20 September 2016

The Cold War is over. The Cyber War has begun.


September 15, 2016

President Obama at the State Department in Washington on Thursday. (Cliff Owen/Associated Press)

Contemplating Russian nuclear threats during the Cold War, the strategist Herman Kahn calibrated a macabre ladder of escalation, with 44 rungs ranging from “Ostensible Crisis” to “Spasm or Insensate War.” 

In the era of cyberwarfare that’s now dawning, the rules of the game haven’t yet been established with such coldblooded precision. That’s why this period of Russian-American relations is so tricky. The strategic framework that could provide stability hasn’t been set. 

Russian hackers appear to be pushing the limits. In recent weeks, the apparent targets have included the electronic files of the Democratic National Committee, the private emails of former secretary of state Colin Powell, and personal drug-testing information about top U.S. athletes. 

The Obama administration is considering how to respond. As in most strategic debates, there’s a split between hawks and doves. But there’s a recognition across the U.S. government that the current situation, in which information is stolen electronically and then leaked to damage and destabilize U.S. targets, is unacceptable. 

“A line has been crossed. The hard part is knowing how to respond effectively,” argues one U.S. official. Retaliating in kind may not be wise for a country that is far more dependent on its digital infrastructure than is Russia. But unless some clear signal is sent, there’s a danger that malicious hacking and disclosure of information could become the norm. 

How the Russian hackers got into the DNC's network

The Post's Ellen Nakashima goes over the events, and discusses the two hacker groups responsible. (Jhaan Elker/The Washington Post) 

As always with foreign-policy problems, a good starting point is to try putting ourselves in the mind of our potential adversaries. The point of this exercise isn’t to justify Russian behavior but to understand it — and learn how best to contain it. 

The Russians have a chip on their shoulder. They see themselves as the aggrieved party. The United States, in their view, has been destabilizing Russian politics by supporting pro-democracy groups that challenge President Vladimir Putin’s authority. To Americans, such campaigns are about free speech and other universal human rights. But to a paranoid and power-hungry Kremlin, these are U.S. “information operations.” 

Russian officials deny meddling in U.S. politics, but it’s clear from some of their comments that they think the United States shot first in this duel of political destabilization. 

This payback theme was clear in Russian hackers’ disclosure this week of information stolen from the World Anti-Doping Agency about Olympic gymnast Simone Biles and tennis superstars Serena and Venus Williams. The Russians have been irate about the exposure of their own doping, which led to disqualification of many Russian Olympic athletes. And so — retaliation, in the disclosure that Biles and the Williams sisters had been given permission to use otherwise banned substances. 

If you’re a Russian with a sense that your country has been humiliated and unjustly maligned since the end of the Cold War — and that seems to be the essence of Putin’s worldview — then the opportunity to fight back in cyberspace must be attractive, indeed. 

How should the United States combat Russian cyber-meddling before it gets truly dangerous? I asked a half-dozen senior U.S. officials this question over the past few weeks, and I’ve heard competing views. The Defense Department’s cyber strategy, published last year, argues that the United States should deter malicious attacks by a combination of three approaches: “response . . . in a manner and in a place of our choosing”; “denial” of attack opportunities by stronger defense; and “resilience,” by creating redundant systems that can survive attack. 

A few caveats to this official strategy were cited by many of the officials: 

Opinions newsletter

Thought-provoking opinions and commentary, in your inbox daily.

● The U.S. response probably shouldn’t come in cyberspace, where an advanced America is more vulnerable to attack than a relatively undeveloped Russia, and where the United States lacks sufficient “overmatch” in cyberweapons to guarantee quick success. “Don’t get into a knife fight with someone whose dagger is almost as long as yours,” explains one expert. 

● The Obama administration should disclose more of what it knows about Russian actions, much as it did with Chinese and North Korean hacking. But getting in a public argument with Moscow will be fruitless, and the United States may blow its cyber “sources and methods” in the process. 

What would the Cold War “wizards of Armageddon” advise? The nuclear balance of terror finally gave way to arms-control agreements that fostered stability. But this model probably doesn’t work in cyberspace. Such agreements wouldn’t be verifiable in a world where cyber-warriors could reequip at the local Best Buy. 

Norms for global behavior emerge through trial and error — after a messy period of pushing and shoving, accompanied by public and private discussion. Starting this bumpy process will be the last big challenge of Barack Obama’s presidency.

No comments: