THIS ARTICLE WAS ORIGINALLY PRINTED ON MAR 30, 2014 AND IS BEING RE-PRINTED FOR “CHALLENGES OF INTELLIGENCE COLLECTION WEEK.”
Regardless of how you feel about Edward Snowden’s domestic surveillance program revelations, it’s time to get real about the cost we are paying for Snowden’s leaks about America’s signals intelligence programs. In a conversation a few months ago with a very senior former US intelligence official, I was struck by their apocalyptic assessment of the damage Snowden’s leaks had caused America’s intelligence capabilities. While he naturally considered the domestic concerns overblown, he was even more upset at Snowden undoing of decades of groundbreaking American work securing our own communications and spying on foreign governments.
Success in signals intelligence relies almost entirely on the opponent not knowing where and how he is being spied upon. As soon as your methods are discovered, your opponent can evade your espionage or, even worse, spoof you with false intelligence. Be detailing the methods that the US uses to spy on other countries, Snowden’s revelations immediately and directly limited the NSA’s capabilities. We are just now beginning to see the fruit of that.
The Crimean crisis has revealed tremendous gaps in American SIGINT and comms against the very country in which Snowden happened to take asylum. Just over a year after Snowden’s releases, it is no coincidence. Now, I don’t mean to give Snowden all the credit – the Russians have maintained aggressive measures against American SIGINT since at least the mid 2000s. But it is not clear that, before the Snowden revelations, they were certain how effective their countermeasures were. By laying bare the sorts of measures the NSA has honed to break open world communications, Snowden has given the Russian military and IC exactly what it needs to craft communications in the American blindspot. Thus, the American intelligence community was blindsided by the Crimean invasion – while they observed the Russian military buildup, the lack of an increase in comms traffic lulled them into a false sense of optimism. Thanks to Snowden, the Russians could be confident that their countermeasures would be effective.
There is another piece of this puzzle that has been troubling me; Over the past year, there have been a number of alarming communications security breeches that have embarrassed US, EU, and Ukrainian officials in ways very convenient for the ongoing Russian information war. Now, I can’t speak to the sources of the EU and Ukrainian leaks (I wouldn’t want to deprive some poor GRU operative his due!), but I was very alarmed by the US breech. Senior (and even not-so-senior) US officials working in the Former Soviet Union are subject to very strict regulations around communications. Now, it’s possible of course that Victoria Nuland and Amb. Pyatt made some error. But this isn’t the first rodeo for either of them: Nuland is the former ambassador to NATO, and Amb. Pyatt is a career FSO with decades of experience working in sensitive areas, including at the IAEA. We know that Nuland was surprised by the leak, calling it “pretty impressive tradecraft.”
There are two likely scenarios of how these communication leaks happened; both of them alarming. The first possibility is that the conversation was had in the clear on an embassy line. Intercepting embassy communications still involves a level of tradecraft above merely intercepting something over Ukraine’s telecoms network, and embassy comms being intercepted indicates a dire but not surprising familiarity with our diplomatic communications system. Nonetheless, such a breech would indicate that our diplomats had not necessarily followed protocol. The more alarming possibility is that the secure line itself was compromised. Prior to Snowden, such a breach was nigh unthinkable. But, prior to his time at the NSA, Snowden worked for the CIA…securing their communications from foreign postings. Now, I’m not suggesting that Snowden is sitting in Lubyanka Square hacking American comms. But it should scare the hell out of us that someone so intimately involved in securing American communications in addition to building American SIGINT capacities now relies on the generosity of his Russian hosts for his breakfast, lunch, and dinner.
I realize that this line of analysis has a certain Ian Fleming-ish feel to it; a US cryptanalyst absconds to Russia, and a year later, American SIGINT begins to experience unusual failures and breeches. But that is the reality we are living in, and we need to wake up to it. The damage Snowden has done to America’s information security and intelligence capabilities is not hypothetical and hypothesized. It is real, it is urgent, it is extensive, and it is just starting.
Jon is a 2013 Healy Scholar, a MPhil in International Relations candidate at University of Oxford, and a Research Assistant at Georgetown University.
This is the second article of our “Sacking of Rome” week: red-teaming the global order and learning from history.
This is not a prediction for the future, simply a thought experiment to tell a story of what might be. Thinking about how American power and influence might decline is not a slight to the United States. It is a strength. We are not a people blinded by American hubris, but instead are willing to honestly analyze the negative what-ifs while working toward the positive ones.
When discussing the fall of the United States, the initial reaction is to think of a dramatic collapse. Things such as losing World War III in an enormous battle or an economic collapse making the Great Depression look like a little setback could make for an engaging movie, but reality does not have to entertain – it simply has to be.
This is fiction, not a prediction, but hopefully it makes us think.
