A secret war of unprecedented scope is being carried on day and night across international boundaries.
This war goes by the name of cyber-war, and some experts have described its potential for destruction along with that of nuclear, chemical and biological weapons .
Not since the development of the atom bomb has a new weapon so threatened to change the geopolitical landscape. Cyber-tools currently available can instantaneously disable an enemy military, shut down electrical grids or cripple a whole economy. Indeed, as one senior American official recently disclosed, policymakers have determined that the cyber-weapons are so powerful that — like nuclear weapons — they should be unleashed only on the direct orders of the commander-in-chief.
That the president possesses the authority to press the cyber button was confirmed by reports that emerged on Sunday of a secret legal review conducted by the United States government. The president can, for example, order a pre-emptive strike if credible evidence of an imminent digital attack is detected, according to officials involved in the review.
To date, the use of this frightening weapon hasn’t resulted in damage on a major scale. But in recent months, penetration of computers at prominent news organizations, including The New York Times, The Washington Post and The Wall Street Journal, provide only the latest evidence that such weapons are already in use and capable of wreaking havoc.
Last year, sensitive defense-security files at the Pentagon were hacked, NASA computers controlling active spacecraft were broken into, and the Department of Homeland Security recently announced that an American power station, which it did not name, was crippled for weeks by cyber-attacks.
All of these incidents and many others were perpetrated by stealth; the hackers, whether agents of a foreign power or private miscreants, are difficult to identify and apprehend. They operate anonymously, commandeering third-party computer systems belonging to businesses or academic institutions to serve as platforms for digital attack.
Of course, that doesn’t mean we have no idea who’s behind them. China is the prime suspect. The modus operandi of the hackers, trails leading to I.P. addresses in China, log-ins and log-offs that correspond to business hours in Beijing, and a curious lack of activity during Chinese festival days, all point in that direction. The targets — data on Chinese dissidents and Tibetan activists, and damaging newspaper stories on high Chinese officials — also make the bland denials of the Chinese government less than persuasive.
To be sure, China is not the only country involved. Russia, Iran, Israel and the U.S. are all devoting more and more significant resources to develop effective offensive and defensive systems.
Nor is there an alternative. Any nation that doesn’t keep up with the ever-changing technology becomes immediately vulnerable.
We have to acknowledge the advantage of cyber-weaponry, as well as the threat. Reports have emerged that President Obama approved the use of cyber-weapons once, early in his presidency, when he ordered an attack on Iran’s nuclear enrichment facilities. One has only to recall the disastrous American attempt to rescue the hostages in Iran in 1980 to appreciate something like Stuxnet, the virus which is said to have been deployed successfully against Iran. The lives of soldiers were not risked, no costly bombing campaign was necessary, and the Iranians were set back for months.
But, as with nuclear weapons, the realization of this terrible new power necessitates a new way of thinking about war, new systems of controls and, eventually, international treaties.
Leaving the definitions of a cyber-security threat and the parameters of response solely in the hands of the executive branch would be an abdication of responsibility by Congress, which is invested with war-making power. Yet, to date, Congress has failed to pass cyber-security legislation that would provide the executive branch with clear policy guidelines. Congressional hearings (with due caution to safeguard secret technologies) should be held soon to pave the way for such legislation.
While every precaution is taken to defend against cyber-attack, there is reason to be hopeful that the threat will diminish in time, as the U.S. government mobilizes its scientific and technological resources to accomplish the task.
In addition, experts say they are making strides in identifying the source of attacks. Once you know for sure who the culprits are, financial and diplomatic sanctions can be mounted against them.
It will also make deniability less plausible. Naming and shaming will become a potent weapon in itself to influence governments — like China — who aspire to positions of world leadership to change their evil ways.