The United States has struggled to find a way to support Syrian rebels without putting American lives at risk, and President Barack Obama has repeatedly rejected proposals to shift from arms dealing to cyberwar. He’s making a prudent choice.
Instead of targeting enemy soldiers, cyberwar targets enemy infrastructure. Just as your own computer can be damaged by being infected with a virus, enemy computers can be compromised with targeted malicious software, but, instead of stealing your credit card number or wiping your hard drive, these attacks can steal battle plans and disable or even destroy weapons systems and infrastructure.
Cyberwar is a tempting option, since it keeps our boots off the ground and out of enemy airspace. One Pentagon plan would have reportedly grounded President Bashar al-Assad’s missiles, preventing him from launching airstrikes without the inconvenience of setting up a no-fly zone or a shield system.
However, the safety Obama would win for our troops abroad could be outweighed by the danger he’d expose us to on the homefront. The very remove that makes cyberwar tempting makes it more likely that, if this kind of conflict is normalized, battles will spill over into the infrastructure of our daily lives. And that’s a theater of operations we’re ill equipped to defend.
Cyberwar favors the smaller side. Developed countries have the most to lose, responsible as they are for power grids, secure databases, banking systems, etc. A digital insurgency is agile and light, with nothing to protect but its own files. Some struggling countries even have even lucked into their own defenses by lagging behind. According to the New York Times,
[Cyberattacks were] considered during the NATO attacks on Libya in the spring of 2011, but dismissed after Mr. Obama’s advisers warned him that there was no assurance they would work against Col. Muammar el-Qaddafi’s antiquated, pre-Internet air defenses.
But this strategy is better suited to self-interested despots like Qaddafi or science fiction like Battlestar Galactica than to a modern nation. The United States will never be in a position to sacrifice prosperity and progress for security through technical regress.
Right now, the United States doesn’t just have weak cyber defenses, but, once a breach occurs, our infrastructure isn’t resilient enough to weather the damage. A recent sniper attack on a California power plant raised concern because our power grid is so delicately balanced that compromising just a few power stations, physically or electronically, would give an attacker the ability to induce a massive blackout, even worse than the one that struck the Northeast in 2003.
The risk of future breaches has grown, as the National Security Agency has worked to install backdoors in key online protocols, even paying security company RSA to compromise their own random number generator, so that the spooks could have easy access. These tricks save work for spies, but make all online activity more vulnerable if any malicious actors catch on to the deliberate weaknesses that have been installed. We’ve sapped our own defenses in the name of national security, even as the increased interconnectivity of systems has made our stability more dependent on our online security.
Major powers, the United States included, have already used cyberwarfare. The United States was almost certainly behind the Stuxnet virus that crippled Iranian centrifuges, and China has repeatedly breached American business and government sites to gather data on dissidents or to steal intellectual property. However, currently, both nations deny their involvement in these attacks; they are too stigmatized on the national stage to engage in openly, and most cyber-intrusions are for the purpose of gathering information. Shaming cyberwarfare limits how and when countries choose to use these tools.
Refraining from using cyberwar, in Syria or elsewhere, as an extension of war by other means helps delineate limits on acceptable use of force and choice of targets. We drew a red line and started shipping weapons when Assad began using chemical weapons—attacks so dangerous to civilians that the international community reached a fragile consensus to ban their use. It would be a loss to, in the service of defending that norm of warfare, weaken the case against cyberwar, putting us at risk in every conflict to come.