A decade ago, the conventional wisdom held that the world was on the cusp of a new era of cyberconflict in which catastrophic computer-based attacks would wreak havoc on the physical world. News media warned of doomsday scenarios; officials in Washington publicly fretted about a “cyber–Pearl Harbor” that would take lives and destroy critical infrastructure. The most dire predictions, however, did not come to pass. The United States has not been struck by devastating cyberattacks with physical effects; it seems that even if U.S. adversaries wanted to carry out such assaults, traditional forms of deterrence would prevent them from acting.
Behind those mistaken warnings lay an assumption that the only alternative to cyberpeace must be cyberwar. But in the years since, it has become clear that like all realms of conflict, the domain of cyberspace is shaped not by a binary between war and peace but by a spectrum between those two poles—and most cyberattacks fall somewhere in that murky space. The obvious upside of this outcome is that the worst fears of death and destruction have not been realized. There is a downside, however: the complex nature of cyberconflict has made it more difficult for the United States to craft an effective cyberstrategy. And even if lives have not been lost and infrastructure has mostly been spared, it is hardly the case that cyberattacks have been harmless. U.S. adversaries have honed their cyber-skills to inflict damage on U.S. national security, the American economy, and, most worrisome of all, American democracy. Meanwhile, Washington has struggled to move past its initial perception of the problem, clinging to outmoded ideas that have limited its responses. The United States has also demonstrated an unwillingness to consistently confront its adversaries in the cyber-realm and has suffered from serious self-inflicted wounds that have left it in a poor position to advance its national interests in cyberspace.
To do better, the United States must focus on the most pernicious threats of all: cyberattacks aimed at weakening societal trust, the underpinnings of democracy, and the functioning of a globalized economy. The Biden administration seems to recognize the need for a new approach. But to make significant progress, it will need to reform the country’s cyberstrategy, starting with its most fundamental aspect: the way Washington understands the problem.
In the cyber-realm, Washington must focus on countering the increasingly pernicious attacks aimed at weakening societal trust, democracy, and the functioning of a globalized economy, argue Sue Gordon and @ERosenbach.https://t.co/FpPXUkIsf1
— Foreign Affairs (@ForeignAffairs) December 14, 2021