In December 2020, for the first time in U.S. history, the office of the presidency lay vacant. Having failed to win reelection to a second term, a petulant Donald Trump had effectively abdicated. True, he tweeted, golfed, and pardoned cronies, while ordering minions to pursue ever more outlandish schemes to overturn the will of the electorate. But though he still resided in the White House, Trump had ceased to make even a pretense of actually governing.
At this juncture, even as the dispiriting Age of Trump was winding down, the first national-security crisis of the Biden era erupted. News outlets reported a massive hack of government agencies and private enterprises. Almost universally attributed to the SVR, Russia’s foreign-intelligence service, the attack confirmed what many ordinary citizens already suspected: American cyber defenses are drastically inadequate and the nation’s entire information infrastructure is acutely vulnerable.
Apart from suggesting (without evidence) that China might be the hack’s actual perpetrator, the incumbent commander-in-chief took no notice. Then president-elect Joe Biden stepped up to fill the resulting vacuum.
Sounding suitably presidential at a pre-Christmas press conference, Biden characterized cyber threats as “a grave risk to our national security” and pledged to mount a forceful response once in office. “Enough’s enough,” he declared. “In an age when so much of our lives are conducted online, cyber-attacks must be treated as a serious threat by our leadership at the highest levels. We can’t let this go unanswered.” Implicitly making a comparison with nuclear and biological weapons, Biden vowed to treat cyber threats with “the same seriousness of purpose that we treated threats of other unconventional weapons.” He promised “to establish clear international rules and mechanisms to enforce them,” along with “consequences for those countries that violate them.”
What all of that might mean in practice remains unclear. Biden’s language recalls the rhetoric employed a generation ago to discuss terrorism, to wit: let no one doubt American strength and resolve; the United States will track down perpetrators and bring them to justice; we will not rest until terror is eliminated, etc., etc. In fact, even today the U.S. national-security apparatus is clueless as to how to eliminate terrorism, which has become a problem to be managed rather than eradicated. So it will be with cyber threats.
Complicating the problem of establishing “clear international rules” to outlaw bad behavior is the fact that the United States is itself a leading cyber-thief. “This is business as usual,” Bruce Schneier, a cybersecurity expert, told the Los Angeles Times in discussing the Russian hack. “The National Security Agency does this kind of thing all the time, and we are better at it.”
Nor does the United States confine itself to mere thievery. Employing euphemisms such as “persistent engagement” and “defending forward,” American cyberwarriors have long since gone on the offensive. Operation Olympic Games, which a decade ago found the United States and Israel collaborating to disable Iran’s nuclear-research program, offered a glimpse of things to come. A report issued last year by the congressionally mandated U.S. Cyberspace Solarium Commission emphasizes the imperative of maintaining the capacity to “strike back with speed and agility” in response to any cyber threats.
The Pentagon’s official cyber strategy goes further, vowing “to disrupt or halt malicious cyber activity at its source, including activity that falls below the level of armed conflict.” Indeed, for years now U.S. intelligence agencies have been waging their own undeclared cyberwar against various adversaries. In short, among U.S. cyberwarriors, the line between protecting and preempting is so fine as to be invisible.
Members of the political class prefer to feign innocence. The official script coming out of Washington charges Russia with launching an unprovoked and unwarranted attack. As if shocked to discover gambling at Rick’s Café Américain, Sen. Dick Durbin of Illinois characterized the hacking incident as “virtually a declaration of war by Russia on the United States.”
As with earlier national security incidents of note—the 1962 Cuban Missile Crisis and the 1964 Gulf of Tonkin incident offer notorious examples—the reality is somewhat more complicated. In cyberspace, Washington probes, identifies vulnerabilities, and preemptively targets. In short, whatever Durbin may purport to believe, U.S. government agencies systematically exploit the digital weaknesses of others and strike first. If the United States is preyed upon, it is also a leading predator.
For nervous members of the public, a nightmare scenario of a non-nuclear apocalypse lurks in the background: a surprise cyberattack that instantly turns out the lights, brings the economy to a screeching halt, and creates nationwide paralysis and panic. It doesn’t require a particularly active imagination to foresee consequences dwarfing those that Americans have endured during the coronavirus pandemic.
