As the new administration continues to push its agenda, public attention seems to be drifting from Russia’s interference in the 2016 election. This is a shame because the implications of Russian interference will have a profound impact on U.S. policy moving forward. The way this incident was handled, and the questions it left behind, highlights a large gap in effective policy for dealing with such events.
Can hacking be qualified as an act of war? NATO seems to think so, they’ve declared that a cyber attack is grounds to invoke their Article 5, the Collective Defense clause. President Donald Trump is less convinced. Whether it’s because he does not want to smear the conditions surrounding his election or because that might interfere with pursuing better relations with Russia, Trump has been reluctant to discuss the situation seriously.
The United States has failed to define when a cyber attack constitutes an act of war. The fact is, policymakers are scared to do so. Drawing a red line demands that action be taken once it’s crossed, and policymakers clearly aren’t eager for that responsibility. Yet, much to their distaste, forming a definition is the necessary first step in avoiding future attacks.
Moreover, if a cyber act of war is defined and does occur, what is an appropriate response? It’s reasonable to assume NATO does not plan to invoke Article 5 to use military force in response to a cyber incident, and although tempting, a retaliatory cyber attack would be disastrous. The U.S. has a vested interest in protecting and safeguarding an open and safe internet, and by doing so, the U.S. supports and protects commerce and the freedom of speech. Responding to cyber aggression with retaliatory attacks only stands to promote and instigate further attacks. Assuming such a cycle of escalation was allowed to mature, the involved countries would intensify the complexity of their attacks and the value of the assets they targeted, consequentially hurting the U.S.’s efforts in cyberspace. This cyber warfare proliferation, a new age relative of the zero-sum game of nuclear proliferation, could have disastrous effects on domestic and international prosperity.
In ways, this situation draws parallels to the discussed anti-ballistic missile defenses of the Cold War, when U.S. and Russian offensive and defensive capabilities increasingly rose to challenge one another. Unchecked and taken to its drastic extreme, cyber warfare proliferation might lead governments to heavily restrict or truncate shared internet connections, defeating the single greatest value of the internet: instant global communication and commerce. It’s clear that retaliatory attacks are not an ample deterrence or solution to cyber aggression.
Yet, it is clear that the U.S.’s response to Russian interference in the election has not been enough. Putin would be more than happy to cycle through diplomats, who in turn would get expelled, if it means he could successfully subvert the legitimacy of democratic institutions. The U.S. needs to define an effective response to cyber attacks. This response must respect and promote the free and open internet, rather than endanger it with cyber warfare proliferation.
As retired diplomat and professor at the University of Maine’s School of Policy and International Affairs, Kenneth Hillas pointed out in a recent BDN OpEd that “Russia’s intervention in the U.S. election began in the summer 2015.” This long timespan demonstrates a commitment to cyber espionage, and given the strong success of recent Russian interference, we can expect to see these activities continued. Already, it appears that Russia launched another attack against U.S.-based think tanks a day after the election, the consequences of which remain unclear.
These questions and issues need to be addressed. A lack of a definition of what constitutes a cyber act of war not only continues to allow excessive foreign cyber espionage, but also threatens to draw the U.S. into conflict upon loosely defined pretexts. The U.S. needs to define what it considers acceptable and develop an adequate response to deter what is not. A failure to do so could endanger the qualities and benefits of the internet we take for granted and even possibly spark unprecedented cyber warfare proliferation.
Lucas Ashbaugh is graduate student in the School of Policy and International Affairs at the University of Maine in Orono, where he is obtaining a master’s degree in international security. He is president of the Cybersecurity Team at UMaine.