David Husband Archives

Recently in David Husband Category

March 5, 2014

Offensive Cyber Operations and America's Grand Strategy Mistake

David Husband image The New York Times recently revealed a secret debate that has been taking place behind the scenes within the Obama Administration regarding whether or not to undertake cyber-attacks against the Assad regime in Syria. The Pentagon and the National Security Agency developed a plan in 2011 to "essentially turn the lights out for Assad," but President Obama rejected the cyber-strikes, as well as regular kinetic approaches, to the conflict. The Times speculates that some of the reasons for not attacking Syria include the doubtful utility of the strikes, the possibility of retaliation, and the larger debate about the use of cyber-weapons in general.

Another possible reason, which the NYT does not discuss, may be a lack of legal authority. Over at Lawfare, Jack Goldsmith provides a cogent analysis of the potential domestic legal basis for the strikes. Goldmsith first notes the relatively sparse legal authority for the President to undertake overt action without the support of Congress against an adversary that is unconnected to the war on terror (so the AUMF would not apply.) He also believes it is unlikely to fall within the Article II self-defense powers that may have justified action against Iran (as with Stuxnet), while concluding there might be statutory authority under § 954 of the National Defense Authorization Act for Fiscal Year 2012.

However, it is the larger debate over the use of cyber-weapons in general that is most fascinating. The Washington Post disclosed last August that America mounted 231 offensive cyber-operations in 2011 alone, noting that "the scope and scale of offensive operations represent an evolution in policy, which in the past sought to preserve an international norm against acts of aggression in cyberspace, in part because U.S. economic and military power depend so heavily on computers." A major question is why has this policy changed? Why is the American military so determined to engage in offensive cyber-warfare when America may be one of the most vulnerable countries in the world to cyber attack?

There should be a serious, public debate about the value of offensive cyber operations for American security versus the costs. There are indications that this debate has occurred behind the scenes, but if we have learned anything from the NSA surveillance scandal, it is that the American people should be involved in the debate. It is the American people who should be setting the terms of whether we should even engage in this war and, if we choose to do so, to what extent we should prosecute the war. This debate, quite frankly, should be far more public than it has been. It is high time that Americans are aware of what is being done in our name in the realm of national security, when the potential blowback and costs are so high.

The costs are manifold: they include giving increased prominence to cyber-warfare (thus increasing the likelihood that cyber-attacks will become a more broadly accepted military option), militarizing cyberspace and the internet, the publicity costs and reputational harm to American interests when these secret operations are inevitably revealed, and the threat of counter-attacks which can cause substantial economic damage when they occur. Finally, in a time of budget austerity, the increased cyber-arms race represents misdirected tax dollars that could be developing America rather than tearing down other countries.

In 1800, the submarine was first introduced to the Royal Navy, impressing Prime Minister William Pitt, but not the First Sea Lord at the time, Earl Vincent. Vincent exclaimed, "Pitt was the greatest fool that ever existed to encourage a mode of warfare, which those who command the sea did not want, and which, if successful, would deprive them of it." Obviously, the answer to the submarine problem was not simply to ignore submarines. From the Royal Navy's perspective, the answer was to focus on devising effective responses to them in order to maintain control of the ocean.

Yet, there is wisdom in Vincent's words. Why encourage and lead the way in developing an asymmetric technology that can dangerously harm your position, which you have expended great blood and treasure to build up? Even if this technology were developed, why would you do so while your existing defenses were woefully inadequate?

This, in short, is the dilemma the American military is facing with regards to cyber-warfare. According to security experts, "Cyberwar is the greatest threat facing the United States--outstripping even terrorism." Former Secretary of Defense Leon Pannetta publicly proclaimed, "such a destructive cyber attack could virtually paralyze the nation." Yet currently, the "most kinetic cyberattack to date was probably the Stuxnet worm that attacked Iran's Natanz nuclear enrichment facility in 2010," which the U.S. is widely believed to be responsible for. Previously, the Pentagon seemed to understand these shortcomings, believing that cyber-deterrence would be exceptionally difficult.

However, the current strategic thinking seems to be that engaging in offensive cyber operations will have a deterrent effect on other countries, making them less likely to engage in cyber-conflict with us if they see how strong they are. It is difficult to be sure this is the exact strategic thinking because the relevant documents are highly classified, despite EPIC's attempt to secure public access to them through the Freedom of Information Act.  However, this idea is flawed, because cyber-warfare seems an ideal asymmetric tool for terrorists, non-attributable state actors, or attributable state actors who are too powerful for us to directly confront (China and Russia spring to mind). It seems a clear error of grand strategy to escalate a cyber arms race that could leave American infrastructure in shambles, with stunned Americans cast into sudden darkness, if we are attacked

The risk of a "cyber Pearl Harbor" to our critical infrastructure that we are frequently warned about is only exacerbated when we are constantly striking at the infrastructure of other countries. The politics of secret destruction in the name of national security are always easy--it is the politics of informed debate and creation in the name of democracy that are truly challenging.