So what are ordinary citizens to make of mischief-making by Russian hackers? How worried should we be? Are we even worrying about the threats that are actually the most worrisome?
Here are a couple of observations offered by a layperson with no claim to being a tech expert.
First, in some respects, we are already in the dark. The entities charged with protecting us—primarily the United States Cyber Command, collocated at Fort Meade, Maryland, with the National Security Agency—operate in secret. They withhold from the American people not only their own methods (arguably justified), but also the details of what the SVR has uncovered (not justified). To an extent difficult to measure, they also surveil us without our knowledge or consent.
While generously resourced with taxpayer dollars, agencies responsible for U.S. cybersecurity are only nominally accountable. Knowing the full extent of U.S. cyber operations requires security clearances for which few readers of this magazine are likely to qualify. To assume that members of Congress are providing effective oversight requires ignoring the dysfunction and irresponsibility pervading contemporary American politics.
In some respects, our situation recalls the early days of the Cold War. Back then fearmongering senior military officers, e.g., Gen. Curtis LeMay, abetted by ambitious politicians, e.g., Sen. John F. Kennedy, demonstrated great skill in conjuring up “gaps” in U.S. military capabilities. During the 1950s, these supposed gaps—first bombers, then missiles—created opportunities, both bureaucratic and partisan. For the military-industrial complex (MIC), they provided a handy rationale for fielding a never-ending array of bombers, missiles, submarines, and warheads. Meanwhile, politicians seeking high office could decry the gaps and proclaim their commitment to creating arsenals “sufficient beyond doubt,” as Kennedy put it. In fact, throughout the Cold War, our side never trailed the Soviets in nuclear strike capabilities. If gaps existed, they favored the United States. We cannot say for certain if a similar form of threat inflation is operative today. But neither can we eliminate the possibility. The national interest does not necessarily rank first among factors that shape national-security policy.
Meanwhile, the famous warning issued by Kennedy’s predecessor in the White House has lost none of its pertinence. While information may have quietly replaced industrial as the MIC’s second initial, today, even more than in President Eisenhower’s day, ensuring that the MIC does its job so that “security and liberty may prosper together” requires “an alert and knowledgeable citizenry.”
And there lies the rub. When enumerating the qualities that characterize American citizens in the present age, alertness and knowledgeability do not spring immediately to mind. Distracted and distraught, bewildered and beguiled, incensed and infuriated: these come closer to the mark, with information technology not least among the culprits contributing to a pervasive sense of angst that afflicts the population.
Meanwhile, regardless of what Russia or any other bad actor may be doing, our own dependence on that technology grows apace. This is true both individually and collectively. The contemporary American way of life itself creates vulnerabilities that put that way of life at risk.
Immediate and assured internet access has become the lifeblood of our economy. In a trend reinforced by the coronavirus pandemic, American cultural life has simultaneously moved online. Disturbingly, so too has our spiritual life. Since the coronavirus pandemic erupted, my wife and I have tended to fulfill our Sunday obligation by attending Mass virtually. Worshipping at Notre Dame’s beautiful Basilica of the Sacred Heart while sitting comfortably on my living room couch in Walpole, Massachusetts—I mean, what’s not to like?
By extension, except for a handful of hermits and eccentrics, the barriers to reasserting genuine autonomy—of living “off the grid”—have become all but insurmountable. Practically speaking, daily life today entails complying with the dictates of Information Age tycoons such as Messrs. Jeff Bezos and Mark Zuckerberg, who just might pose a greater concern than Vladimir Putin. Personally, I hate making purchases from Amazon. I do it anyway; for price and convenience, you can’t beat it. And I can buy a book without risk of contracting a dread disease as a consequence. Nor could I have written this article without help from Apple, Microsoft, and Google.
As with dependency in any other form, once you’re hooked, you’re hooked—a point that the must-see documentary film Social Dilemma forcefully drives home. “What we learn in this movie,” one astute reviewer writes, “is that our brains are being manipulated and even rewired by algorithms that are designed to get our attention and make us buy things, including buying into distorted ideas about the world, ourselves, and each other.” Moscow’s role in this subversive and corrupting process rates as somewhere between negligible and non-existent.
So who poses a greater threat to American freedom? The SVR? Or Silicon Valley? Or are we threatened on two fronts? The answer is surely both, but personally I fear the latter more than the former.