President Trump faced a difficult choice in the wake of Iran’s downing of an American drone over the Strait of Hormuz last week. Eventually, after ordering an attack, Trump decided against it, because the 150 estimated civilian casualties would have represented a disproportionate response to destroying an unmanned drone. But yesterday we found out he did pull the trigger on a different kind of response, and the United States launched a cyber attack against the Iranian Revolutionary Guard Corps, disabling some weapon systems.
Although the concept and capability of cyber warfare has existed since at least the 1980s, it is still in a very nascent, although dangerous stage. High-ranking military officials I have spoken to consider the cyber threat to the United States to be the greatest we face from foreign adversaries. Before looking at Trump’s action, and why it was a good move, it’s good to understand the current state of cyber warfare.
There are basically two types of cyber attacks that nations or non-state actors can employ. One is informational; the other degrades actual capabilities of computer networks. For obvious reasons involving Russia’s attempt to influence the 2016 election, the media in the United States has been focused on the informational side. This can include anything from social media election interference, as we saw from the Internet Research Agency, to spying through classified computer systems.
Informational cyber attacks can go on for long periods of time undetected. They are also very cheap to set up and operate. The United States is extremely vulnerable to these kinds of attacks precisely because our society is so free, while our adversaries can simply shut down websites, or the Internet. Thus the United States is struggling, along with social media companies themselves, to combat this growing threat.
The far more serious threat lies in attacks that degrade actual computing and network capabilities. The Pentagon’s top concern in this area is referred to as a cyber Pearl Harbor. This would look something like a foreign power shutting down the electrical grids in major U.S. cities. Such an attack could kill thousands of Americans very quickly. In fact, the military has studied the impact of Hurricane Maria in Puerto Rico as a model of what might happen if we suffered such an attack.
A cyber Pearl Harbor which leveled that kind of death and destruction would almost certainly be viewed as an outright act of war that must be met with a conventional warfare response. However, smaller-scale degrading cyber attacks, such as the one Trump ordered, exist on a murkier spectrum of destruction and response. It is not clear exactly what level of degradation of computing capabilities would cross the line that calls for a conventional response. This is exactly why it was the right move for Trump.
This is likely not the first time the United States has used a destructive cyber attack against Iran. In 2010 the Stuxnet virus wreaked havoc on the Iranian nuclear program. It is widely believed that this virus was created and employed by the United States and Israel. The difference now is that the United States is actually taking credit for this most recent cyber attack. That is a far bolder move than it appears to be on its face, for a few reasons.
First, unlike informational attacks, destructive cyber attacks are a one-and-done enterprise. This is because once the attack happens, the enemy knows it happened and can quickly reverse-engineer the attack. Not only does this protect the enemy from future attacks involving similar software, it can also improve their cyber capabilities, in a sense that after you shoot them, they get to keep the bullet and try to use it on you.
But perhaps more importantly, by taking credit for the attack, the United States is sending a clear message to Iran that it has a powerful cyber arsenal and is not afraid to use it. In fact, America might be able to inflict a cyber Pearl Harbor on Iran. Without dropping a single bomb, it may be able to unleash enormous death and destruction across wide swaths of Iranian territory. This was a very serious cyber shot across Iran’s bow that still leaves in play the eventual option of conventional attack.
Many observers seem to think that President Trump backed down by not bombing a few military installations in Iran. But this cyber attack is in many ways more insidious and dangerous for the Iranian regime. By signing our name to it, the United States is sending a clear message that it is willing and able to use this newest weapon of war, to dramatic effect.
The future of warfare is now and the Pentagon knows it. How Iran responds will determine if greater cyber attacks might be employed. This was the right attack, it is the right threat to emphasize, and it is the dawn of a new kind of war that will shape the course of international relations.