Hacking our way through the new Cold War (Q&A)
Before the blockbuster revelation that Russian operatives stole and leaked tens of thousands of documents from the Democratic National Committee office last year, in an apparent effort to damage Democrats’ chances in the November election, it may have been hard for many people to imagine the outsize role hacking would play in politics.
Russia’s summer and fall meddling in U.S. politics was more than a reminder of Vladimir Putin’s long-standing distaste for Hillary Clinton. Rather, it demonstrated a broad and sophisticated way of using information warfare to carry out military and political objectives. It also highlighted a significant relationship between computer security and policy, notes James Wirtz, a prominent Cold War historian and dean of international graduate studies at the Naval Postgraduate School.
When The Parallax spoke with Wirtz last summer, the controversy surrounding the extent of Russian meddling in the U.S. presidential election was just starting to bubble to the surface. The notion of Russian hacking and information warfare now dominates mainstream news pages, pressuring U.S. policy makers to re-examine assumptions about how computer security should fit into national-security strategy.
We recently caught up with Wirtz for a follow-up conversation What follows is an edited transcript of our conversation.
Q: When we spoke over the summer, you noted that the Russians are good Clauswitizians. Given the success that Russia has enjoyed deploying the Internet as a tool to promote its interests, which conclusions should we reach?
The Russians are looking at ways to shape the political battlefield and alter political perceptions in our country in a way that suits their interests. There are all kinds of ways you can accomplish that: You can do it through persuasion. You can do it through trade. You can do it by creating incentives. You can go to war. Or you can do it through information and ideas, and by channeling the political debate.
The Russians view information hacking as a strategic weapon, and the clear objective is to manipulate people into changing their minds, or doing something in particular—and into thinking that it’s their idea.
How does this practice compare with the U.S. notion of cyberwarfare?
The U.S. view is that cyberwarfare is more of a precision-guided weapon that can take out a critical system or node, and have more of a military impact on a situation. We don’t look at it as a way of promoting ideas in a political debate, or shaping the political debate in another country.
For example, if we gained access to the emails of Russian officials and published them in order to undermine or embarrass them, that would be a demonstration of symmetrical retaliation. But I don’t know whether we’d be willing to do that.
But for Russia, it serves as a useful tool to pursue a case of continual—or even permanent—conflict with the West without firing a shot.
Yes, though I wonder what they really hoped would happen when they released all the emails. It’s always hard to predict how this sort of thing will go in advance. It’s a risky business in that there’s always the chance that it could lead to blowback.
As more evidence of Russia’s involvement has come to light, what’s been the biggest surprise?
During the Cold War, the opposing sides took a more hands-off approach. The Soviets didn’t try to meddle in our elections, and we didn’t back a candidate or have much to say about their various succession crises.
The assumption back then was that there was nothing much you could do to help your candidate or cause. And that anything that you did, which later got attributed to your side, would actually hurt whatever you were trying to achieve.
That’s changed. The idea that you could insert yourself in this way, and have an impact or exert influence, is really something new.
“[L]ook at how the Chinese government controls the way its citizens use the Internet. From an American perspective, we would wonder why they would limit their population’s access, given that the Internet is a great engine for productivity. But they see it as a necessary way to eliminate or reduce political instability in the country.”
People in the United States also seem to care less today about Russian meddling. In the old days, intentional interference in an election would have energized opposition. Now it becomes just another element in the political landscape. It never was like that before.
Where should the focus be to prevent something like this from happening again?
That’s tough to answer. What we saw over the summer was that the vulnerabilities that the Russians exploited weren’t really national assets or official channels. They penetrated the Democratic National Committee with a simple phishing exercise.
The truth is that the whole information system is vulnerable because hackers now focus on attacking ancillary channels. If they can’t get into a government system, they’ll target your barber. Or they’re going to try and get a look at your financial records.
It’s not the person at the top of the organization where the vulnerability exists, it’s the average person who has critical access to certain kinds of technology or information. Once you compromise that person’s security, you have access to everything else. It’s the weakest-link theory.
The United States expelled Russian diplomats for interfering in the 2016 election. Is stronger retaliation appropriate?
We’d face the old question of whether that would help or hurt our cause. Would the Russian body politic respond in a way that we’d want them to respond? Would they find it titillating to learn the vagaries or the improprieties committed by their leadership? Or would they get mad about having their systems penetrated and personal lives exposed?
Does the United States have a coherent strategic doctrine for understanding how nations view the Internet as a tool of national security policy?
We’re not there yet, but there’s a growing realization that there are differences in national styles in the ways that different nations deploy information. As I noted earlier, the Russians see information on the Internet as a strategic asset they can use to alter the political context of the debate.
There’s an awareness of the different capabilities among states and an understanding that the economic opportunities available to the technical communities in those nations leads to variations in the ways cyberwarfare and cybersecurity get deployed. But it also makes it hard to come up with a one-size-fits-all policy that can deal with all of this. That’s the big challenge.
For instance, look at how the Chinese government controls the way its citizens use the Internet. From an American perspective, we would wonder why they would limit their population’s access, given that the Internet is a great engine for productivity. But they see it as a necessary way to eliminate or reduce political instability in the country.
A few years ago, you might have said the Chinese are completely misguided. But when you go to social media today, every third item seems to be a political post. The Chinese look at that and say, “Not in our country. We’re not going to put up with that.” They just don’t want it and won’t let that happen.
How long will we see asymmetric battle strategies moving into the Internet realm?
I think it’s the new normal.