Ben Buchanan - The Hacker and the State: Cyber Attacks and the New Normal of Geopolitics

HOW MUCH YOU PAY FOR ENEMIES CYBER WEAPONS?

The question was posed online with no preamble and in broken English. It sounded like a prank, a thought experiment, or an internet troll shouting into the digital ether. It was none of these things.

This message, posted in 2016 by an account calling itself theshadowbrokers, began a series of events that would send shock waves through United States intelligence agencies and beyond. During a year-long escapade, the Shadow Brokers released documents that exposed how hackers working on behalf of the American government had penetrated networks around the world to delay, disrupt, and defang their targets. Their purloined files revealed that hacking was a fundamental, though mostly secret, tool of American statecraft, one deployed clandestinely against foe and friend alike.

The Shadow Brokers released more than just documents. They revealed a collection of hacking tools amassed and guarded by the National Security Agency, or NSA, that were so powerful that American hackers likened them to fishing with dynamite. And now this dynamite had suddenly been made available to anyone for free.

The result was predictably disastrous. Hackers from authoritarian regimes and criminal groups repurposed the exposed code for use in their own devastating cyber attacks. They rank as the most destructive hacks in history, wreaking more than $14 billion of damage, infecting hundreds of thousands of computers, and interfering with businesses across the globe. American spy agencies that were accustomed to stealing others secrets and penetrating others intelligence operations did not know what had hit them. The United States government began a massive counterintelligence investigation into the Shadow Brokers, an inquiry made much more difficult by the careful steps the group had taken to cover its tracks. Though it has not been confirmed, leaks from the investigation suggest the Shadow Brokers were Russian in origin. Americas loss was Russias gain.

The Shadow Brokers data dump and the attacks that followed were the culmination of an unmistakable trend: over two decades, the international arena of digital competition has become ever more aggressive. The United States and its allies can no longer dominate the field the way they once did. Devastating cyber attacks and data breaches animate the fierce struggle among states. Chinese hackers plunder American business secrets and steal digital consumer records while Russian hackers interfere in the power grids and electoral politics of their adversaries. Even isolated countries such as North Korea and Iran can now decimate major global corporations like Sony and Aramco. And for all the blows it has suffered, there is no doubt that the United States continues to punch back. This book shows how all these events fit together, synthesizing and interpreting two decades of modern history to show how hackers have reshaped the world.

The chaotic arena of cyber operations that this book portrays is not what scholars and military planners had long imagined. They had always envisioned cyber attacks as a kind of digital equivalent to nuclear war: devastating but rare. This notion first etched itself into American consciousness with the 1983 movie WarGames, which featured a young Matthew Broderick inadvertently bringing the world to the brink of nuclear Armageddon by hacking into military computers. President Ronald Reagan saw the film the day after its release and demanded that the government investigate its premise. Over the five presidencies since, an endless string of Washington blue-ribbon commissions has addressed the specter of digital destruction. Books by academics and policymakers have conjured up images of hacked power plants and air traffic control networks, of food shortages and mass panic.

Rather than realizing this apocalyptic vision, however, cyber attacks have become a low-grade yet persistent part of geopolitical competition. They happen every day. Government hackers play an unending game of espionage and deception, attack and counterattack, destabilization and retaliation. This is a new form of statecraft, more subtle than policymakers imagined, yet with impacts that are world-changing.

The more competitive aspects of statecraft rely on two overlapping but distinct approaches: signaling and shaping. The distinction between the two is vital. If international relations are like a game of high-stakes poker, to signal is to hint credibly at the cards one holds, in an attempt to influence how the other side will play its hand. To shape is to change the state of play, stacking the deck or stealing an opponents card for ones own use.

This book argues that while cyber capabilities are increasingly versatile tools for shaping geopolitics and seizing the advantage, they are comparatively ill-suited for signaling a states positions and intentions.

Since the dawn of the nuclear age, the theory and practice of international relations has focused on signaling, and with good reason: humankinds most powerful weapons have become so destructive that they cannot be used except in the most extreme of circumstances. The canonical scholarship of the Cold War period thus explained not how to win a conflict, but how to avoid it on ones own terms. Theorists like Thomas Schelling, who received the Nobel memorial prize in economics for his studies of game theory, described how a state can gain and retain an edge without firing a single shot. To hear Schelling tell it, much of statecraft is about manipulating the shared risk of war, coercing an adversary with carefully calibrated threats so as to gain a peaceful advantage.

Military mobilization is an example of statecraft by signaling. Deploying armed forces highlights ones fighting capabilities and demonstrates resolve to adversaries. It suggests that any aggression will bring significant consequences. For this reason, during the Cold War, the United States regularly positioned forces in Western Europe. Since there were not nearly enough American troops to stop a Soviet invasion, one might have wondered what these warriors could do. Schelling had a ready answer: Bluntly, they can die. They can die heroically, dramatically, and in a manner that guarantees that the action cannot stop there. The Soviets knew that no president could suffer the loss of thousands of Americans and not retaliate. The troops lent credibility to the United States signal of commitment to the continent. Their presence helped keep the peace.