And Now for our Story…
The United States is powerless. Though our economy is still intact for the moment, our ability to influence events on the world stage and protect our national interests is gone. We try to turn to our allies for help, but even our oldest friends recognize that the balance of power has shifted and begin to reshape their alliances to look out for their best interests. We are alone, afraid, and powerless in a very complicated world. How did we get here?
The Age of Austerity
As the War on Terror wound down, the Department of Defense entered what has now become known as “the age of austerity.” We began to heed the warnings of Admiral Mike Mullen that our national debt is the biggest threat to our national security. It started with sequestration in 2013. The writing was on the wall that we were no longer the post-Cold War hegemon of the 1990s and once again simply a strong player within a multipolar world.
Before we knew it, China was no longer just a developing power. Profits from energy exports enabled Russia to regain its seat as a major player on the global stage. If there was a time for more guns and less butter it was then. But America was tired and mostly broke from over a decade of war, so the Department of Defense was forced to confront more diverse global challenges with fewer resources.
The future emerged amongst a sea of buzzwords and lightning bolts connecting nodes on countless PowerPoint slides within the Pentagon. It was impossible to attend a Department of Defense brief without network-centric warfare, cross-domain synergy, asymmetric advantages, and autonomous unmanned systems being heralded as the solution to all problems.
In an effort to preserve America’s military advantage while reducing long-term spending, we invested in unmanned technologies and the ability to network unmanned and highly advanced manned systems together. The network enabled coordinated operations across all domains almost simultaneously. This would provide the quick and overwhelming response necessary to defeat any adversary, and the best part was it required minimal personnel. Unmanned systems might have a high upfront cost, but they do not require a salary, medical care for dependents, or a retirement plan. The extra savings from eliminating as many people as possible enabled the establishment of a network of unmanned undersea, surface, air, and even space systems providing continuous intelligence, surveillance, and reconnaissance on a global scale and immediate coordinated response in the event of hostilities. The global influence of the United States was secured at a fraction of the long-term costs.
The Bubble Bursts
The American drone network continuously patrols the Air Defense Identification Zones (ADIZs) which China has established encompassing the East and South China Seas. China has made repeated complaints to the United States and the United Nations, and there have been many close calls between American assets and the People’s Liberation Army (PLA) Navy and PLA Air Force resulting in the loss of some drones, but without loss of life. Relations are tense, but the global status quo is maintained. The strategic goal of the United States is to keep economic relations with China how they currently are.
Suddenly the handful of operators within the Joint Force Drone Operations Center necessary to monitor and operate the global unmanned network find themselves staring at blank screens. What happened? An unannounced drill? A power outage? A loss this extensive has never happened before. They wonder and begin to troubleshoot.
While the casualty to the network is being reported up the chain of command, drones begin disappearing from radar screens at monitoring stations around the world. A flight of drones scheduled to land at Kadena Air Base in Okinawa for routine maintenance and refueling never arrives. Reports even begin to arrive of flights taking off and immediately crash landing. U.S. Cyber Command is alerted and begins to investigate. Once they know what to look for, it does not take long to find the malicious code responsible and it is glaringly obvious where it originated. The PLA. Not only did they not try to cover their tracks, but it looks like they wanted us to know who was responsible.
The few remaining manned platforms – a mere shadow of the previous numbers during the Cold War – are ordered to sortie toward the western Pacific in a show of force. Everyone quickly makes a devastating discovery. They are receiving no signal from the Global Positioning System. Once they are out of sight from land, ships and aircraft have no idea where they are. The Fleet attempts to adapt. They pull out the old paper charts – which they luckily retained onboard. Utilizing their mechanical compass and dead-reckoning for navigation, they set sail and attempt to find the Chinese coast.
They might not be at 100% capability, but they can at least make a show of American power with presence. Luckily, satellite communications are still functioning so they can coordinate between each other and with their operational commander. As they cross the Pacific, one by one they drop out of communications. The failures are first noticed in the radio room, but they quickly spread to ship control, combat systems, and to engineering. Every U.S. platform is now blind, impotent, and dead in the water. Within a few short days the once-feared military power of the United States is defeated without any bloodshed. Not with a bang, but a whimper.
Jason H. Chuma is a U.S. Navy submarine officer who has deployed to the U.S. 4th Fleet and U.S. 6th Fleet areas of responsibility. He is a graduate of the Citadel, holds a master’s degree from Old Dominion University, and has completed the Intermediate Command and Staff Course from the U.S. Naval War College. He can be followed on Twitter @Jason_Chuma.
The opinions and views expressed in this post are his alone and are presented in his personal capacity. They do not necessarily represent the views of U.S. Department of Defense or the U.S. Navy.
This essay by Billy Pope is part of the Personal Theories of Power series, a joint Bridge–CIMSEC project which asked a group of national security professionals to provide their theory of power and its application. We hope this launches a long and insightful debate that may one day shape policy.
