- Geopolitical adversaries actively engage in cyber-operations in order to undermine U.S. interests.
- Cyberspace is the ideal battlefield for adversaries to retaliate against a more aggressive U.S. posture.
- Adversaries will increasingly look to exploit “soft targets” within the public and private sectors.
The New Geopolitics
The United States has a new foreign policy. This shift in strategic thinking comes at a time when tensions between the United States and its geopolitical rivals are not only on the rise, but are increasingly playing themselves out in cyberspace. NATO has already declared cyberspace a domain of war; a battleground where nation-states, rogue actors, and terrorists aim to exploit almost universal reliance on highly interconnected digital infrastructures. The Trump Administration has signaled that it plans to assume a more assertive U.S. foreign policy rooted in the principles of realism; a shift which will reverberate throughout this new battlefield – an inextricable realm of geopolitics and cybersecurity.
A realist-influenced American posture will not only favor shows of strength by the traditional instruments of economic and military power, but will increasingly rely on cyberpower. This rise of cyberpower as a tactical and political weapon, particularly when coupled with a realist based foreign policy, will have as much of an influence on geopolitical strategies as did the advent of nuclear weapons.
Cyberspace is everywhere, and political expressions of force will be expressed everywhere; whether those expressions are in the context of a hot war, strategic rivalry, or the everyday shuffle and scuffle for tactical advantage. That means that it is not only our institutions and critical infrastructure that are at risk, but our businesses, homes, and private lives as well.
The Digital Theater of War
A lack of established behavioral norms makes cyberspace an ideal terrain for covert actions or shows of force by U.S. adversaries. Key geopolitical rivals, including China, Russia, Iran, Islamic State and others, are actively engaged in the digital theater. That engagement will only broaden and intensify. Cyber-weapons are cheap, hard-to-track, and relatively easy to build. Displays of brute force are already on the rise. With the rise of the realist paradigm and the aggressive approach of the new administration, it is a trend that will inevitably accelerate. The only questions are how and where.
Cyber-attacks, espionage and criminal schemes pose the greatest risk to the public and private sectors. It should come as no surprise that the highest value targets in this environment are those that host sensitive data, such as governments, financial institutions, legal firms and critical infrastructure. While rival nation-states pose the greatest threat of a major cyber-attack on U.S. critical infrastructure, rogue actors and terrorist groups tend to favor espionage and crime over major attacks due to the current limitations of their capabilities. However, if rogues and terrorists are given access to nation-state funding and resources, ostensibly to undermine rivals while maintaining plausible deniability, we may see an increased risk of major cyber attacks against U.S. institutions and interests.
As offensive cyber capabilities continue to advance and barriers of entry continue to erode, America’s adversaries and rivals will likely look to exploit “soft targets.” In today’s environment, anything that can be done to infiltrate, gather intelligence, or simply cause chaos is fair game. The new administration will have to formulate a framework of response to cyber intrusions by U.S. adversaries in order to discourage and retaliate against these attacks.
A Framework of Response
Perhaps the greatest obstacle to establishing a framework of response aimed at reducing the risk of cyber attacks is attribution – determining who is truly responsible for what. The difficulty of attributing an attack to a particular agent with a 100% degree of certainty is the reason why cyber intrusions by U.S. adversaries are less likely to lead to kinetic responses or physical confrontations in the immediate future.
Given the difficulty of attribution, the question becomes how best to defend ourselves. If a kinetic response is not a strategic likelihood, a show of force in the digital theater may well be. A recently released report by the Center for Strategic and International Studies (CSIS) suggests “raising the cost” to adversaries. This would presumably be accomplished by engaging in damaging retaliatory countermeasures in cyberspace. Increased shows of strength in cyberspace would appear to align with the new administration’s realist sensibilities. Increased shows of strength in cyberspace could serve as an effective form of deterrence against future attacks by nation-states but are unlikely to discourage rogue actors and terrorist groups. Moreover, any major shows of force, overt or covert, will likely provoke retaliation that may directly target U.S. networks and businesses.
A new battlefield has emerged. Geopolitical rivals are moving fast and hard to establish dominance over the terrain. The United States and its adversaries will continue to probe each other for weaknesses in the digital world and the real one. Geopolitical flareups that, in the past, would deescalate due to the threats of kinetic retaliation, are now more likely to intensify and play out in the digital theater. The shift in the American strategic posture coupled with the perceived asymmetric advantages of cyber-warfare increases the likelihood of rapid escalation. The gatekeepers of U.S. government and business interests must endeavor to develop a series of strategic and tactical options analogous to our new circumstances. And the rest of us must stand at the ready.
Author: Josh Rittenberg
Josh Rittenberg is the Founder and Editor of Breach Memo. He is an attorney in New York City who first became interested in emerging threats while working as an analyst at the Center for Strategic and International Studies (CSIS) Transnational Threats Program in Washington, DC. He has been published by NPR, The American Lawyer, Corporate Counsel, and the CSIS Transnational Threats Update. The views expressed in this blog are his personally and not those of any other person, organization, or other entity.