NOTE: BECAUSE THE COMMENT OCCURRED HERE BUT INVOLVE THE TIME BATTLELAND BLOG, I CROSS-POST THIS EXCHANGE ON BOTH SITES.
Reader Brad Hancock jumps at the chance to compare my recent Time Battleland post on the new US cyber strategy with my just-published World Politics Review column.
Mr. Hancock comments at my Globlogization site that:
Compare this piece in WPR to the one Barnett wrote for Time on the same subject three weeks ago. Time readers were literally told they should fear the lowered tripwire for great power war and that "Dr. Strangelove has re-entered the Building", complete with a Guns of August/President Palin scenario in case they didn't get the picture. They were forewarned that "all such concerns will be downplayed by sensible national security types" but the hot war capacity would remain.
Now, WPR readers are told "there's no reason to fear America's decision to fold the cyber realm into this overall deterrence posture..." and, of course, the hot war capacity will remain. I understand the need for using a different tone when writing for different outlets such as Esquire, Time, or WPR. But the Time piece was full of sensational fear-mongering that Barnett rightly criticizes when he sees it in others. This makes me wonder if I should ignore him when he uses his "outside voice."
Suffice it to say, I am always happy when people read my various pieces so carefully!
Here's my answer to the charge:
There are some in the national security community who consistently hype the cyber threat - as in, the amazing damage they can do to us in an instant! I am not one of these types, and nothing in my years in the IT field (first working for the Center for Naval Analyses across most of the 1990s, then the Defense Department in the years leading up to and following 9/11, and since 2005 as an executive in a IT technology firm in the private sector) has convinced me that offensive cyber warfare trumps America's innate resilience as a networked economy/polity/military/society/etc. We can always take one on the chin, but our resilience will prevail.
There is, within that more worried segment of the community, a subset that advocates very aggressive countering responses, believing that any enemy's opening shot should be met with a big-time response. Those thinkers and decision makers may well feel greatly empowered by the new US cyber strategy - depending on how it plays out in the real world in coming years (for now, the strategy is mostly words on pages moving toward realized policy). I believe that those hardcore cyber response types can be considered in the same context as the we-will-inevitably-go-to-war-with-China types, in that both are looking for hunting licenses. Again, depending on how you look at it, the new US cyber strategy may well provide one. I think that's dangerous - as in, Strangelovian dangerous.
That is what I addressed in the Time post. There I focus on the start of what could be any number of types of crises ("Is that a normal blackout or the start of WWIII?") and the dangers of small things spiraling out of control into big things.
There are also many of us in the national security community who believe that any state that will launch a major offensive cyber attack on the US (as opposed to the day-to-day snooping/hacking/thievery - all of which the Chinese do in spades) will do so only as prelude to a full-on attack. Why? Why blow your super-secret wad on anything less, especially if the US might misinterpret and light you up with nukes in response? If a non-state actor does so, then we're on a different track (he can't follow up with a full-on attack and we can't exactly respond in-kind kinetically, can we?).
If you think along these lines, then you're more likely to advocate folding in our cyber deterrence strategy - with regard to state actors like China - into something more like our nuclear version (i.e., we basically tell you, if we think you're going all the way, we'll go all the way right back at you). That threat is mutually assured destruction, and it's meant to be a little crazy and ambiguous. But it's a threshold threat, and that threshold is decidedly high - as in, we really need to believe you're going all the way.
In the WPR column, I wrote about that threshold argument and the desirability of viewing the new US cyber strategy along those lines. I was sounding no alarm on this score, but contextualizing - as I prefer to - the new cyber strategy as being in line with past strategic practice. But not everybody agrees with this logic.
So the two pieces reflect two different ends of the spectrum: in the Time post I warn about those who may take off running with the new strategy, believing it empowers the national security community to spot "war" on a near-continous basis with China. In the WPR column I pull back my lens and go with the threshold of great-power war argument, which I believe must be kept very, very high, and I'd like to see the cyber strategy be interpreted as strengthening and not weakening that threshold.
So to sum up: if you believe that cyber warfare is an entirely new animal and that the new cyber strategy empowers the US national security community to treat it as such, possibly redefining the acceptable pathways to great power war, then I think you should be very much afraid of what may be done with this new approach. If you see cyber deterrence as being in the same ballpark as nuclear deterrence - despite its many obvious differences, then you can view the new strategy with more calm.
Problem is, all sorts of national security "blind men" will be feeling up this "elephant" in the coming months and years, and darn near each will walk away with his or her own impressions. That's why we need to debate this subject from a variety of angles and - yes - use a variety of voices and venues. I don't believe in reducing the threshold of great-power war, but some in the US national security community most decidedly seek to do just that.
Mr. Hancock is correct to point out that I scare in one article and soothe in the other, and that I don't provide obvious linkages between the two rationales. And that's why I'm glad he made the comment so I could respond in this fashion.
And yes, I had fun picking out the graphic ;<)
Thursday, January 14, 2016 at 2:55PM 
THE NATIONAL SECURITY COMMUNITY TENDS TO ATTRACT DOOMSDAY TYPES, WHILE THE UTILITIES SECTOR TENDS TO ATTRACT PRETERNATURALLY CALM ENGINEER TYPES - GO FIGURE! That's the just the nature of their respective businesses, so no big surprise that, when national security officials highlight the hacking threat to critical infrastructures (most frequently, electrical grids), plenty of practitioners in the utilities arena counter that "alarmism" with more prosaic examples of power outages - namely, those caused by rodents and birds. This is a classic argument between those who focus their professional attention on low-probability/high-impactevents (e.g., foreign military hackers attacking our critical infrastructure as a prelude to war-initiation) and those who must deal with high-probability/low-impact events - like a squirrel chewing through a wire and triggering a local blackout.
