The U.S. intelligence community concluded that Russia tried to influence the outcome in the 2016 presidential election through the dissemination and weaponization of information illegally hacked and stolen from the Clinton campaign and the Democratic National Committee.
Special Counsel Robert Mueller indicted 13 Russian operatives for waging a disinformation campaign in the presidential election by using our social media platforms. The Russians admittedly described their activity as “information warfare against the United States of America.” I believe we should take the Russian hackers at their word. To ignore their confessional will only invite additional intrusive hacks and it will simply lead to confusion over what the United States considers an act of war against it.
Information warfare did not end on Election Day. The threat to our national security is intense, unrelenting and ongoing. Americans must recognize that warfare in the 21st century is not limited to traditional troops with boots on the ground or bombs being dropped from the air. To protect our national security, officials should first determine the point at which cyber crimes, including illegal hacking as well as acts of disinformation, become acts of war against the United States.
This is not an academic exercise. According to a report recently delivered to Navy Secretary Richard Spencer, the U.S. Navy is “under cyber siege” by Chinese hackers who have successfully conducted cyber espionage to the extent they have altered “the calculus of global power.”
The report identifies the successful efforts by China and Russia at stealing our military secrets. It concludes these activities are conducted below the threshold of “armed conflict.”
There needs to be a thorough reexamination of the meaning of “war” in the context of the internet age. Officials should define the term and then announce it to the world thereby putting everyone on notice — including individual, state sponsored, or politically motivated cyber warriors — there will be dire consequences for their acts.
By what standard should the Navy or any other part of the nation’s defense apparatus use to determine whether or not illegal hacking is or is not above or below “the threshold of armed conflict?” In determining if cyber attacks are merely crimes on a massive scale, or, as cyber expert George Lucas asks, do they represent something different — acts of war?
The first question is highly technical. International IT security experts have developed several analytical models to assess whether or not the damage caused by a cyber attack rises to the level of an armed attack. They have developed an “effects-based” approach, a model that gives consideration to the overall effects and consequences of a cyber attack on a victim state. For example, a cyber manipulation of information across a state’s banking and financial institutions that significantly disrupts commerce would be viewed as an armed attack.
Another model is one of “strict liability” that would automatically deem any cyber attack against a state’s critical national infrastructure to be an armed attack based on its potential for severe consequences. An example would be the shutting down of a nation’s power grid.
The validity of these models has essentially been confirmed in a 2011 Pentagon report to congress wherein it officially states the United States military has the right to retaliate with military force against a cyber attack. The rationale for this policy is in its deterrent affect on those who believe they can carry out “significant cyber attacks directed against the U.S. economy, government or military.” While this report, issued by the Obama administration sets the right tone, it unfortunately is limited in scope to the defense of computer networks in “areas of hostilities” or actual battle zones such as Afghanistan. Since the report was issued, there has been a significant increase in the conduct of cyber warfare directed against various American interests — foreign and domestic.
Based on either one of the models discussed above, the Russian and Chinese cyber attacks were acts of war. They significantly disrupted and damaged our Constitutional infrastructure and our national security in an attempt to undermine the foundation of U.S. democracy and its military capability. They were of sufficient scope, duration and intensity to deem them armed attacks. Clearly, they meet the international criteria of an armed attack and an act of war against the United States.
In response to the Russian intervention in the 2016 election, the Trump administration has issued a new cyber operations order designed to allow the secretary of Defense and the director of national intelligence to approve retaliatory strikes without the approval of others in the government, and in certain cases without White House approval.
The new order, issued in November, recognizes cyber combat to be a more likely component of warfare. Still to be determined is the scope of this policy and how it will be applied to different fact situations.
The bottom line is the U.S. government has officially recognized that future wars will be at least partially fought on all sides by hackers who will be trained to perform as warriors. Some Americans may view this development as a new chapter in human progress; others will recognize it as part of the futility that usually accompanies war. All of us will have to await history’s judgement.
Tom Coleman represented Missouri as a Republican in the United States House from 1976-1993. He has taught as an adjunct professor at New York University’s Robert F. Wagner Graduate School of Public Service and at American University in Washington, D.C.
The views and opinions expressed in this commentary are those of the author and do not reflect the official position of The Daily Caller.