Digital threats are manageable rather than existential.
When Russian forces invaded Ukraine last month, governments and experts around the world warned about the risk of huge cyberattacks. Indeed, in the days before Russia invaded Ukraine, hackers defaced Ukrainian websites, unleashed malware on government systems, and tried to get into the country's banking system, but they had little effect. Even though there hasn't been a cyber Armageddon, officials are becoming more afraid that Russia might step up its efforts and even attack the United States in the future.
Russia's invasion is sure to be bad. As a result, cybersecurity policymakers in Washington and other places should avoid the "alarmism" that has long been a problem in the field. During a speech in 2011, Mike Mullen, who was then chairman of the Joint Chiefs of Staff, said that "cyber is the single biggest threat to our existence." In the next year, Martin Dempsey, who took over for him, said that "a cyberattack could stop our society in its tracks." Leon Panetta, a former Defense Secretary, told people in 2012 that there was going to be a "digital Pearl Harbor." For years, Nicole Perlroth, a reporter for the New York Times, has asked insiders how long it will be before "cyber-enabled cataclysmic boom" takes us down. She's always been told that 18 to 24 months. Well over a hundred months ago, she began her survey.
This modern approach to cyberthreats looks a lot like the aftermath of 9/11, when most experts thought there would be an even bigger terrorist attack soon. It's the same now as it was then. Cyberattacks can be scary at times, but they've turned out to be a very small and manageable problem. There is a lot of talk about what could go wrong, but it doesn't put the problem in context, and it doesn't take into account the huge value of the Internet and artificial intelligence. Most commentators, on the other hand, don't fully understand that the business sector, which is the most attractive target for hackers, has the ability to come up with effective defenses.
Over the last decade, the world has become very worried about digital threats, especially the military implications of new cyber-capabilities. To be sure, the military has to think about how to keep its communications and command and control operations safe from people who want to attack them. If there are any disruptions, they are more likely to be instrumental or tactical than strategic, but they could still be strategic, too.
Despite what people say, the U.S. military seems to have agreed with this. At the time, political scientist Micah Zenko said the Pentagon was spending less than one percent of its budget on cybersecurity. An assessment from 2019 says it could be even less than one-tenth of one percent. Panetta said in 2013 that cyber was "without a doubt, the battlefield of the future." If those funds are enough to meet the challenge, it would be a good deal.
Cyber also supposedly makes it easier for a state to do things like spy, spread propaganda, and sabotage. Analysts have even come up with a new term, "hybrid warfare," which usually refers to these three businesses. But since the term doesn't include direct armed conflict, it might be better to call it "denatured warfare." Cyber, on the other hand, isn't very good at these three things.
Invading hackers who want to spy on the United States, for example, are likely to find that most of what they find is already known, and that much of the rest isn't worth knowing in the first place. Wikileaks' release of thousands of classified U.S. government documents in 2010 showed how many governments around the world have over-classified things. It didn't take Bill Keller long to say "no" when he was asked if the reporting team found anything they didn't already know.
Much the same is true when it comes to intellectual property theft, as well. Not only has this practice been around for a long time, but it has also been bad for governments because it takes their attention away from homegrown ideas. Cyber-propaganda efforts, on the other hand, are more likely to make more information and misinformation available, which has been a problem in warfare for a long time.
Also, the results of cyber-sabotage have been very small, too. A computer virus called Stuxnet was used by the United States and Israel to slow down Iran's progress toward making a nuclear weapon. Even though the operation was seen as a dangerous new development in modern warfare, the damage was only short-term. Iran quickly rebuilt its centrifuges, and the attack was actually counterproductive because it made Tehran want to move faster with its nuclear program. There have also been efforts by the United States to stop North Korea from making missiles. Pyongyang, on the other hand, solved whatever the problem was, just like Iran did. The attacks didn't have a big long-term effect on their program.
Cyber-alarmists have also warned about hackers taking down important infrastructure, like power grids, which could cripple entire countries. Grids do go down from time to time, but squirrels and lightning are usually to blame. These interruptions usually last only a short time and aren't very bad, and engineers are increasingly designing systems that can handle these kinds of threats. Estonia, for example, was the target of a major and often talked about cyberattack in 2007. Now, NATO's Cooperative Cyber Defense Center of Excellence is based there.
In the past, people have been afraid that terrorist groups could do harm through the internet. This isn't a new thing. And even though cyber did not play a direct role in the death of the 9/11 terrorist, the event caused people to worry about the issue. When the Washington Post ran a long front-page piece in 2002, "government experts" said that "terrorists are close to using the Internet as a direct tool of bloodshed."
