Faced with Russian nuclear threats during the Cold War, the strategist Herman Kahn calibrated a macabre ladder of escalation, with 44 different rungs ranging from “Ostensible Crisis” to “Spasm or Insensate War.”
In the era of cyberwarfare that’s now dawning, the rules of the game haven’t yet been established with such coldblooded precision. That’s why this period of Russian-American relations is so tricky. The strategic framework that could provide stability hasn’t been set.
Russian hackers appear to be pushing the limits. In recent weeks, the apparent targets have included the electronic files of the Democratic National Committee, the private emails of former Secretary of State Colin Powell, and personal drug-testing information about top U.S. athletes.
The Obama administration is considering how to respond. As in most strategic debates, there’s a split between hawks and doves. But there’s a recognition across the U.S. government that the current situation, in which information is stolen electronically and then leaked to damage and destabilize U.S. targets, is unacceptable.
“A line has been crossed. The hard part is knowing how to respond effectively,” argues one U.S. official. Retaliating in kind may not be wise for a country that is far more dependent on its digital infrastructure than is Russia. But unless some clear signal is sent, there’s a danger that malicious hacking and disclosure of information could become the norm.
As always with foreign policy problems, a good starting point is to try putting ourselves in the mind of potential adversaries. The point of this exercise isn’t to justify Russian behavior but to understand it, and learn how best to contain it.
The Russians have a chip on their shoulder. They see themselves as the aggrieved party. The U.S., in their view, has been destabilizing Russian politics by supporting pro-democracy groups that challenge President Vladimir Putin’s authority. To Americans, such campaigns are about free speech and other universal human rights. But to a paranoid and power-hungry Kremlin, these are U.S. “information operations.”
Russian officials deny meddling in U.S. politics, but it’s clear from some of their comments that they think the U.S. shot first in this duel of political destabilization.
This payback theme was clear in Russian hackers’ disclosure this week of information stolen from the World Anti-Doping Agency about Olympic gymnast Simone Biles and tennis superstars Serena and Venus Williams. The Russians have been irate about the exposure of their own officially sanctioned doping, which led to disqualification of many Russian Olympic athletes. And so — retaliation, in the disclosure that Biles and the Williams sisters had been given permission to use otherwise banned substances.
If you’re a Russian with a sense that your country has been humiliated and unjustly maligned since the Cold War — and that seems to be the essence of Putin’s worldview — then the opportunity to fight back in cyberspace must be attractive, indeed.
How should the United States combat Russian cyber-meddling before it gets truly dangerous? I asked a half-dozen senior U.S. officials this question over the past few weeks, and I’ve heard competing views. The Defense Department’s cyber strategy, published last year, argues that the U.S. should deter malicious attacks by a combination of three approaches: “response … in a manner and place of our choosing”; “denial” of attack opportunities by stronger defense; and “resilience,” by creating redundant systems that can survive attack.
A few caveats to this official strategy were cited by many of the officials:
n The U.S. response probably shouldn’t come in cyberspace, where an advanced America is more vulnerable to attack than a relatively undeveloped Russia, and where the U.S. lacks sufficient “overmatch” in cyber-weapons to guarantee quick success. “Don’t get into a knife fight with someone whose dagger is almost as long as yours,” explains one expert.
n The Obama administration should disclose more of what it knows about Russian actions, much as it did with Chinese and North Korean hacking. But getting in a public argument with Moscow will be fruitless, and the U.S. may blow its cyber “sources and methods” in the process.
What would the Cold War “wizards of Armageddon” advise? The nuclear balance of terror finally gave way to arms-control agreements that fostered stability. But this model probably doesn’t work in cyberspace. Such agreements wouldn’t be verifiable in a world where cyber-warriors could re-equip at the local Best Buy. Norms for global behavior emerge through trial and error — after a messy period of pushing and shoving, accompanied by public and private discussion. Starting this bumpy process will be the last big challenge of Barack Obama’s
—The Washington Post Writers Group
David R. Ignatius is an American journalist and novelist. He is an associate editor and columnist for The Washington Post. He also co-hosts PostGlobal, an online discussion
of international issues at Washingtonpost.com, with