“Defense is a necessary foundation for offense,” noted a June 2018 report by the Defense Science Board, a Pentagon advisory panel. “Effective offensive cyber capability depends on defensive assurance and resilience of key military and homeland systems.”
And yet, defense is precisely where US cyber capabilities are lacking the most.
“I believe we are in a declared cyberwar,” Michael Bayer, CEO of Dumbarton Strategies and a longtime Pentagon adviser who led a US Navy cybersecurity review in March, told Tribune News Service for a Sunday article. “It is aimed at the whole of society and the state. I believe we are losing that war.”
The US has woefully misjudged the scope of future conflicts, the Navy’s March report warned. Calling it a “national miscalculation,” the report warns that the door has been left open to a cyberattack crippling US warfighting capabilities or even society writ large.
That conclusion has been echoed again and again by US government watchdogs, Pentagon commanders and independent experts.
At the center of defense concerns are “gray zone conflicts,” or attacks not significant enough to generate a full-scale response.
“We need to have the bombers and planes and missiles to make sure we can defend the country in a conventional conflict, but we also need to face the reality, and gray zone conflict is happening now and will continue to go forward,” House Armed Services Subcommittee on Intelligence and Emerging Threats and Capabilities chair Rep. Jim Langevin (D-RI) told Tribune News.
A recent Pentagon white paper raised the alarm about “Russian malign influence and activities,” gray zone operations aimed at frustrating Washington’s policies around the globe. While the report reflects Washington’s anxieties about being surrounded by rising foes like China and Russia, who are supposedly pressing at the gates and plotting the US’ demise, it also notes that gray zone conflicts “increase the risk of misperception and miscalculation, between powers with significant military strength, which may then increase the risk of armed conflict."
Last month, US National Security Adviser John Bolton warned US adversaries that if they carry out cyberattacks against the US, “You will pay a price.” That statement came amid news that Washington hackers had burrowed deep into Russian infrastructure and placed computer codes capable of crippling Russia’s electrical grid in a time of conflict.
However, the Pentagon and the intelligence community’s heavy reliance on myriad defense contractors has made it basically impossible to monitor, standardize and correct cybersecurity practices, causing a “hemorrhage of critical data” as US adversaries pick the firms clean of their easily hackable information on US defense tech.
Over the years, the US economy has lost over a trillion dollars in intellectual property to online hacking, Tribune News reported, citing experts.
The DSB’s report warned that a concerted cyber attack on the US military “might result in US guns, missiles, and bombs failing to fire or detonate or being directed against our own troops; or food, water, ammo, and fuel not arriving when or where needed; or the loss of position/navigation ability or other critical warfighter enablers.”
The report further warned that such an across-the-board failure of US conventional military tools might create a situation desperate enough for a US president to more quickly consider the use of nuclear weapons. That possibility is more dangerous than ever, given the recent Joint Chiefs of Staff document revealed last month in which they weighed the benefits of limited, tactical use of nuclear weapons in conflict.