Michael P. Fischerkeller,Emily O. Goldman, andRichard J. Harknett, Cyber Persistence Theory: Redefining National Security in Cyberspace (Oxford University Press, 2022).
Predictions about cyber war have ranged from the apocalyptic to the reassuring over the past decade, and the current war in Ukraine beyond its horrific violence, dislocations, and criminality provides a test case for those theories.Do cyber operations provide decisive advantages in war? Are they more escalatory or de-escalatory than other weapons? Or is it more appropriate to consider cyber capabilities primarily as instruments of interstate competition short of war?
The Russo-Ukrainian War is the first case in which opponents with advanced cyber capabilities have used them to achieve material and cognitive effects in armed conflict. Firm conclusions must await the end of the war, but for now, cyber operations do not appear to have been decisive in destroying or disrupting military forces and economic wherewithal, or in affecting societal willpower and political cohesion.
Even the most revisionist states most of the time want to gain intelligence, enhance revenue through favorable trade, theft or sanctions evasion, and sabotage adversaries politically and economically, while avoiding shooting wars, especially with more powerful adversaries. Such states and their opponents are better off pursuing these aims through cyber operations if they can. Violent actions intended to take or hold territory or steal or disable assets are much more likely to provoke violent, costly, and irreversible responses. Once war is underway, it is thus far unclear whether roughly equivalent cyber capabilities would advantage an attacker or a defender.
The authors of a new book argue persuasively that the habitual U.S. approach of deterrence (primarily nuclear) and coercion (primarily threats of conventional attack) will not effectively dissuade adversaries cyber operations because they involve threats to inflict violence and damage disproportionate to the harm done unto us by those operations. Though written before the invasion, Cyber Persistence Theory does not flunk the Ukraine test thus far. Thanks to their pioneering diagnosis of the structure of the digital environment and the incentives it creates for competition, Michael Fischerkeller, Emily Goldman, and Richard Harknett posit that cyber warfare per se will be rare, and that most exertions will be below the violence and destruction of armed conflict. The authors are, respectively, a researcher at the Institute for Defense Analyses, a strategist at U.S. Cyber Command, and a professor at the University of Cincinnati.
If the great strength of the book is its structural analysis, its weakness is policy prescription. The authors propose an alternative approach of using persistent offensive and defensive competition with adversary cyber operators to establish customary legal boundaries between acceptable and unacceptable cyber espionage, economic and political competition, and warfighting. Unfortunately, the authors and the short span of cyber-age history do not provide detailed bases for thinking the United States and its friends will be able and willing to offer Russia, Iran, North Korea, and perhaps others sufficient threats and rewards to change their cyber behaviors.
The United States would prefer to extend its advantages in cyber-enabled precision warfare while minimizing adversary utilization of cyber to spy, steal, sabotage, and subvert below the level of armed conflict. But, if they can avoid war, adversaries have much to gain and little to lose from cyber competition with the United States, whereas the United States in toto government, businesses, and the public has more to lose from theft, sanctions evasion, and information warfare than its adversaries do. China could be an exception here, as discussed further below. Unlike the other adversaries, it is still a rising power in all relevant domains and could see benefit from negotiating rules on an equal footing. But the current political environment, with fault spread all around, precludes the authors and others from detailing sustainable experiments to this end. Absent a breakthrough on this front, the costs and anxieties of persistent exploitation of governmental, corporate, and personal computing and communications networks will continue.
The Long Shadow of Deterrence
Cyber Persistence Theory argues that the nature of information and communication technologies structures actors competition for relative gain: The global networked computing environment is a warehouse for and gateway to troves of sensitive, strategic assets that translate into wealth and power, and the capacity to organize for the pursuit of both. This environment is resilient at the macro-level its hard to crash the internet, and theres little gain from doing so. But billions of individual addresses in it are vulnerable, and it costs relatively little to acquire capabilities to exploit these vulnerabilities. So, every minute of every day some actor somewhere has both the capacity and will to [gain] access to ones national sources of power directly or indirectly.
It is impossible to completely defend against or deter capable adversaries from attempting intrusions. So, states must persistently compete for relative gains that, over time, could make them strategically better off than their adversaries. Each seeks to add to its power and wealth more than its competitors add to theirs, or especially in the case of Russia to detract more from its adversaries power and wealth than is detracted from its own.
Persistent competition, the authors write, generally takes the form of cyber faits accomplis a limited unilateral gain at a targets expense. Examples of these include Chinas theft of aircraft designs or other intellectual property, North Koreas crypto heists, Russias theft and political manipulation of data from the Democratic National Committee, and the U.S./Israeli destruction of Iranian centrifuges. Once states discover they have been exploited, they try to reduce their vulnerabilities and perhaps increase their own capacities to penetrate their adversaries. Hence, persistent cycles of engagement. This mode of competition is less expensive and risky in every way than armed conflict. It reflects a tacitly produced mutual understanding of acceptable and unacceptable behaviors similar to what the United States and the Soviet Union developed during the Cold War, which Herman Kahn dubbed agreed battle.
The books basic argument is easy to follow, not least because the authors adeptly, if not eloquently, summarize its elements at each stage in their 157-page text. The reader feels in the presence of excellent teachers. After describing the nature of the networked computing environment and the proclivities it produces, the book pivots to a discussion of how the United States could compete more effectively with its adversaries and, over time, temper the costs and risks to international society.
The United States and its allies governments, businesses, and customers should be relieved that the damage from adversary cyber operations is below what would be done by armed conflict. But things would be even better if adversaries stole less information, intellectual property and money, stopped conducting influence operations to exacerbate political polarity and dysfunction, limited penetration of key civilian infrastructure, and so on. While the case of China is more complicated, the authors argue with evidence that sanctions and other coercive threats generally have not deterred or compelled Russian, North Korean, or Iranian behavior as American policymakers, imbued with nuclear deterrence strategy, long assumed or hoped it would.
But saying deterrence and compellence wont work is not a viable policy. Something still must be done to change adversaries hostile behavior. Here, the authors urge an approach that is laudable and worthwhile, but still problematic. They urge the United States and allies to evolve existing international law and establish customary law that defines responsible state behavior and wrongful acts in this domain. The aim would be, over time, to motivate states to limit the targets, effects, and collateral damage of operations. Such restraint, it is argued, would benefit everyone by containing risks of major instability and escalation.
A Law-Building Project
Building such a legal regime would require the United States to overcome its frequent aversion to invoking international law when it indicts Chinese and other hackers. As part of the recommended legal-power strategy, the United States would declare what information and communication systems it deems exclusively its sovereign affair and off-limits from foreign interference under its interpretations of existing principles and rules of international law.
The power of this legal strategy would come from a third element: conducting cyber campaigns against adversaries in ways that reinforce the legal framework the United States is proposing. That is, the flip side of defining international legal obligations is the legitimacy it gives to countermeasures when someone violates an asserted obligation. Cyber operations to counter violations would, iteratively, amount to tacit bargaining with competitors over the boundaries between acceptable and unacceptable behaviors around and about functions or infrastructure that have been declared off-limits.
Unfortunately, the authors cannot say why Russia, North Korea, and Iran would change their behavior to comport with customary international law as interpreted by the United States. These regimes use cyber operations to acquire intelligence, steal intellectual property, evade sanctions, and exacerbate political divisions in adversary societies in ways that they cannot by other means. These states remain isolated, economically hamstrung, and technologically underdeveloped, but they are better off than they would be without cyber operations against the United States and others.
China arguably should be understood and treated differently by the United States and other states. It seeks the capacity to sabotage the United States high-tech weaponry, reconnaissance, command and control, and logistics operations in warfare. Short of armed conflict, it has used cyber espionage to gain technological capability for military and civilian purposes, to enhance counter-intelligence to protect against U.S. spying, and to project favorable opinions about Chinas government and leaders into foreign countries. Unlike Russia, Iran, and North Korea, China is a rising technological and economic power with big equity stakes in the global trading system. It will want rules that others, including the United States, live by, to protect its wealth and intellectual property as well as its one-party political system, something especially problematic for the United States and its allies. And China wants to be central in writing those rules, not passively receiving them from U.S. policymakers. Yet, China does not have the experience and international following to take a leading role. The current all-encompassing antagonism between the two countries, epitomized by Speaker Pelosis visit to Taiwan, vitiates initiatives to create a modus vivendi in the cyber domain.
In conversations, officials and experts from Russia, Iran, and China typically assume the United States has better offensive cyber capabilities than they do to spy on them, to know how to sanction them and detect their evasions, to sabotage their infrastructure, to obtain and publicize damaging information on their leaders, and to precisely and speedily fight a conventional war. (Presumably, North Koreans would say the same, but I have not spoken with them). In their view, whatever measures the United States proposes will be meant to preserve U.S. advantages over them. And as far as international law goes, adversaries like Putin, Xi, Kim, and Khamenei assume the United States will interpret it unilaterally and use it to mobilize or justify punishing its adversaries, while ignoring or violating others interpretations of international law whenever it wants, without repercussions.
The authors of Cyber Persistence know this. They want to build up customary international law so the United States can internally and internationally justify more vigorous cyber operations against adversary networks and machines. Were adversary behaviors described in unsealed public indictments framed as internationally wrongful acts, they write, the extraordinary detail in the indictments should make policymakers comfortable with pursuing countermeasures, if the behavior identified in the indictment is ongoing. This is a very important sentence nine pages from the end of the book: The United States has been too self-deterred, too inhibited, in the authors view. Senior officials and presumably influential corporate leaders and shareholders need to be pushed to see that the best defense is a good offense, and that this can be legitimized.
Unfortunately, the wisdom of their bold prescription is difficult to assess because the authors do not describe the countermeasures they have in mind. Classification and the traditional covertness of cyber operations prevent more transparency. Assuming for many good reasons the authors do not recommend armed attacks in response to adversary cyber operations of the kind seen so far, countermeasures would likely be in the cyber domain. The often-understandable lack of clarity regarding how the United States would react to hostile cyber operations leaves room for adversaries and commentators in swing countries, perhaps fueled by cinema and memories of Edward Snowden, to assume that the United States is doing more in their computers and networks than Russia, North Korea, Iran, and China are. And this is a problem for the authors other recommendation: The United States is competing with Russia and China for the rest of the worlds support in developing international norms and potentially customary law. If it cannot say more about the legitimating rationale and effects of operations it conducts in other countries systems, and plausibly distinguish between the normal and arguably legitimate espionage and countermeasures that the United States and its partners conduct compared to the less defensible targets and tradecraft of adversaries, the law-building strategy will founder.
Of course, even if Russia and China confine themselves to acceptable data-collecting espionage and preparation to attack legitimate U.S. military and war-supporting industry targets in war, the United States is likely to counteract. The hope for stabilizing cyber competition rests on the possibility of reciprocally bounding the targeting and probable effects of operations, and on very careful tradecraft. This will require the sustained, high-level attention of senior leaders, especially from the United States and China, and a steady diplomatic effort to explicate to each side which targets and effects are intolerable and will cause one to take countermeasures, and to create processes for communicating about ambiguous cases. Tacit bargaining will be essential given the secrecy of action in the cyber domain and the deranged politics of relations between the United States and the countries of greatest concern. But, at some point progress will depend on the U.S. political system tolerating leaders having a sustained, public dialogue or negotiation with leaders of adversary countries. Tacit bargaining is too ambiguous to rely upon alone.
Cyber Persistence Theory is a must-read even if it is far from the last word. The authors invoke Thomas Kuhn and his famous concept of paradigm shift. They penetratingly describe the structural shift that the information revolution imposes on some aspects of interstate competition. But cyberspace, unlike the phenomena that Kuhns natural scientists sought to understand, is human-made. Contending groups compete against each other by altering and exploiting their creations in this environment. The challenge is not merely to understand these dynamics like scientists do, but to shape them in ways that avert massive harm and, ideally, facilitate the pursuit of well-being. Meeting this latter challenge will require additional volumes that build on this one.
George Perkovich is Kenneth Olivier and Angela Nomellini Chair, vice president for studies at the Carnegie Endowment for International Peace. He is co-editor of Understanding Cyber Conflict: 14 Analogies (Georgetown University Press, 2017) which can be downloaded free at 19029-Perkovich_Understanding.indd (carnegieendowment.org).
