Faced with Russian nuclear threats during the Cold War, the strategist Herman Kahn calibrated a macabre ladder of escalation with 44 different rungs ranging from “Ostensible Crisis” to “Spasm or Insensate War.”
In the era of cyberwarfare that is now dawning, the rules of the game have not yet been established with such coldblooded precision. That is why this period of Russian-American relations is so tricky. The strategic framework that could provide stability has not been set.
Russian hackers appear to be pushing the limits. In recent weeks, the apparent targets have included the electronic files of the Democratic National Committee, the private emails of former Secretary of State Colin Powell, and personal drug-testing information about top US athletes.
The Obama administration is considering how to respond. As in most strategic debates, there is a split between hawks and doves. But there is recognition across the US government that the current situation, in which information is stolen electronically and then leaked to damage and destabilize US targets, is unacceptable.
“A line has been crossed. The hard part is knowing how to respond effectively,” argues one US official. Retaliating in kind may not be wise for a country that is far more dependent on its digital infrastructure than is Russia. But unless some clear signal is sent, there is a danger that malicious hacking and disclosure of information could become the norm.
As always with foreign policy problems, a good starting point is to try putting ourselves in the mind of potential adversaries. The point of this exercise is not to justify Russian behavior but to understand it, and learn how best to contain it.
The Russians have a chip on their shoulder. They see themselves as the aggrieved party. The US, in their view, has been destabilizing Russian politics by supporting pro-democracy groups that challenge President Vladimir Putin’s authority. To Americans, such campaigns are about free speech and other universal human rights. But to a paranoid and power-hungry Kremlin, these are US “information operations.”
Russian officials deny meddling in US politics, but it is clear from some of their comments that they think the US shot first in this duel of political destabilization.
This payback theme was clear in Russian hackers’ disclosure this week of information stolen from the World Anti-Doping Agency about Olympic gymnast Simone Biles and tennis superstars Serena and Venus Williams. The Russians have been irate about the exposure of their own officially sanctioned doping, which led to disqualification of many Russian Olympic athletes. And so -- retaliation, in the disclosure that Biles and the Williams sisters had been given permission to use otherwise banned substances.
If you are a Russian with a sense that your country has been humiliated and unjustly maligned since the Cold War -- and that seems to be the essence of Putin’s worldview -- then the opportunity to fight back in cyberspace must be attractive, indeed.
How should the United States combat Russian cyber meddling before it gets truly dangerous? I asked a half-dozen senior US officials this question over the past few weeks, and I have heard competing views.
The Defense Department’s cyber strategy, published last year, argues that the US should deter malicious attacks by a combination of three approaches: “response ... in a manner and place of our choosing”; “denial” of attack opportunities by stronger defense; and “resilience,” by creating redundant systems that can survive attack.
A few caveats to this official strategy were cited by many of the officials.
The US response probably should not come in cyberspace, where an advanced America is more vulnerable to attack than a relatively undeveloped Russia, and where the US lacks sufficient “overmatch” in cyber weapons to guarantee quick success. “Don’t get into a knife fight with someone whose dagger is almost as long as yours,” explains one expert.
The Obama administration should also disclose more of what it knows about Russian actions, much as it did with Chinese and North Korean hacking. But getting in a public argument with Moscow will be fruitless, and the US may blow its cyber “sources and methods” in the process.
What would the Cold War “wizards of Armageddon” advise? The nuclear balance of terror finally gave way to arms-control agreements that fostered stability. But this model probably does not work in cyberspace. Such agreements would not be verifiable in a world where cyber warriors could re-equip at the local Best Buy.
Norms for global behavior emerge through trial and error -- after a messy period of pushing and shoving, accompanied by public and private discussion. Starting this bumpy process will be the last big challenge of Barack Obama’s presidency.
By DAVID IGNATIUS
David Ignatius’ email address is
davidignatius@washpost.com. -- Ed.
(Washington Post Writers Group)