Cyberspace is enabling new forms of communication, influence, awareness, and power for people around the world. Families use cyberspace to communicate face-to-face over great distances. Financial institutions execute global business and commodity trades at the speed of light through the cyberspace domain. The world’s citizens are granted unprecedented access to information, facilitating more awareness and understanding than at any time in history. Yet the same cooperative domain that fosters so much good for mankind also offers a tremendous source of power. The antithesis of the mutually beneficial electronic environment is a cyberspace where competition and fear overshadow collaboration. This conundrum, however, is not new. Hobbes, in his fundamental law of nature, warns, “That every man, ought to endeavour Peace, as farre as he has hope of obtaining it; and when he cannot obtain it, that he may seek, and use, all helps and advantages of Warre.”[i] Cyberspace will continue to civilize. As the domain matures, however, so too will the forces that aim to use the cyberspace domain to project power.
Before diving into the concept of cyber power, one must first frame the term power itself. Power, in its most basic form equates to might: the ability to compel a person or group to acquiesce through force. Thucydides captured this concept in his artful depiction of the Melian Dialog, penning the famous phrase, “the strong do what they can and the weak suffer what they must.”[ii] Hobbes, too, warned that power possessed is power to be used, suggesting every man lives in a state of constant competition with every other man.[iii] In this way, power is the ultimate arbiter, framing both what a man can do and what he should do in the same breath.
The close cousin to might is coercion. Thomas Schelling suggests “Coercion requires finding a bargain, arranging for him to be better off doing what we want — worse off not doing what we want — when he takes the threatened penalty into account.”[iv] Unlike a strategy centered on might, coercion requires insight. Military strategists and theorists who emerged from the Cold War coalesced around a single basic tenet of coercion: one must attempt to thoroughly understand an adversary before coercion can succeed.[v] Hearkening Sun Tzu’s notion that one must “know the enemy,” this community of great minds suggests in-depth analysis helps determine the bargaining chips in the coercion chess match.[vi]
Coercion is not limited to massive Cold War-styled conflicts. Non-state actors and other asymmetric threats may also be influenced through coercive strategies. Emile Simpson, in his book War From the Ground Up, infuses current counterinsurgency strategies with Aristotle’s concepts of logos, ethos, and pathos to distill the concepts of modern coercion.[vii] Simpson argues the vital importance of information as a source of power. He suggests the very definition of success in asymmetric conflicts is framed by one’s ability to compel an adversary to accept an imposed strategic narrative. Simpson writes, “In this sense, success or failure in war are perceived states in the minds of one’s intended audience.”[viii] In wars where annihilation cannot even be considered as a feasible strategy, one must win with ideas. Coercion offers a framework of thought that centers on this very approach.
Why focus so much of an essay on cyber power theory to a lengthy discussion on traditional forms of power? Quite simply, cyber power is still just power at its core. Cyber power will not change the nature of war. Cyber power, at least in the foreseeable future, will not reorganize the international consortium of states, leaving the Westphalian system to flounder in a new electronic world order. Cyber power offers tremendous opportunities to enhance how people interact, cooperate, and even fight. It does not, however, make traditional forms of power obsolete.
Overzealous futurists exuberantly claim that cyber power is a game changer, saying things like, “Cyber war is real; it happens at the speed of light; it is global; it skips the battlefield; and, it has already begun.”[ix] The attuned strategist will peer through the chafe, realizing that cyber power offers new, innovative methods by which to project power. The same savvy practitioner will also appreciate that power and conflict are grounded in basic human requirements, psychology, and relationships. Neither Thucydides’ realist notions of fear, honor, and interests, nor Keohane’s collaborative concepts of cooperation and interconnectedness were developed with cyberspace in mind.[x] Cyberspace, and in turn any notion of cyber power, however, contains these concepts in troves.
What, then, is cyber power specifically? This author argues it takes two forms. First, cyber power extends and accentuates existing forms of military power. It helps shape the battlefield through intelligence collection and information operations. In some cases it facilitates military effects that were previously only achievable through kinetic means. Second, cyber power is a unique political instrument. Most military professionals are all too familiar with the elements of national power marched out during professional education courses: diplomatic, informational, military, and economic. Cyber power connects to each of these components but also offers new options. Stronger than diplomacy and sanctions, yet not to the level of Clausewitzean war, cyber power expands the spectrum of power projection available to policy-makers.
In its militaristic form, cyber power has proven its worth as an accoutrement to traditional military engagements. Two historical examples of air power employment serve as cases in point. When the United States repelled Iraq’s invasion of Kuwait in 1991, the American Air Force disabled Iraq’s integrated air defense system by permanently destroying radar sites, anti-aircraft systems, and electrical switching stations.[xi] In 2007, the Israeli Air Force penetrated Syrian airspace en route to an alleged nuclear reactor at Dier-ez-Zor. Israeli pilots simply flew past Syria’s air defense systems undetected. While Israeli officials have never confirmed the details of this operation, it is widely accepted that a cyber attack blinded the air defense systems, achieving the desired effect, while preserving the systems and their associated personnel from physical destruction.[xii] By producing military effects, cyber power enhances more traditionally understood forms of power in terms of might and projection.
