This Week at War: COIN Moves Online
Here is the latest edition of my column at Foreign Policy:
Topics include:
1) The United States fights another counterinsurgency — in cyberspace,
2) Yes, let’s partner against al Qaeda. But who, exactly, will be the partners?
The United States fights another counterinsurgency — in cyberspace
On Jan. 25, the New York Times published a story that discussed a cyberwarfare exercise conducted earlier this month inside the Pentagon. The purpose of the exercise was to examine how top civilian and military leaders would respond to sudden cyberattacks that targeted the country’s power grids, communication systems, or financial networks. According to the article, the result was confusion and paralysis — the Pentagon decision makers did not know where the attacks came from, who instigated them, or whether they even had the legal authority to respond.
Cyberwarfare has characteristics that are similar to the matchup between insurgents and counterinsurgents. Like an insurgent picking up a rifle or a homemade bomb, the cost of becoming a cyberwarrior is minimal. Like insurgents, cyberwarriors hide among the population and do an even better job at remaining anonymous. Their anonymity provides leaders with plausible deniability if they desire it. Even more than insurgents, they are inaccessible to counterattack and are not subject to deterrence. Worst of all, it is the cyberwarriors and not the U.S. military, who enjoy “escalation superiority” — the more a cyberwar escalates, the worse things would get for the United States.
It is therefore very timely that the Center for a New American Security published a report this week on protecting the global commons, the maritime, air, space, and cyberspace realms through which people, commerce, ideas, and military forces flow.
Chapter Five of the report focuses on the threats to cyberspace. How should the United States deal with the threat of malicious cyberattacks on its infrastructure? The authors of this chapter draw an analogy to how officials in the public and private sectors coordinate their actions during a public health threat, such as a flu outbreak. There is no single action that brings flu under control. Success requires a wide variety of actions, including data collection, public service announcements, the targeted distribution of vaccines, and individual self-help, such as voluntary isolation and hand-washing. According to the authors, the same pattern of responses applies to a computer virus attack.
Yet in at least one sense, the analogy breaks down. A bad flu outbreak is a random act of nature. National governments and populations have an incentive to cooperate on containing these outbreaks and generally appear do so. At least it doesn’t appear to be the case that countries or non-state actors are engineering flu bugs, deliberately distributing them, or actively disrupting efforts to contain their spread.
According to the CNAS authors (see page 149), the Russian and Chinese governments have been doing exactly this in cyberspace. If a nation-state were found to be deliberately distributing a flu virus, it seems reasonable to assume that sanctions and a quarantine of the offender would follow. Cyberattackers have yet to kill somebody, at least directly. Perhaps this is why they still enjoy virtually complete impunity.
The U.S. government understands the country’s vulnerability to cyberattack and is attempting to organize a defense. Yet at the same time, most Americans view cyberspace much like the air or oceans, an open and neutral commons. By contrast, various non-state actors, along with the Chinese and Russian governments, view cyberspace as a tool of power and leverage. Cyberwarfare, although a concern for a few in the United States, has not become a concern for the vast majority. As long as that is the case, the U.S. government is likely to remain a passive defender against an army of anonymous cyberinsurgents.
Yes, let’s partner against al Qaeda. But who, exactly, will be the partners?
On Jan. 28, Washington Post columnist David Ignatius argued that the U.S. military needs a new approach to fighting Islamic extremists. According to Ignatius, “America has to get out of the business of fighting expeditionary wars every time a new flash point erupts with al-Qaeda.” Instead of U.S. general-purpose ground forces engaging in direct combat, Ignatius argues for more limited partnerships “to train other countries to fight Islamic extremism that threatens them at least as much as us.” Ignatius is calling for more “security force assistance,” the promise and perils of which I discussed last September in an essay for the Stimson Center.
After the painful experiences in Iraq and Afghanistan, any reasonable policymaker will be hoping that security force assistance partnerships will prevent the United States from having to mount another major counterinsurgency expedition. What remains unsettled is who, exactly, will be these security-force assistance partners. Ignatius’s column discusses U.S. training support for foreign governments ranging from Africa to the Philippines. Programs that aim to boost the effectiveness and legitimacy of foreign governments are certainly the policy preference of the U.S. government, especially the State Department.
But as U.S. officials are learning in Afghanistan, what the State Department prefers might not be what actually works. U.S. military officials in Afghanistan are eager to move ahead with local security initiatives using village and tribal militias. But according to the Washington Post, U.S. ambassador to Afghanistan Karl Eikenberry, supported by special envoy Richard Holbrooke, is resisting local defense efforts that are not coordinated with the Afghan Interior Ministry in Kabul. State’s resistance may be futile; according to the New York Times, the U.S. military is already bypassing both the central and provincial governments and awarding a $1 million grant directly to a 400,000-person tribe in eastern Afghanistan that has turned against the Taliban.
Ironically, Eikenberry’s cables to Washington, sent during the Obama administration’s exhaustive Afghan policy review, described how the central Afghan government was “not an adequate strategic partner.” But no matter how flawed a partner government may be, it appears as if Foggy Bottom will operate only “by, with, and through” the nation-state system. In an age of irregular warfare, slavishly adhering to that system will leave many problems unsolved.