No terrorist group has been able to use cyberattacks so far. Even if hackers are able to shed blood, shootings and bombings are more likely to do the same thing far more often than that would happen. Still, cyber has undoubtedly been a good way for terrorist groups to find new members and communicate with each other. This method, on the other hand, hasn't caused a paradigm shift. It has simply replaced or added to older methods. Even groups like the Islamic State, which is also known as ISIS, have a hard time using the Internet to stir up violence and teach people who might want to join them. In one case, an ISIS handler linked his American charge to a possible collaborator who happened to be an FBI agent.
Brian Jenkins, a terrorism expert, says that, for the most part, any virtual terrorist army in the United States has been just that: a virtual one. In most cases, "talking about jihad, boasting about what one will do, and coming up with evil schemes to help each other out is usually the end of it," he told me. Indeed, the fact that some would-be terrorists are so willing to talk about their dreams and fantasies on the Internet has often helped police find them.
MEDDLING IS A WAY TO VOTE
People who are worried about cyberthreats also talk about election interference a lot. During the 2016 U.S. presidential election, for example, the United States said that Russian hackers were trying to hurt Hillary Clinton's campaign. Analysts say that even though Hillary Clinton still won the popular vote, they say that digital intruders were trying to damage the integrity of U.S. elections and even democracy itself.
These warnings are overblown and, if they come from U.S. policymakers, they may be hypocritical. It is important to point out that the United States has been meddling in foreign elections for a long time now. Furthermore, the idea that elections and voters can be easily manipulated is not true. If a lot of advertising could guarantee success, Americans would all be driving Edsels and drinking New Coke, two marketing failures by two of the most successful businesses in history: the Ford Motor Company and Coca-Cola. In 1958 and 1985, these two companies tried to sell Edsels and New Coke. In any capitalist society, people are bombarded with ads and marketing campaigns all the time. In every case, people who have been asked to do something are free to not do it, and most become very good at it. A lot of people don't change their minds about a candidate because of campaign information. Diana Mutz, a political scientist, says that the effect of campaign advertising is "at most" small.
Political campaigns, as anyone who has been through one knows, are also full of lies. Incumbents deliberately distort their records, and challengers do the same in the opposite direction. During 2016, Russia made a very small contribution to this flood of fake news. On Facebook, where most of the "manipulation" is said to have taken place, Moscow's interference was only a fraction of a percent of the content on the news feed. People who took this also didn't use it because they were already a member of a party or lived in states that voted for one or the other candidate. Russia's efforts, on the other hand, didn't work at all. Because there was little else that the two US political parties could agree on, Moscow got support for anti-Russian sanctions from both parties even though they couldn't agree on anything else.
Despite all the talk about war, terrorism, election interference, and critical infrastructure, most cyberattacks are on businesses and their customers, trying to steal or extort money from them. The record here, on the other hand, is encouraging, and it's likely to have a lot of value. Companies have done a good job of protecting themselves from cybercriminals. They have closed software holes, kept back-ups of important data, and made sure that sensitive information isn't stolen.
The profitability of their business is a big concern for people who might be hackers. A report by the cybersecurity company Symantec says that 978 million people were affected by cybercrime in 2017, which cost them $172 billion. That number, no matter how hackers split the profits, is a lot less than the losses from other types of illegal activity. In 2017, for example, crimes against people and property cost the United States $2.6 trillion.
Businesses, too, are learning to change with the times, which is good for them. Andrew Odlyzko, who used to be the head of the University of Minnesota's Digital Technology Center, says that many businesses have realized that they can easily avoid the worst effects of cybercrime by making small changes to their business practices. As a result, more and more customers are being asked to call or text their banks to confirm large or suspicious transactions. Even though criminals often get millions of credit card numbers from hacked databases, the damage is usually limited and often dominated by the cost of making new cards. Businesses have also made it easy for people to get back from fraud.
PEARL HARBOR AND RESILIENCE
Despite what Panetta said in 2012, the value of adapting and being resilient is shown, not broken, by the Japanese attack on Pearl Harbor. From a strictly military point of view, the attack turned out to be more of a nuisance than a disaster. In a hurry, the U.S. Navy took care of two old ships that had broken down. It would take three days to replace all the planes that were lost at the production rate that would be used in 1942. The loss of life was, of course, heartbreaking. The outraged men who flooded recruiting stations in the following days almost made up for the deaths.
That doesn't mean that the Pearl Harbor attack doesn't support being afraid. Because the system is strong, it can deal with even successful, dramatic and dastardly surprise attacks if it is well-built and well-equipped.
** Information on these pages contains forward-looking statements that involve risks and uncertainties. Markets and instruments profiled on this page are for informational purposes only and should not in any way come across as a recommendation to buy or sell in these assets. You should do your own thorough research before making any investment decisions. All risks, losses and costs associated with investing, including total loss of principal, are your responsibility. The views and opinions expressed in this article are those of the authors and do not necessarily reflect the official policy or position of USA GAG nor its advertisers. The author will not be held responsible for information that is found at the end of links posted on this page.