Opinion

Opinion | Niall Ferguson

Cyber War I has already begun

WikiLeaks founder Julian Assange speaks in this video made available Thursday March 9, 2017. Assange said his group will work with technology companies to help defeat the Central Intelligence Agency's hacking tools. Assange says "we have decided to work with them, to give them some exclusive access to some of the technical details we have, so that fixes can be pushed out." (WikiLeaks via AP)
WikiLeaks via AP
Julian Assange’s WikiLeaks last week released an enormous cache of documents stolen from the Central Intelligence Agency.

To each American administration, its war. Which will be Donald Trump’s?

There is good reason to fear it could be the Second Korean War, with craziness in North Korea and chaos in the South. Or it could be yet another quagmire in the Middle East. Trump’s most excitable critics keep warning that World War III will happen on his watch. But I am more worried about Cyber War I — especially as it has already begun.

Last week’s cyberattack was just the latest directed against the United States by WikiLeaks: the release of an enormous cache of documents stolen from the Central Intelligence Agency. To visit the WikiLeaks website is to enter the trophy room of what might be called Cyberia. Here is the “Hillary Clinton Email Archive,” there are “The Podesta Emails.” Not all the leaked documents are American, to be sure. But you will look in vain for leaks calculated to embarrass the Russian government. Julian Assange may still skulk in the Ecuadorean embassy in London. But the reality is that he lives in Cyberia, an honored guest of President Vladimir Putin.

Advertisement

In Washington they are worried, and with good reason. “We’re at a tipping point,” according to Admiral Michael S. Rogers, head of the National Security Agency and US Cyber Command. Cyber activities are now number one on the director of national intelligence’s list of threats. This is not just about WikiLeaks. The Pentagon alone reports more than 10 million attempts at intrusion each day.

Get Arguable with Jeff Jacoby in your inbox:
From the Globe's must-read columnist, an extra offering each week of opinion and ideas.
Thank you for signing up! Sign up for more newsletters here

In recent years, the United States has found itself under cyberattack from Iran, North Korea, and China. Yet these attacks were directed against companies (notably Sony Pictures), not the US government. Last year, using WikiLeaks and the Romanian blogger “Guccifer 2.0” as proxies, the Kremlin launched a sustained assault on the American political system itself.

Let’s leave aside the question of whether or not the Russian interference decided the election in favor of Donald Trump. The critical point is that Moscow was undeterred. For specialists in national security, this is only one of many features of cyberwar that are perplexing. Accustomed to the elegant theories of “mutually assured destruction” that evolved during the Cold War, they are struggling to develop a doctrine for an entirely different form of conflict, in which there are countless potential attackers and multiple gradations of destructiveness.

For Joseph Nye of Harvard’s Kennedy School, deterrence may be salvageable, but that can only be true now if the United States is prepared to make an example of an aggressor. The three alternative options Nye proposes are simply to ramp up cyber security, to try to “entangle” potential aggressors in trade and other relationships (so as to raise the cost of cyberattacks to them), or to establish global taboos against cyber like the ones that have (mostly) held against biological and chemical weapons.

Nye’s analysis is not very comforting. Given the sheer number of cyber aggressors, defense seems doomed to lag behind offense. And the Russians have proved themselves to be indifferent to both entanglement and taboos, even if China seems more amenable to Nye’s approach.

Advertisement

How scared should we be of Cyberia? For Princeton’s Anne-Marie Slaughter, our hyper-networked world is, on balance, a benign place and the “United States . . . will gradually find the golden mean of network power.” At the other extreme is Joshua Cooper Ramo, whose book “The Seventh Sense” argues for the erection of real and virtual “gates” to shut out the Russians and other malefactors. But Ramo himself quotes the three rules of computer security devised by the NSA cryptographer Robert Morris Sr.: “RULE ONE: Do not own a computer. RULE TWO: Do not power it on. RULE THREE: Do not use it.” If we all ignore those rules, how will any gates keep out the likes of Assange?

An intellectual arms race is on to devise a viable doctrine of cybersecurity. My ten cents’ worth is that those steeped in the traditional thinking of national security will not come up with it. A realistic goal is not to deter attacks or retaliate against them but to regulate all the various networks on which our society depends so that they are resilient — or, better still, “anti-fragile,” a term coined by Nassim Taleb to describe a system that grows stronger under attack.

Those, like Taleb, who inhabit the world of financial risk management, saw in 2008 just how fragile the international financial network was: The failure of a single investment bank nearly brought the whole system of global credit to its knees. The rest of us have now caught up with the bankers and traders; we are all now as interconnected as they were nine years ago.

Like the financial network, our social and business networks are under constant attack from fools and knaves, and there is nothing we can do to stop them. The most we can do is design and build our networks so that the ravages of Cyberia cannot trigger a complete outage.

Donald Trump’s war has already begun: It is Cyber War I. Like all wars, its first casualty was truth. Unlike other wars, it will have no last casualty, as it is a war without end. Get used to it. Or get rid of your computer.

Niall Ferguson is a senior fellow of the Hoover Institution at Stanford University.