The United States gets a lot right about its strategic approach to cyberspace, but the steady stream of reporting on the relentless wave of adversarial cyber campaigns waged by Russia, China and Iran against the U.S. show that it also still gets plenty of things wrong. Some in Washington may be comforted by the idea that the Pentagon will act as a “backstop” against foreign cyber campaigns aimed at influencing the upcoming elections. The fact that a militarized response seems to be the only arrow in America’s quiver, though, is seriously troubling.
More than half a century after the Pentagon’s launch of the internet birthed the notion of cyberwar, one lesson is still going unlearned: that diplomacy and civilian leadership on cybersecurity matter as much as military responses when it comes to cyber defense and deterrence. Cyber diplomacy is, ultimately, a strategic necessity.
Of course, much has changed for the better in the 12 years since the Pentagon suffered a devastating malware attack on its classified computer network system. That 2008 incident, which was widely attributed at the time to Russian spies, led to the creation in 2010 of the U.S. Cyber Command as a unified combatant command. In 2018, the White House subsequently adopted America’s first-ever national cyber strategy. Until recently, Cyber Command focused the bulk of its efforts on preparing contingency responses to cyberattacks, as opposed to getting out in front of potential attacks on military networks by identifying adversarial actions and actors early on.