In his new book, “The Perfect Weapon: War, Sabotage, and Fear in the Cyber Age”, New York Times national security correspondent David E. Sanger sheds light on how cyberwarfare permeates everyday lives, preoccupies world leaders, and poses unparalleled challenges.
What makes cyberweapons “perfect”? They are cheap to acquire, easy to deny, and can be tailored for various purposes. It can be used to paralyze critical infrastructure, steal money and data on an ever-greater scale, and sow distrust and fear, all without having to fire a shot. The digital revolution that has transformed billions of lives for the better also marks a new era of conflict with few boundaries or rules. As the revolution continues to affect everyone “at digital speed”, what comes next?
What sets this book apart from the rest on the subject are the rare glimpses inside the world’s most powerful offices that are not only intriguing and alarming, but also instructive. The decision-making quandaries and clash of perspectives that many government, business, and key mission leaders had to face in recent times will only amplify in the future. And there is already a historical guide available for better policymaking.
Each nation’s largest cyber operation tends to reflect its highest priority to date. The US and Israel opened the Pandora’s box when they used cyberweapons to sabotage Iran’s nuclear weapons program. China pulled off “the greatest transfer of wealth in history” by stealing state secrets, intellectual property, and personal data. Russia conducted “the greatest covert operation in history” by undermining democratic institutions in the West. Iran targeted American banks and Saudi oil supply. After trying to block the release of a movie lampooning its leader, North Korea has since built a world-class cyber program as its “all-purpose sword.” And none of these nations admit to their cyber operations.
The chapters on Russia’s information warfare expanded on the reporting that had earned the author and his team a Pulitzer. Russia used its neighbors as the “petri dish” for cyber experimentation before deploying the weapons against others. “Babies were conceived and born” between the time the FBI first notified the Democratic National Committee (DNC) of network infiltrations and the time DNC finally looked into it; but that was just one of many “fumbles” documented. What the US failed to understand – but Russia did – was that, cyberattacks can be used to “fray the civic threads that hold together democracy itself”.
The US has been unsuccessful at cyber deterrence despite having the most robust cyberwarfare program on earth. It is the US that has been setting cyberattack precedents, and also had its weapons leaked to others. The US is particularly vulnerable to cyberattacks due to its embrace of innovation and connectivity. President Obama exercised caution, but his continuous inaction against years of cyberattacks may have led Putin and others to keep testing how much they could get away with. President Trump had demonstrated little knowledge of cyberwarfare in his interviews with the author, but has been quicker with public attributions after major attacks. At this point, many agree that adversaries “don’t fear” the US.
Contrary to the “Cyber Pearl Harbor” warning since 1991, the most common and effective forms of cyberattack have turned out to be subtle disruptions of daily life. The private sector, not the government, is the key player in cyberspace; and many in Silicon Valley have decided to prioritize the interests of their user base over the government’s. Individual users are the first line of defense since they are the primary targets. The world is already sliding toward indiscriminate cyberattacks on populations with no one fully in control of the weapons.
The author provides some prescriptions for managing cyberwarfare. He is pushing for the US government to start opening up about some of its cyber capabilities. Understandably, while certain parts needs to remain classified for national security reasons, the government also has a duty to present the evidence of threats to those would be most affected by them. If the US wants to establish a “red line” or an arms control agreement on cyberattacks, then it must admit to its infiltration into critical infrastructure of other nations. It is also crucial to demonstrate one’s control over cyberweapons in order to avoid miscalculations that could escalate into shooting wars. As cyberattacks are about to become even more creative and destructive with the rise of quantum computing and artificial intelligence, staying silent is no longer viable.
The word “cybernetics” was first used in ancient Greece to denote “the study of self-governance”. More than two thousand years later, humanity is living in the cyber age of unprecedented achievements. Although it had sparked the hope that more interconnectivity would lead to more freedom, openness, and democracy, authoritarians, terrorists, and criminals have been adept at exploiting cyberspace for their agenda. The next phase is uncertain.
The key aspect of the cyber revolution lies not in loss of control, but rather empowerment of the individual to affect changes on a greater scale. If you wish to understand what the future of governance might look like, then you might want to pick up this book.