Boasting Without Explaining
Not a good national security approach—even in cyberspace.
Jun 18, 2012, Vol. 17, No. 38 • By JEREMY RABKIN & ARIEL RABKIN
One risk from this policy void is that the Iranians will be emboldened to take more aggressive action, interpreting our silence as indecision or policy paralysis. It is hard to deter when you don’t make serious threats. The Iranians or their friends elsewhere may be further emboldened because, unlike cruise missile strikes or conventional bombing, a cyber attack may be hard to identify and trace to its source. Other governments might demand that we withhold retaliation until we had demonstrated the ground on which we attributed particular cyber attacks to the Iranian government. We might not want to share such intelligence or expose it to outside scrutiny. Enemies might count on ensuing hesitations, since we have not made clear how or when or on what grounds we would feel entitled to act.
Another risk is that, if U.S. policy seems reckless or impulsive, otherwise-friendly allies may lose confidence in U.S. policy and be less likely to cooperate in the future. The Stuxnet virus, supposed to be precisely targeted on the Iranian nuclear program, did cause collateral damage, requiring companies in Europe and elsewhere to invest in remedial measures. The Flame virus was insinuated into Iranian nuclear sites with a forged certificate identifying it as a Microsoft product. This damages the credibility of Microsoft and other firms that depend on users trusting their certification. If the U.S. government cannot reassure potential partners in its cyber intrigues, it may find it harder to recruit assistance in the future, even from American computer firms.
There was one other thing the leakers in the Obama White House wanted New York Times readers to know: Bush started it—with an earlier program to disable uranium enrichment operations in Iran. Obama officials might consider that the Bush administration, by neglecting to get full congressional approval for many aspects of its anti-terror program, made it easier for critics to pounce when things turned sour later. One consequence was that critics then mobilized political opposition, resulting in new restraints the White House did not favor.
If the Obama team is going to boast about the president’s cyber prowess, it really should try to do more to warn our enemies and reassure our friends—and perhaps inform Congress—what rules it thinks will apply to this new weapon. There are serious and still quite contentious policy issues in the emerging field of cyber strategy. A president preoccupied with personal preening makes it much harder to mobilize support for reasonable policies.
Jeremy Rabkin is professor of law at George Mason University. Ariel Rabkin is a postdoctoral researcher in computer science at Princeton University. They are the authors of an article on cyber threats and the law of armed conflict in the Hoover Institution’s series on “emerging threats.”