How can U.S. deal with cyber war?




Michael Hayden says lack of domestic agreement is driving U.S. to take the offense on cyber attacks.




STORY HIGHLIGHTS


  • Obama administration beefing up effort to counter cyberattacks

  • Michael Hayden says emphasis is on striking first, as the U.S. does with drone attacks

  • Ex-CIA director says drone policy reflects lack of consensus on handling prisoners

  • Hayden: Is killing terrorists preferred because of division over how to try them?




Editor's note: Gen. Michael V. Hayden, who was appointed by President George W. Bush as CIA director in 2006 and served until February 2009, is a principal with the Chertoff Group, a security consulting firm. He serves on the boards of several defense firms and is a distinguished visiting professor at George Mason University.


(CNN) -- Human decisions have complex roots: history, circumstance, personality, even chance.


So it's a dangerous game to oversimplify reality, isolate causation and attribute any particular course of action to one or another singular motive.


But let me tempt fate, since some recent government decisions suggest important issues for public discussion.



Michael Hayden

Michael Hayden




Over the past several weeks, press accounts have outlined a series of Obama administration moves dealing with the cyberdefense of the United States.


According to one report, the Department of Defense will add some 4,000 personnel to U.S. Cyber Command, on top of a current base of fewer than a thousand. The command will also pick up a "national defense" mission to protect critical infrastructure by disabling would-be aggressors.


A second report reveals another administration decision, very reminiscent of the Bush Doctrine of preemption, to strike first when there is imminent danger of serious cyberattack against the United States.


Both of these represent dramatic and largely welcome moves.


But they also suggest the failure of a deeper national policy process and, more importantly, the failure to develop national consensus on some very difficult issues.


Chinese military leading cyber attacks


Let me reason by analogy, and in this case the analogy is the program of targeted killings supported and indeed expanded by the Obama administration. Again, I have no legal or moral objections to killing those who threaten us. We are, as the administration rightly holds, in a global state of war with al Qaeda and its affiliates.








But at the level of policy, killing terrorists rather than capturing them seems to be the default option, and part of that dynamic is fairly attributable to our inability to decide where to put a detainee once we have decided to detain him.


Congress won't let him into the United States unless he is going before a criminal court, and the administration will not send him to Guantanamo despite the legitimate claim that a nation at war has the right to detain enemy combatants without trial.


Failing to come to agreement on the implications of the "we are at war" position, we have made it so legally difficult and so politically dangerous to detain anyone that we seem to default to killing those who would do us harm.


Clearly, it's an easier path: no debates over the location or conditions of confinement. Frequently such action can be kept covert. Decision-making is confined to one branch of government. Congress is "notified." Courts are not involved.


Besides, we are powerful. We have technology at our fingertips. We know that we can be precise, and the professionalism of our combatants allows them to easily meet the standards of proportionality and distinction (between combatants and noncombatants) in such strikes, despite claims to the contrary.


And we also believe that we can live with the second and third order effects of targeted killings. We believe that the care we show will set high standards for the use of such weapons by others who will inevitably follow us. We also believe that any long-term blowback (akin to what Gen. Stanley McChrystal calls the image of "arrogance" such strikes create) is more than offset by the immediate effects on America's safety.


I agree with much of the above. But I also fear that the lack of political consensus at home can drive us to routinely exercise an option whose long-term effects are hard to discern. Which brings us back to last week's stories on American cyberdefense.


In the last Congress, there were two prominent bills introduced to strengthen America's cyberdefenses. Neither came close to passing.


In the Senate, the Collins-Lieberman Bill created a near perfect storm with the American Civil Liberties Union and the American Chamber of Commerce weighing in strongly against the legislation. That two such disparate bodies had issues with the legislation should suggest how far we are from a national consensus.


In the House, a modest proposal from the Intelligence Committee to enhance cybersharing between the private sector and the National Security Agency was met with a presidential veto threat over alleged privacy concerns and was never even considered by the Senate.


Indeed, my preferred option -- a more active and well-regulated role for NSA and Cyber Command on and for American networks -- is almost a third rail in the debate over U.S. cybersecurity. The cybertalent and firepower at Fort Meade, where both are headquartered, are on a short leash because few dare to even address what we would ask them to do or what we would permit them to do on domestic networks.


And hence, last week's "decisions." Rather than settle the roles of these institutions by dealing with the tough issues of security and privacy domestically, we have opted for a policy not unlike targeted killing. Rather than opt for the painful process of building consensus at home, we are opting for "killing" threats abroad in their "safe haven."


We appear more willing to preempt perceived threats "over there" than spill the domestic political blood that would be needed to settle questions about standards for the defense of critical infrastructure, the role of government surveillance or even questions of information sharing. And we seem willing to live with the consequences, not unlike those of targeted killings, of the precedent we set with a policy to shoot on warning.


I understand the advantage that accrues to the offense in dealing with terrorists or cyberthreats. I also accept the underlying legality and morality of preemptive drone or cyberstrikes.


I just hope that we don't do either merely because we don't have the courage to face ourselves and make some hard decisions at home.


Follow @CNNOpinion on Twitter


Join us at Facebook/CNNOpinion


The opinions expressed in this commentary are solely those of Michael Hayden.






You're reading an article about
How can U.S. deal with cyber war?
This article
How can U.S. deal with cyber war?
can be opened in url
http://newsmawkishly.blogspot.com/2013/02/how-can-us-deal-with-cyber-war.html
How can U.S. deal with cyber war?