What do you think? Leave a respectful comment.

Why cyber warfare represents diplomatic territory

The New York Times reported over the weekend on U.S. military attempts to infiltrate the Russian power grid. The effort represents the latest offensive in an increasingly digital conflict with Russia, whose 2016 election interference is well documented. John Yang talks to R.P. Eddy, a former National Security Council official and founder of an intelligence consulting firm, about this new frontier.

Read the Full Transcript

  • Judy Woodruff:

    Over the weekend, The New York Times reported on American military efforts to infiltrate the power grid of Russia, a largely civilian target.

    As John Yang tells us, it's a flash point in an emerging, digital conflict.

  • John Yang:

    Judy, The Times reported that the president and Congress have given the Pentagon's Cyber Command, which is based at Fort Meade, Maryland, the authority to conduct offensive operations without direct presidential approval. That means commanders there can operate more freely, and, in theory, more nimbly.

    The intrusions into Russia's electrical grid are the latest reported example of U.S. military efforts on an increasingly crowded digital battlefield.

    For more on this, we are joined by R.P. Eddy. He's a former National Security Council official and the founder of Ergo, an intelligence consulting firm.

    Mr. Eddy, thank you very much for joining us.

    Can you give us some understanding or help us understand the scope of U.S. offensive cyber-operations?

  • R.P. Eddy:

    Well, U.S. Cyber Command, which is a part of the U.S. government, part of the Department of Defense that's intended to take our offensive-defensive cyber-operations, is 10 years old actually this month.

    And it's a massive undertaking, meaning that this reporting, to me, isn't shockingly newsworthy, because we have been working diligently, sending billions of dollars to understand the vulnerability of our adversaries around the globe for a decade at this point, at least. And before Cyber Command, of course, we were doing this in other guises.

  • John Yang:

    And how important is Cyber Command to U.S. military power?

  • R.P. Eddy:

    Think about how disruptive the use of cyberattacks against Facebook and other and other aspects of our cyber-domain were in the 2016 elections.

    The way the world's turning right now, we live in an extraordinary, connected world. We don't quite understand what would happen if the power went off, but if you spend some time thinking about no water, no hospitals, no ambulance, no traffic lights, what that all means, it means people dying. That's a cyber-offensive capacity.

    The critical infrastructure of most nations is controlled by things connected to the Internet or to computers. That's a cyber-target or vulnerability.

    So I'd say the capacity to create deterrence in the cyber-domain is extremely important for the United States right now as we try to push deterrence around the globe.

  • John Yang:

    Is there a concern, or is there a danger that what we view as deterrence, one side views as deterrence, the other side could see as provocation?

  • R.P. Eddy:

    Yes, I like the way you put that.

    So, one of the concerns about this entire domain is that it's still considered a secret, right? So all of our cyber-offensive or other nations' cyber-offensive capacities, if they even exist, are considered a covert capacity, meaning we're not sitting down in the public and talking about them.

    While nuclear weapons and normal missiles and other things are horrible weapons of war, we have treaties around them. We understand what is a proportional response, what is not. We have not had those conversations as it — when it comes to offensive cyber-activity.

    So the capacity of one nation to misunderstand another, for one nation to think that a cyber-intrusion or a cyberattack means one thing, to them, it means something much more aggressive or offensive, could happen. So there could be real room for miscommunication here.

  • John Yang:

    And so, in other words, it sounds like there are no sort of rules of the road here. It's a little bit like the Wild West?

  • R.P. Eddy:

    It is — the Wild West is a really good analogy. There are no rules of the road.

    And, remember, we're now talking about taking attacks against noncombatants. So there are obviously rules of warfare about hitting noncombatants. But in the world of the cyber-war, people may not consider that to be a violation of the International Criminal Court or other legal statutes that we have to follow inside the rules of warfare.

    So if I shut down the power grid in New York City, that will lead to the death of people that are noncombatants, and that is an offensive operation against noncombatants. And we haven't had those conversations. So it is the Wild West. There's not enough conversation on this. The norms haven't been established.

    I would just say quickly, again, look back at how puzzled we all were about the manipulation of Facebook and other social media during the last election. The technology is far outpacing the diplomacy and the conversations around these issues.

  • John Yang:

    And giving the authority to the secretary defense, to the head of Cyber Command to carry these things out without direct presidential approval, without direct presidential authority, is this a sign — I mean, is this a military commander is now calling it an airstrike; it's now just another weapon in the arsenal?

  • R.P. Eddy:

    It is another weapon in the arsenal. And it's one that we haven't had real conversations about, as we mentioned before.

    To activate potential implants or to take advantage of cyber-vulnerabilities would be an offensive operation of war that is not delegated right now down to individual commanders. So I would be shocked if the head of Cyber Command believes right now he's allowed to press a button and deploy cyber-weapons. I don't think that's where we are.

  • John Yang:

    And this all started — or at least the people first may have become aware of Stuxnet, when the National Security Agency launched this malware against the Iranian nuclear program, which got out, and is now being used by others or had been used by others.

    Is this now moving into the Pentagon? Is this sort of another step, another sort of Pandora's box being kicked open?

  • R.P. Eddy:

    So it's not entirely clear yet who was behind Stuxnet. And all the reporting that the United States was on it is sort of non-verified reporting.

    But whoever did release Stuxnet put a very, very powerful cyber-weapon out into the wild. And criminals and other nation states have since taken that weapon and repurposed it for their own use. So, much like a drone being shot down in a hostile country, American high-tech drone being shot down and being reprogrammed by the hostile nation, such can some of these cyber-weapons be repurposed by people we'd rather not have them, cyber-criminals or adversary nations.

    That's another thing we have to make sure we're really thinking about when we catalogue the unintended consequences of different cyber-activities, cyber-warfare activities.

  • John Yang:

    R.P. Eddy, a former National Security Council official, thank you very much.

  • R.P. Eddy:

    Thanks very much, John.

Listen to this Segment