July 27, 2016
The two great oceans that have for almost three centuries protected the United States from its adversaries’ use of “hard power,” or the ability to conduct kinetic military operations against our interests, have less meaning in a world where these same enemies can now expose our most sensitive data with the click of a mouse.
As the authors alluded to in a post earlier this month, American businesses, political organizations and government agencies are highly attractive targets for those who want to undermine our democracy using what is clearly the most effective “soft power” tactic of our time – the theft and subsequent dissemination of information on the Internet, often in a selective manner.
Now, as noted in Motherboard and other outlets, it appears that one of America’s most formidable geopolitical foes, Vladimir Putin’s Russia, has leaked internal communications from the Democratic National Committee online. While nothing has been proven outright, it is likely this tactic was employed to destabilize the Democratic Party with the intent to influence the presidential election. On the opening day of the Democratic National Convention, the party’s chairwoman, Debbie Wasserman Schultz, was forced to resign, and the dialogue surrounding the convention has been pulled away from the party’s platform messaging. POLITICO points out that these happenings mark two important cyber firsts in the United States: the unseating of a major party chairperson and the use of intrusion as a tactic of unconventional information warfare aimed at altering the political process.
The identification of the DNC hack as a likely Russian-backed influence operation presents a set of difficult questions for national security experts and White House officials: Does this hack constitute an act of cyberwar? What, exactly, is an act of cyberwar? Lawmakers in Congress and abroad have debated how best to define digital acts of war and what constitutes an appropriate response. While some camps have called for a strictly defined “if A provocation, then B response” strategy, others assert that determining retaliatory measures is best decided on a case-by-case basis. Still, regardless of the methodology behind determining if to strike back, the question of how to retaliate is a pressing one. Recently, NATO Secretary General Jens Stoltenberg noted, “A severe cyberattack may be classified as a case for the alliance,” and he pointed to the potential use of conventional weapons in response to a cyberattack.
How, then, should the United States respond? Though attributing cyberattacks is a very fickle business, many experts are indicating that the best response to a subversive operation like this is to pinpoint the source, thereby making the meddling an indisputable fact. In 2014, the United States indicted five Chinese officials, alleging they broke into computers in the U.S. on a search for trade secrets. In similar fashion, following the hack of Sony Pictures Entertainment, the Obama administration went out of its way to point an accusatory finger at North Korea. Both of these actions were unprecedented at the time, and they give us a glimpse at what the FBI’s intentions might be this go around. In what’s surely no coincidence, just this morning, the White House released a new directive outlining how specific U.S. government agencies shall be expected to respond to significant cyberattacks on U.S. interests.
Meanwhile, other national security experts want the United States to go on the offensive, initiating a data dump of our own that showcases the intelligence community’s own expertise in information warfare. Demonstrating the trace-back capabilities of U.S. intelligence agencies could serve as a potent deterrent to future cyber meddling.
Regardless of the government’s response, one thing is clear: this is the new reality. Geographic barriers are no longer our foremost defensive measure. Our businesses, political institutions, military and citizens are exposed in ways that seemed unfathomable a short time ago. The attempted undermining of a presidential election that we have just witnessed marks an unprecedented use of cyber tactics in geopolitical strategy. But, this occurrence will certainly not be the last of its kind – as technologies advance and foreign actors are emboldened, the scope and influence of cyberattacks will increase. It is our collective responsibility, as elected officials, as employees and as citizens, to ensure that our institutions are secure.
Alex Mitchell and Alex Schulz are members of the Cybersecurity Practice Group at VOX Global, a strategic communications firm headquartered in Washington, D.C.
No comments:
Post a Comment