Image: U.S. Cyber Command, photo by Josef Cole
See the rest here:
Prescribing a New Paradigm for Cyber Competition - War on the Rocks
- New York Times pushes clemency for Edward Snowden. Justified? (+video) [Last Updated On: January 5th, 2014] [Originally Added On: January 5th, 2014]
- Napolitano Says No Clemency for Edward Snowden [Last Updated On: January 5th, 2014] [Originally Added On: January 5th, 2014]
- Hero Edward Snowden? [Last Updated On: January 5th, 2014] [Originally Added On: January 5th, 2014]
- What to do about Snowden: The NY Times gets it right [Last Updated On: January 5th, 2014] [Originally Added On: January 5th, 2014]
- Snowden 'an aberration': Booz Allen CEO [Last Updated On: January 5th, 2014] [Originally Added On: January 5th, 2014]
- Edward Snowden - Wikipedia, the free encyclopedia [Last Updated On: January 5th, 2014] [Originally Added On: January 5th, 2014]
- Will Obama Help Edward Snowden? - Video [Last Updated On: January 5th, 2014] [Originally Added On: January 5th, 2014]
- 2 Newspapers Call For Clemency For Edward Snowden - Video [Last Updated On: January 5th, 2014] [Originally Added On: January 5th, 2014]
- Editorials Argue Why Edward Snowden Should Get Clemency - Video [Last Updated On: January 5th, 2014] [Originally Added On: January 5th, 2014]
- EDWARD Snowden - IS HE A HERO OR A TRAITOR??? - Video [Last Updated On: January 5th, 2014] [Originally Added On: January 5th, 2014]
- Snowden seeks extra Russian protection after U.S. threats [Last Updated On: January 22nd, 2014] [Originally Added On: January 22nd, 2014]
- Edward Snowden denies that he's a Russian spy [Last Updated On: January 22nd, 2014] [Originally Added On: January 22nd, 2014]
- Snowden Denies Working as Foreign Spy, New Yorker Reports [Last Updated On: January 22nd, 2014] [Originally Added On: January 22nd, 2014]
- Glenn Greenwald I Defend Edward Snowden Like MSNBC Defends Obama "24 Hours A Day" - Video [Last Updated On: January 22nd, 2014] [Originally Added On: January 22nd, 2014]
- Former CIA insider on Sochi Olympics security, Edward Snowden - Video [Last Updated On: January 22nd, 2014] [Originally Added On: January 22nd, 2014]
- Airdate : January 4, 2014 : Clemency for Edward Snowden - Video [Last Updated On: January 22nd, 2014] [Originally Added On: January 22nd, 2014]
- #10 Edward Snowden a Hoax?? Rockefeller: Human Cloning in Film Documentary Series Jan 20 2014 - Video [Last Updated On: January 22nd, 2014] [Originally Added On: January 22nd, 2014]
- Double Standards - Edward Snowden: Traitor or hero - Video [Last Updated On: January 22nd, 2014] [Originally Added On: January 22nd, 2014]
- Edward Snowden NSA Spying HOAX BUSTED fraud Jan 19 2014 Rockefeller net Ron Rand Paul Breaking News - Video [Last Updated On: January 22nd, 2014] [Originally Added On: January 22nd, 2014]
- Philip and Edward Snowden. - Video [Last Updated On: January 22nd, 2014] [Originally Added On: January 22nd, 2014]
- Did Snowden Act Alone? - Video [Last Updated On: January 23rd, 2014] [Originally Added On: January 23rd, 2014]
- Edward Snowden Denies Russian Spy Theory - Video [Last Updated On: January 23rd, 2014] [Originally Added On: January 23rd, 2014]
- Coastal Today Show, January 20 - 26, 2014 | Full Episode - Video [Last Updated On: January 23rd, 2014] [Originally Added On: January 23rd, 2014]
- BREAKING! Edward Snowden LIVE in New York Snowed-in Snowden Blizzard Snow Storm - Video [Last Updated On: January 23rd, 2014] [Originally Added On: January 23rd, 2014]
- New York Times editorial defends Edward Snowden - Video [Last Updated On: January 23rd, 2014] [Originally Added On: January 23rd, 2014]
- The People's Republic of Edward Snowden - Video [Last Updated On: January 23rd, 2014] [Originally Added On: January 23rd, 2014]
