Russia, China, Iran and North Korea routinely launch cyberattacks
on civilian areas, hacking private companies or undermining
foreign militaries, using online tools to manipulate information or digital propaganda to shape others' opinions, and employing digital mercenaries to do the work.
The Chinese military stole U.S. plans to the technically
sophisticated F-35 Joint Strike Fighter, allowing Beijing to create the copycat J-31. Hackers with connections to the Iranian government were charged earlier this year for attacks on U.S. banks and a dam in New York. North Korean operatives released a trove of damaging emails from Sony as the entertainment company planned to release a comedy with an unflattering portrayal of the country's leader. And Russia is widely suspected in a hack of the Democratic National Committee that could amount to a bid to undermine the integrity of the upcoming U.S. election.
The U.S., as of right now, is not fully prepared to match
incidents like these.
In Georgia and now in Ukraine, Russia has demonstrated its
ability to integrate full-scale cyberwar into its military maneuvers, further threatening U.S. allies along its border. But shortcomings with such 21st-century tactics plague America's military, which emerged from the Cold War, dedicated 15 years to fighting insurgencies in the Middle East and now faces the potential for a different kind of combat against potential foes who time and time again have tested its cyber capabilities.
Complicating the ability to hit back nimbly are strict policies
on how the U.S. is willing to conduct digital warfare. There are hard-line and at times overly dense barriers between cyber operators cleared to carry out the government's business and those who aren't, even though the latter often find themselves inadvertently at the front lines of digital warfare. War planners often lump all digital instruments under the homogenous subject "cyber," even though that represents a broad variety of tools and mediums, and don't yet have policies governing how to respond if forced to. And, perhaps most importantly, the U.S. has proportionately little experience with this kind of battle in the real world.
"The assumptions for a lot of us in this space is the nations who
have been at combat the longest would have developed a robust way of including these tools into battlefield use," says Jason Healey, an Air Force veteran and frequent adviser to the White House, Pentagon and private sector, now a senior research scholar at Columbia University.
Too many U.S. combat commanders believe developing cyber tools is
as clear-cut a process as making and employing conventional weapons. Bombs or bullets, for example, produce reliable effects each time the military chooses to employ them, and everyone along the chain of command understands the specific consequences of doing so.
"I don't see us having that kind of confidence at any one of
those levels," Healey says of the current cyber alternatives.
America's cyber shortcomings were at the center of a
congressional hearing earlier this month during which Sen. John McCain, the chairman of the powerful Armed Services Committee, pressed the nation's two top officials for digital combat to appraise the military's ability to respond to cyber aggression.
"The cyber threat is one of the greatest challenges we face,"
offered Marcel Lettre, undersecretary of defense for intelligence.
The Arizona Republican prodded, citing former Joint Chiefs
Chairman Martin Dempsey's troubling acknowledgement in January 2015 that cyber is the only major field of warfare in which the U.S. doesn't have an advantage over its foes.
"It's a level playing field," the Army general said at the time, "and that makes this chairman very uncomfortable."