Two weeks ago, we began this two-part report by examining America’s geographic situation and how it is conducive to superpower status. This condition is problematic for foreign powers because it can be almost impossible to significantly damage America’s industrial base in a conventional war with the U.S. In addition, it would be very difficult to launch a conventional attack against the U.S. (a) with any element of surprise, and (b) without significant logistical challenges. The premise of this report is a “thought experiment” of sorts that examines the unconventional options foreign nations have to attack the U.S. Although these may not lead to regime change in America, such attacks may distract U.S. policymakers enough that foreign powers could engage in regional hegemonic actions that would otherwise be opposed by the U.S.
In Part I of this report, we discussed two potential tactics to attack the U.S., a nuclear strike and a terrorist attack. This week, we will examine cyberwarfare and disinformation. We will conclude with market effects.
Cyberwarfare is a broad tactical category, ranging from the use of computer technology in conventional warfare to hacking enemies’ industrial, financial, media, utility and social networks to gain information, monitor behavior, spread disinformation and disrupt operations of these networks. Both state and non-state actors are active in cyber activities. There is a significant criminal element as well.
The best known cyberattack was allegedly jointly created by Israel and the U.S. Dubbed “Stuxnet,”1 it was a computer virus which took control of systems that monitored Iran’s nuclear centrifuges. The virus returned information to its handlers and eventually was able to adversely affect the operation of the machinery itself, causing some of the centrifuges to spin out of control. Although Iran’s nuclear facilities were not directly connected to the internet, the bug was apparently introduced through a flash drive. This means that either a spy plugged a drive into Iran’s system or an innocent Iranian did it by mistake.
Initially, as reports from Iran began emerging about problems in its nuclear facilities, it was generally assumed that the Persians simply didn’t know what they were doing or had purchased faulty equipment. Eventually, Stuxnet ruined about 20% of Iran’s nuclear centrifuges. The virus turned out to be rather pervasive, spreading to Indonesia, India, Azerbaijan and Pakistan, and, interestingly enough, also infecting about 1.6% of American computers.
There are numerous other examples of cyberwarfare. The U.S. hacked insurgents’ cell phones in Iraq, allowing the American military to track their movements and even send them texts with false orders that may have led to their capture or demise. China has become notorious in its hacking of U.S. government and defense sites. Criminals routinely use “phishing” emails to gain control of individual and business computers, sometimes to “kidnap” their data (ransomware) or to simply gain their information.
Cyberwarfare carries numerous risks. As seen with Stuxnet, once released, a virus can become uncontrollable, harming friends and foes alike. It is relatively easy to conceal as it can be difficult to determine where an attack originated. In other words, a state actor could make it appear that a criminal group was responsible for the hack. Or, the criminal group could act as a mercenary for a state, giving the government plausible deniability. Governments have an incentive to co-opt and coerce technology firms to build in “back doors” that allow them to monitor information from citizens.2 This deliberate defect makes the product less attractive to consumers. On the other hand, an impregnable information system would be a very attractive tool for terrorists and criminals. Essentially, personal privacy is always at risk in a world where cyberattacks are possible.
Technology, for the most part, improves efficiency. Recently, my family traveled to the Caribbean which required a tour through U.S. Customs upon our return. We were checked into the country using an automated kiosk that scanned our passports, took a picture and sent us to a border agent. The following day the system crashed and what took us about 45 minutes to navigate took others up to six hours to clear. Payment systems have become increasingly electronic. This allows households to carry less cash and lets banks and other financial institutions move funds more easily through the economy. However, it also makes the system vulnerable to hackers. Banks are constantly facing threats from criminals trying to gain access to accounts.
Fraudulent purchases on credit cards are common. These acts are more easily facilitated due to technology.
In financial services, technology has changed how orders are handled. Trade execution is nearly instantaneous. The futures pits used to be populated with wildly waving traders in colorful jackets; now, these trades are executed via terminals and, in many cases, ordered by algorithm. Although this has lowered execution costs, it also makes financial markets susceptible to “flash crashes” that occasionally roil the markets.
Essentially, technology has been eliminating the number of people directly involved in processing transactions, everything from financial markets to retailing and government services. Although this makes the economy more efficient, it also makes it more fragile. If a system crashes, it can cause widespread disruptions and close firms, government agencies and markets. The U.S. economy, due to its technological advances, may be more vulnerable to cyberattacks than other nations.
Although cyberattacks won’t likely cause regime change in the U.S., it could seriously disrupt the American economy, giving a foreign power time to use conventional military means to establish regional hegemony. Thus, if China wanted to capture Taiwan or if Russia wanted to invade the Baltics, a major cyberattack, such as bringing down the electrical grid,3 causing dams to malfunction or disrupting air traffic control, may be enough to shift security and other officials’ attention in order to improve the odds of a successful attack.
Cyberwarfare is a significant threat to U.S. security and has very attractive characteristics. It is stealthy; the origin of the attack can be disguised and it can cause significant damage to an economy. Although the U.S. may be vulnerable to such an attack, it should be noted that American intelligence agencies and the military have significant firepower in this area as well. The difference is that disrupting the Russian economy might not matter all that much because it’s already in poor shape. But, in the U.S., shutting down the electrical grid for several days would be considered catastrophic; in fact, simply bringing down the internet might be just as bad. The U.S. faces a constant threat from cyberattacks. The key concern is what a foreign power would do with a disruption. China has already captured defense plans and personal information. So far, it has used this information to improve its own defense materials and to create countermeasures to U.S. defense goods. But the threat of a cyberattack as cover for a regional military operation is perhaps the greatest threat the U.S. currently faces.
Disinformation is nothing new. From time immemorial, governments have tried to fool their adversaries. From America’s perspective, Radio Free Europe was broadcasting the truth to those behind the Iron Curtain. To the communists, it was pure propaganda.
There are two changes that make disinformation more dangerous. First, the technology behind news flow has changed dramatically. During the era of print media, disseminating news was rather expensive. Printing needed to occur. Journalists