Cyber weapons can inflict massive damage but are cheap, reliable, portable, easily hidden and hard to detect, New York Times National Security Correspondent David E. Sanger told a packed house at IPI the evening of October 18th. “Most importantly,” he said, “you can dial it up and dial it down, you can’t do that with a nuclear weapon.”

Mr. Sanger was speaking to a Distinguished Author Series event, co-sponsored by IPI and the School of Diplomacy and International Relations at Seton Hall University, and devoted to a discussion of his book The Perfect Weapon: War, Sabotage and Fear in the Cyber Age.

Since the advent of nuclear weapons, American deterrence has been based on the notion that only adversarial nations with nuclear weapons pose an existential threat to a country’s security. But that all changed with the arrival of cyber weapons, and Mr. Sanger’s book argues that this has transformed geopolitics as nothing has since the invention of the atomic bomb.

Less than a decade ago, cyberwarfare wasn’t even on the National Intelligence Agency’s radar but is now considered the number one threat to national security, and Mr. Sanger asserted that the US is far from creating a doctrine governing its use.

Asked whether there had been any progress in developing effective defenses for these weapons, he said, “The good news is that our own cyber protections are better than they were five or ten years ago. The bad news is there are so many more things connected to the internet in your home and around the world that the problem is expanding exponentially.” That presented the paradox, he said, of the most technologically advanced and wired countries of the world being the most vulnerable to attack.

He detailed the broad nature of the “vulnerabilities” they faced, listing espionage and data manipulation, the ability to change votes, the targeting of a nuclear  weapon and the possibility of someone getting into the military database and changing the blood types of every soldier. “The most subtle one is the information warfare side that we’ve been so obsessed with for the past two years, and that one is hard in particular because we’re an open society, and we want to have a lot of communication.” It is the “very subtle use that I worry about the most,” he said,  “that and data manipulation much more so than the big attack that takes out all of the power from Boston to Washington.”

He told the audience how the challenge of responding to Russian cyberattacks on the 2016 American elections had bedeviled the Obama administration. “His aides came to him with lists of things we could do to the Russians,” he said. “We could cut them off from the world economy, we could reveal Vladimir Putin’s billions that he’s hidden around the world, we could mess up their finances, but what if Putin escalates by coming back on election day and actually [ends up] affecting the vote, registration systems, even just turning off the electric power in key districts? It was the fear of that that kept the Obama administration from acting against the Russians.”

That illustrated the basic dilemma facing American policy makers, he said. ”We have the most sophisticated cyber weapons on earth, and we’re worried about using them because we can’t control the ladder of escalation.”

He said that policy makers were stymied by the knowledge that once the US used cyber weapons, every country that was interested in attacking us or already trying to attack us would use it as an excuse to go cyber.. He pointed out that while there are only nine countries known to have nuclear weapons, the estimate of how many have cyber capability is now between 35 and 45 and growing.

He recalled the questions that national security officials pondered in devising a proportional response to the debilitating 2014 cyberattacks by North Korea that shut down 70 percent of Sony Pictures’ computer systems after the studio made a film mocking their leader Kim Jong-un. “Was that an act of industrial sabotage? Was it an act of vandalism? Was it an act of war? … The attack was so subtle because it took weeks to figure out what exactly had happened, and the worst thing they got were some sanctions.”

Mr. Sanger suggested that the only way to encourage responsible behavior in the cyber age would be to come up with a kind of international covenant, but that the political challenge in forging one would be greater than in the nuclear age.

“In the end, we’re probably going to need this Digital Geneva Convention,” he said. “The problem is that it needs to be signed by more than countries because we have criminal groups that hack, we have patriotic hackers, we have teenagers, and none of them sign treaties.”

IPI Senior Adviser for External Relations Warren Hoge moderated the event.

Related Coverage
“School of Diplomacy co-hosts International Peace Institutes’ Distinguished Author Series,” The Diplomatic Envoy, October 29, 2018