- Snowden says mass collection must end [Last Updated On: January 24th, 2014] [Originally Added On: January 24th, 2014]
- Russian lawmaker says Snowden asylum period to be extended [Last Updated On: January 24th, 2014] [Originally Added On: January 24th, 2014]
- Snowden Says Whistle-Blower Law Gaps Preclude His Return [Last Updated On: January 24th, 2014] [Originally Added On: January 24th, 2014]
- Edward Snowden Denies 'Stealing' NSA Co-Workers' Passwords [Last Updated On: January 24th, 2014] [Originally Added On: January 24th, 2014]
- Edward Snowden's Asylum in Russia Extended [Last Updated On: January 24th, 2014] [Originally Added On: January 24th, 2014]
- Edward Snowden: 'Not Possible' to Return to U.S. Now [Last Updated On: January 24th, 2014] [Originally Added On: January 24th, 2014]
- What Do We Know About Edward Snowden? Webster G. Tarpley - Video [Last Updated On: January 24th, 2014] [Originally Added On: January 24th, 2014]
- On Edward Snowden, Privacy, NSA, and Accountability - Quick Thought #632 - Video [Last Updated On: January 24th, 2014] [Originally Added On: January 24th, 2014]
- Edward Snowden is a SPY? How do you kill a spy? - Video [Last Updated On: January 24th, 2014] [Originally Added On: January 24th, 2014]
- Scooter and Snowden [Last Updated On: January 26th, 2014] [Originally Added On: January 26th, 2014]
- Edward Snowden: Did the American whistleblower act alone? [Last Updated On: January 26th, 2014] [Originally Added On: January 26th, 2014]
- Snowden Says Whistle-Blower Law Gaps Preclude Return [Last Updated On: January 26th, 2014] [Originally Added On: January 26th, 2014]
- Hükümete protesto, Snowden'e destek - Video [Last Updated On: January 26th, 2014] [Originally Added On: January 26th, 2014]
- Edward Snowden NSA leaker asks for extra security after receiving death threats from US officials !! - Video [Last Updated On: January 26th, 2014] [Originally Added On: January 26th, 2014]
- Snowden says officials want to kill him [Last Updated On: January 27th, 2014] [Originally Added On: January 27th, 2014]
- edward_snowden_portrait_twitter_reuters.JPG [Last Updated On: January 27th, 2014] [Originally Added On: January 27th, 2014]
- Edward Snowden: There Are 'Significant Threats' To My Life [Last Updated On: January 27th, 2014] [Originally Added On: January 27th, 2014]
- Snowden Says ‘No Doubt’ NSA Engages in Industrial Spying [Last Updated On: January 27th, 2014] [Originally Added On: January 27th, 2014]
- Edward Snowden Biography - Facts, Birthday, Life Story ... [Last Updated On: January 27th, 2014] [Originally Added On: January 27th, 2014]
- Alex Jones Show Friday 1 24 14 Piers Corbin - Video [Last Updated On: January 27th, 2014] [Originally Added On: January 27th, 2014]
- The People's Republic of Edward Snowden part 2 - Video [Last Updated On: January 27th, 2014] [Originally Added On: January 27th, 2014]
- Snowden interview turns up few key revelations [Last Updated On: January 28th, 2014] [Originally Added On: January 28th, 2014]
- edward-snowden-reuters-120313.JPG [Last Updated On: January 28th, 2014] [Originally Added On: January 28th, 2014]
- Edward Snowden - Video [Last Updated On: January 28th, 2014] [Originally Added On: January 28th, 2014]
- German Television To Air NEW Edward Snowden Interview TONIGHT - Video [Last Updated On: January 28th, 2014] [Originally Added On: January 28th, 2014]
- Edward Snowden is nominated for the 2014 Nobel Peace Prize [Last Updated On: January 30th, 2014] [Originally Added On: January 30th, 2014]
- Snowden Nominated by Norwegian Lawmakers for Nobel Peace Prize [Last Updated On: January 30th, 2014] [Originally Added On: January 30th, 2014]
- Snowden nominated for Nobel Prize [Last Updated On: January 30th, 2014] [Originally Added On: January 30th, 2014]
