In an era of antiseptic war, one fought with drones and precision weapons that limit to an amazing degree the collateral damage done by these limited strikes executed during very limited conflicts, we’ve gotten spoiled. We expect war generally to be antiseptic.
And our “leaders” in DC have gotten spoiled, too.
Several large-scale cyberattacks in recent months have prompted a number of lawmakers and policy makers to call for a more forceful response, including suggestions that the US engage in counterattacks that would disable or limit the culprits’ own networks.
But White House officials and some technology security experts remain skeptical that such “offensive” cyberattacks would work, saying they are concerned about the difficulty in targeting specific hackers without causing widespread spillover, among other things.
And so, in the face of this wide-open cyber war being waged against us, these White House officials and those “some others” insist that we do nothing, since what we would do would be imperfect and cause collateral damage.
…cybersecurity experts are mostly split on the merits of retaliation, with some saying it could distract companies from doing more to prevent breaches.
Because defense and offense cannot possibly be carried out simultaneously. Yeah.
Bob Gourley, late of the Defense Intelligence Agency:
Once the planners and everyone looks [into retaliation], it puts it on an escalation ladder we don’t want to be on. The first thing we need to do is protect our systems. Until we do that, we’re almost inviting them to attack, saying “Come on, take our stuff.”
Wait, what? You’re saying that after years of suffering cyberattacks from Russia, the People’s Republic of China, northern Korea, Iran, individuals, you still haven’t bothered to “protect our systems?” How does that work, exactly?
Certainly collateral damage should be limited to the extent possible, from both moral and efficiency perspectives. But this is war. Collateral damage is part of the messiness of war. If we let our fear of collateral damage paralyze us, we will lose the war, with catastrophic consequences to us, completely subsuming any collateral damage done us by this war.
It’s for those who sit in leadership chairs in DC to stop wasting their energy looking for excuses to do nothing and instead direct their energy to responding. Forcefully. As tidily as possible, but with recognition that there will be messes, sometimes big ones.
That response must include actually defending our systems, and it must include correcting this failure:
Businesses are largely prohibited by law from a practice known as “hack back,” which could either be done to punish a cyberthief or take back information that was stolen from any specific firm. That has left companies relying on the government’s response, which so far largely has come in the form of sanctions or criminal indictments.