The Founding Fathers’ solutions for 21st-century problems.
For almost two decades, military analysts have worried that foreign powers might use computer networks to inflict harm on the United States. Politicians quickly translated those concerns into warnings of a “cyber Pearl Harbor.” Almost as promptly, legal analysts began dutifully charting the limits on how we would fight the cyber war that might follow such an attack—if we chose to conform to the UN Charter and various post-war Geneva Conventions
But cyber attacks are already a persistent and disturbing aspect of international relations in the twenty-first century. At moments of particular tension between hostile states, computer network attacks have been launched against national infrastructure, causing large-scale disruptions. It happened in Estonia in 2007, Georgia in 2008, and South Korea in 2011. Meanwhile, large and important American companies, including Google, Lockheed Martin, and RSA, have fallen victim to highly sophisticated, multi-stage attacks. These attacks appear to have been encouraged or aided by national governments seeking economic or strategic advantages. So-called “advanced persistent threats”—from highly skilled attackers with deep knowledge of the target—are a major headache for American companies.
So far, the United States government has responded with earnest but vague calls to strengthen international norms of good behavior in the cyber realm. Hostile forces are already probing our defenses and testing the limits of our patience. The Obama administration’s International Strategy for Cyberspace suggests the U.S. could retaliate with “military force”—implying that if there really is a devastating cyber attack, we might respond with conventional bombing.
As a general strategy, that has some obvious limitations. Would we actually risk war with China or Russia in response to a cyber attack?