I was reading a Lawfare book review written by Benjamin Wittes, and I came across an interesting idea. The book itself is relevant (America the Vulnerable, by Joel Brenner) in that it explores cyber-espionage and the US' cyber vulnerabilities, and the review is a positive one. However, it wasn't the book that interested me.
In a small critique of the book, Wittes mentions that the author didn't address offensive cyberattack. The author does quickly mention the use of offensive cyber-espionage as a sort of active defense, but Wittes notes that this level of espionage would counteract large scale cyberattacks. However, large scale cyberattacks are rare. In the meantime, we are dealing with a pervasive level of cyber-espionage that exfiltrates "terebytes of valuable data." We can't necessarily use the same level of offensive cyberattack to deal with cyber-espionage; cyber-espionage is not cyberwar. Are our hands tied?
Thankfully, they are not. Wittes recommends lower level retaliatory attacks on those behind cyber-espionage. In the case of China, Wittes mentions a PLA hacker school and advocates using a mix of identity theft and/or disclosure of embarrassing personal details to retaliate against its members. Better yet, the US could "degrade the Great Firewall of China." In the best line of the entire review, Wittes says that "there are people and institutions whom our criminal justice apparatus and diplomacy cannot reach . . . but that does not mean that we cannot raise the cost to individuals, states, and organizations of eroding our security."
I just love this idea. Cyber-espionage seems to convey a feeling of helplessness. No matter how good our network defenses are, they'll always be a way to get in. Political considerations have prevented the US from directly confronting the Chinese. And we can't retaliate against cyber-espionage with damaging cyberattacks. However, using these low-level retaliatory attacks, we can at least make a point. I think going after the Great Firewall of China would be especially effective.
Consequently, Jack Goldsmith, also of Lawfare, expressed a similar idea in a Washington Post op-ed.
Check out the rest of the review here.
Leave a Reply