By David Marcus
Sunday, June 23, 2019
President Trump faced a difficult choice in the wake of
Iran’s downing of an American drone over the Strait of Hormuz last week.
Eventually, after ordering an attack, Trump decided against it, because the 150
estimated civilian casualties would have represented a disproportionate
response to destroying an unmanned drone. But yesterday we found out he did pull
the trigger on a different kind of response, and the United States launched a
cyber attack against the Iranian Revolutionary Guard Corps, disabling some
weapon systems.
Although the concept and capability of cyber warfare has
existed since at least the 1980s, it is still in a very nascent, although
dangerous stage. High-ranking military officials I have spoken to consider the
cyber threat to the United States to be the greatest we face from foreign
adversaries. Before looking at Trump’s action, and why it was a good move, it’s
good to understand the current state of cyber warfare.
There are basically two types of cyber attacks that
nations or non-state actors can employ. One is informational; the other
degrades actual capabilities of computer networks. For obvious reasons
involving Russia’s attempt to influence the 2016 election, the media in the
United States has been focused on the informational side. This can include
anything from social media election interference, as we saw from the Internet
Research Agency, to spying through classified computer systems.
Informational cyber attacks can go on for long periods of
time undetected. They are also very cheap to set up and operate. The United
States is extremely vulnerable to these kinds of attacks precisely because our
society is so free, while our adversaries can simply shut down websites, or the
Internet. Thus the United States is struggling, along with social media
companies themselves, to combat this growing threat.
The far more serious threat lies in attacks that degrade
actual computing and network capabilities. The Pentagon’s top concern in this
area is referred to as a cyber Pearl Harbor. This would look something like a
foreign power shutting down the electrical grids in major U.S. cities. Such an
attack could kill thousands of Americans very quickly. In fact, the military
has studied the impact of Hurricane Maria in Puerto Rico as a model of what
might happen if we suffered such an attack.
A cyber Pearl Harbor which leveled that kind of death and
destruction would almost certainly be viewed as an outright act of war that
must be met with a conventional warfare response. However, smaller-scale
degrading cyber attacks, such as the one Trump ordered, exist on a murkier
spectrum of destruction and response. It is not clear exactly what level of
degradation of computing capabilities would cross the line that calls for a
conventional response. This is exactly why it was the right move for Trump.
This is likely not the first time the United States has
used a destructive cyber attack against Iran. In 2010 the Stuxnet virus wreaked
havoc on the Iranian nuclear program. It is widely believed that this virus was
created and employed by the United States and Israel. The difference now is
that the United States is actually taking credit for this most recent cyber
attack. That is a far bolder move than it appears to be on its face, for a few
reasons.
First, unlike informational attacks, destructive cyber
attacks are a one-and-done enterprise. This is because once the attack happens,
the enemy knows it happened and can quickly reverse-engineer the attack. Not
only does this protect the enemy from future attacks involving similar
software, it can also improve their cyber capabilities, in a sense that after
you shoot them, they get to keep the bullet and try to use it on you.
But perhaps more importantly, by taking credit for the
attack, the United States is sending a clear message to Iran that it has a
powerful cyber arsenal and is not afraid to use it. In fact, America might be
able to inflict a cyber Pearl Harbor on Iran. Without dropping a single bomb,
it may be able to unleash enormous death and destruction across wide swaths of
Iranian territory. This was a very serious cyber shot across Iran’s bow that
still leaves in play the eventual option of conventional attack.
Many observers seem to think that President Trump backed
down by not bombing a few military installations in Iran. But this cyber attack
is in many ways more insidious and dangerous for the Iranian regime. By signing
our name to it, the United States is sending a clear message that it is willing
and able to use this newest weapon of war, to dramatic effect.
The future of warfare is now and the Pentagon knows it. How
Iran responds will determine if greater cyber attacks might be employed. This
was the right attack, it is the right threat to emphasize, and it is the dawn
of a new kind of war that will shape the course of international relations.
No comments:
Post a Comment