THE U.S. NEEDS A CYBER STRATEGY DESIGNED FOR DEFENSE
cyber Warfare is a new arrival to the foreign policy tool kit—so much so that our government seems uncertain of how to classify it. Should we think of cyberattacks like sanctions? Air strikes? Espionage? Is “warfare” a misnomer? Though any terminology will have its flaws, cyberattacks are best considered a scalable tactic that can function as a weapon of war, a weapon—like any more conventional weapon—whose use by the United States should be subject to constitutional oversight, constrained by rules protecting innocent civilians and designed for defense.
In common parlance, a “cyberattack” can be anything from phishing to ransomware, to hacking social media accounts, to denial of service attacks, to mass leaks of personal data or communications, to meddling in foreign elections via voter manipulation or sabotage of election results, to shutting down power grids, to damaging nuclear centrifuges, to remotely causing explosions or disabling enemy defenses. If the “internet of things” expands and self-driving vehicles go into widespread use, the destructive potential of cyber warfare will increase apace.
Blowing up a building, especially if the explosion kills people or damages national security infrastructure, is no less grave an act because the weapon of choice is digital. Damage to major utilities or political turmoil caused by election meddling are as capable of claiming lives as are explosions.
This scalability introduces a level of uncertainty absent with more conventional weapons and techniques, and that uncertainty makes restraint