- Snowden Gets Nobel Peace Prize Nomination From Norwegian MP - Video [Last Updated On: January 30th, 2014] [Originally Added On: January 30th, 2014]
- BREAKING: Edward Snowden Nomination For Nobel Peace Prize! - Video [Last Updated On: January 30th, 2014] [Originally Added On: January 30th, 2014]
- Edward Snowden's Psychic Human ETs - Video [Last Updated On: January 30th, 2014] [Originally Added On: January 30th, 2014]
- Report puts Snowden-like leaks as No. 2 threat to US security [Last Updated On: January 31st, 2014] [Originally Added On: January 31st, 2014]
- Why Silicon Valley sticks up for Snowden [Last Updated On: January 31st, 2014] [Originally Added On: January 31st, 2014]
- Snowden nominated for Peace Prize [Last Updated On: January 31st, 2014] [Originally Added On: January 31st, 2014]
- Edward Snowden Nominated For Nobel Peace Prize - Video [Last Updated On: January 31st, 2014] [Originally Added On: January 31st, 2014]
- UK spy chief to step down: GCHQ boss Iain Lobban leaves in wake of Edward Snowden NSA leaks - Video [Last Updated On: January 31st, 2014] [Originally Added On: January 31st, 2014]
- Is Edward Snowden Behind Target Hacking? - Video [Last Updated On: January 31st, 2014] [Originally Added On: January 31st, 2014]
- Snowden: NSA Mining App Data to Track Targets - Video [Last Updated On: January 31st, 2014] [Originally Added On: January 31st, 2014]
- Snowden nominated for Nobel Peace Prize [Last Updated On: February 1st, 2014] [Originally Added On: February 1st, 2014]
- [CCTV FOOTAGE]Edward Snowden Gunshot January 31, 2014 - Video [Last Updated On: February 1st, 2014] [Originally Added On: February 1st, 2014]
- Obama administration nominates new NSA director - Video [Last Updated On: February 1st, 2014] [Originally Added On: February 1st, 2014]
- Edward Snowden nominated for Nobel Peace Prize: NSA whistleblower has exposed US spying - Video [Last Updated On: February 1st, 2014] [Originally Added On: February 1st, 2014]
- Edward Snowden's Norwegian Nobel nomination called into question - Video [Last Updated On: February 1st, 2014] [Originally Added On: February 1st, 2014]
- Edward Snowden the Peace Prize Winner? - Video [Last Updated On: February 1st, 2014] [Originally Added On: February 1st, 2014]
- Edward Snowden, a Party to Subverting Nations in Latin America [Last Updated On: February 3rd, 2014] [Originally Added On: February 3rd, 2014]
- Edward Snowden: World's most wanted man [Last Updated On: February 3rd, 2014] [Originally Added On: February 3rd, 2014]
- Politicians attack Great Barrier Reef, Edward Snowden and TV Reporter - TFU Friday - Video [Last Updated On: February 3rd, 2014] [Originally Added On: February 3rd, 2014]
- WikiLeaks, Greenwald Blast Guardian Journalist’s Book On ‘FSB Prisoner’ Snowden [Last Updated On: February 4th, 2014] [Originally Added On: February 4th, 2014]
- Killing Edward Snowden on Occupy The Microphone - Video [Last Updated On: February 4th, 2014] [Originally Added On: February 4th, 2014]
- Edward Snowden January 25, 2014 Interview Links - Video [Last Updated On: February 4th, 2014] [Originally Added On: February 4th, 2014]
- Edward Snowden Documents reveal Canadian Spies Exist! - Video [Last Updated On: February 4th, 2014] [Originally Added On: February 4th, 2014]
- 20140203 - Barking at the moon - Video [Last Updated On: February 5th, 2014] [Originally Added On: February 5th, 2014]
- Snowden aftermath: Defense contractors revamp policies, practices [Last Updated On: February 5th, 2014] [Originally Added On: February 5th, 2014]
- Booz Allen Exec Describes How Snowden Stole Millions of Documents [Last Updated On: February 5th, 2014] [Originally Added On: February 5th, 2014]