The second framework of cyber power, however, places more emphasis on the combination of interdependence and leverage than military might. In this way, the concept of coercion again takes center stage. The United States serves as an appropriate case study. America is the most technologically advanced nation on Earth. The U.S., after all, invented the Internet and gave rise to the framework for cyberspace. Until very recently, the United States maintained control over the mechanisms that form the central nervous system of the Internet and its interdependent connections.[xiii] This outright advantage, however, also translates into a serious vulnerability. The U.S. and other similarly connected nations are more dependent on cyberspace for normal societal functions like banking, municipal utilities, and interstate commerce.
Prominent powers are incentivized to exercise cyber power to achieve political effects while attempting to limit vulnerabilities to the same types of actions. Largely non-lethal and quite influential against nations that find themselves dependent upon the domain, cyber power offers attractive options. Some states will attempt more cooperative approaches to limit vulnerability, as Keohane’s post-hegemonic theoretical approach would suggest. At a minimum, capable entities will communicate their abilities to exert influence in the cyber domain to influence the strategic narrative Emile Simpson so aptly describes. The ability to project power in the cyber domain becomes an important source of influence alongside economic, military, informational, and diplomatic leverage. It is in this grand-strategic purview that cyber power holds the most potential.
The difference between these two aspects of cyber power is both strategic and philosophical. In the militaristic sense, cyber might conjures a Clausewitzean approach where engagements form the foundation of strategy and digital blood is the price of victory.[xiv] A strategy centered on coercion, leverage, and dependence, however, falls into the realm of Sun Tzu and Liddell Hart where perfect strategies involve very little actual confrontation on the way to achieving political objectives.[xv] Familiar in concept yet quite novel in execution, these two methods produce power where none previously existed. Both approaches, however, must be considered as parts of a greater whole that includes the full spectrum of power and political will. Cyber power is poignant and increasingly relevant, but it is not sufficient in and of itself.
While some soothsayers predict cyberspace will reshape the global landscape and the power structures that govern it, this author suggests otherwise. So long as people depend on the physical domains of air, land, and sea for basic survival needs, the physical powers used to protect these domains will remain relevant. That is not to say, however, that cyber power is flaccid. Nations that depend on cyberspace can be held at risk through the exploitation of cyber power for political effects. Whether through direct engagement or a more indirect approach, cyber power is capable of swaying political decisions in the same way others sources of power influence policy. Cyber power is a force to consider as military leaders and statesmen alike contemplate all dimensions of national power.
[i] Thomas Hobbes, Leviathan, Rev. student ed, Cambridge Texts in the History of Political Thought (Cambridge ; New York: Cambridge University Press, 1996), 92.
[ii] Thucydides, History of the Peloponnesian War, [Rev. ed, The Penguin Classics (Harmondsworth, Eng., Baltimore]: Penguin Books, 1972), 406.
[iv] Thomas C. Schelling, Arms and Influence (New Haven, CT: Yale University Press, 2008), 4.
[v] Graham T. Allison, Essence of Decision: Explaining the Cuban Missile Crisis, 2nd ed (New York: Longman, 1999), 404; John J Mearsheimer, The Tragedy of Great Power Politics (New York: Norton, 2001), 338; Emile Simpson, War from the Ground up: Twenty-First Century Combat as Politics (New York, NY: Oxford University Press, 2013), 206; Robert Anthony Pape, Bombing to Win: Air Power and Coercion in War, Cornell Studies in Security Affairs (Ithaca, N.Y: Cornell University Press, 1996), 20. This list is not exhaustive, but is representative of the importance the community of scholars places on understanding one’s adversary.
[vi] Sun Tzu, The Illustrated Art of War (New York: Oxford University Press, 2005), 205.
[ix] Richard A. Clarke, Cyber War: The next Threat to National Security and What to Do about It, 1st ed (New York: Ecco, 2010), 30–31.
[x] Thucydides, History of the Peloponnesian War, 20–21; Robert O. Keohane, After Hegemony: Cooperation and Discord in the World Political Economy, 1st Princeton classic ed, A Princeton Classic Edition (Princeton, N.J: Princeton University Press, 2005), 243.
[xi] Michael R Gordon and Trainor, The Generals’ War: The inside Story of the Conflict in the Gulf (Boston: Little, Brown, 1995), 112.
[xii] Charles W. Douglass, 21st Century Cyber Security: Legal Authorities and Requirements, Strategic Research Project (U.S. Army War College, March 22, 2012), 14.