but then blows away. China is like climate science; it’s gradually moving in to change the environment in which we live.”
One way to think about cyber conflict today is that we are roughly at the end of World War I, said Sanger. “We’ve had some scrimmages, a couple of casualties, a bunch of blown up buildings, but nothing decisive; nothing that you would call cyber war,” stressed Sanger.
What’s the United States’ record so far? “For those of you in the intelligence community I don’t need to remind you that our record is perfect, which is to say we have yet to predict any of the significant [cyber] events,” Sanger joked.
“While there is great temptation in all of our daily jobs to look for a technological solution to these problems, it’s becoming clear that we are going to need some political solutions as well,” stated Sanger.
The intelligence community has reported cyber as the number one threat to national security the last six years. “But you wouldn’t know it listening to politicians,” said Sanger. There was no mention of it in the last State of the Union.
We certainly need some new forms of deterrents, Sanger added. As Gen. Paul Nakasone, commander of the U.S. Cyber Command, said during his confirmation hearing in April 2018: “They don’t fear us.”
“But if we are going to set some international rules about what’s possible in cyber and what’s off limits, we’re going to have to think hard about what we are willing to give up as well,” Sanger added.
“Until we have a serious debate in this country about how we want to use cyber and more importantly how we don’t want to use it, we’re not going to get the rest of the world to begin to have a serious conversation either,” concluded Sanger.
For more information on the AFCEA-GMU C4I and Cyber Center Symposium visit www.afcea.org/event/GMU-Home.