January 28, 2014

Skipping Classified Briefings: Why Not Attending Makes Sense from a Functional Perspective

David Husband image This past year, there has been a great deal of commentary, some of it derisive, regarding Representative James Sensenbrenner's claim to have skipped relevant classified briefings and then not to have been informed of the subsequent classified programs. Ben Wittes over at Lawfare has been particularly scathing and Stewart Baker has included Sensenbrenner as a candidate for his newly-created Privy Awards, designed to honor the "Privacy Hypocrite" of the year award. Sensenbrenner ended up receiving a mere 12% of the overall vote for, placing him 4th out of 5 candidates and losing to Kathleen Sebelius.

However, upon a closer examination, this behavior is not as laughable as it might seem. In fact, it indicates an important aspect of the realities of engaging in political oversight of the highly classified intelligence community that has not yet been discussed. The desire to avoid being co-opted by the intelligence community is a powerful explanation of why a Congressional member might skip classified briefings.

Sensenbrenner explained to the Washington Post one of his primary rationales for not attending. The Post explained, "He called the practice of classified briefings a 'rope-a-dope' operation in which lawmakers are given information and then forbidden from speaking out about it. Members are not permitted to discuss information disclosed in classified briefings. 'It's the same old game they use to suck members in,' he said."

There has been very little discussion of the dilemma that being exposed to classified programs imposes on a member when they disagree with the program, wish to garner public support for change, and are unable to do so because of classification rules. The most prominent example is that of Senator Ron Wyden, who unable to get sufficient discussion of the NSA bulk meta-data collection program into the public sphere, decided to ask National Intelligence Director James Clapper, in open session a question he already knew the answer to.

As Ryan Lizza of the New Yorker describes the scene:

"Wyden leaned forward and read Alexander's comment. Then he asked, 'What I wanted to see is if you could give me a yes or no answer to the question 'Does the N.S.A. collect any type of data at all on millions or hundreds of millions of Americans?' " Clapper slouched in his chair. He touched the fingertips of his right hand to his forehead and made a fist with his left hand.

'No, sir,' he said. He gave a quick shake of his head and looked down at the table. 'It does not?' Wyden asked, with exaggerated surprise. 'Not wittingly,' Clapper replied. He started scratching his forehead and looked away from Wyden. 'There are cases where they could inadvertently perhaps collect, but not wittingly.' Wyden told me, 'The answer was obviously misleading, false.' Feinstein said, 'I was startled by the answer.'"

After the Snowden leaks, Clapper was forced to apologize for what he described as a "clearly erroneous" response and later in an interview to Andrea Mitchell, explained that he responded in "what I thought was the most truthful, or least untruthful manner by saying no." It's important to dwell on this. Clapper gave an answer that was demonstrably false. He has argued that he had a different conception of the question in his head, but either way, he gave an answer that was not true in open session and declined the opportunity to request a classified briefing (which was the appropriate response, but would have alerted the American people that the NSA does in fact collect data on "millions or hundreds of millions of Americans.") The U.S. Congress has not yet taken any steps to censure Clapper, but on December 19, 2013, Congressman Sensenbrenner and six other Congressman, sent a letter requesting that the DOJ investigate Clapper's statements and respond by January 10, 2014.

Sensenbrenner and Wyden offer two different approaches to dealing with the challenges of intelligence programs that Congress is tasked to oversee, which operate in deep secrecy, away from the gaze of the American people. One attempt, led by Senator Wyden, is to attempt to continue to draw attention to the program, to question the intelligence officials heavily, and to seek to spark a debate. However, this can be frustrated by the willingness of intelligence officials to dissemble and to engage in semantic word games where words that mean one thing to the American people have a very different meaning within the intelligence community.

The second approach is to recognize that the intelligence community often can be evasive and legalistic and after long experience with it, to simply refuse to play the game on the intelligence community's terms. According to the Post, both Senator Wyden and Senator Mark Udall alleged that misleading statements have occurred, "even during classified sessions."

There is evidence that other Congressman in addition to Sensenbrenner are refusing to play the intelligence community's game. Recently, the General Counsel for the Director for National Intelligence, Robert Litt, engaged in a defense of Clapper's testimony in a letter to the New York Times. He argued that Clapper was "surprised by the question and focused his mind on the collection of the content of American's communications. In that context, his answer was and is accurate."

According to the Washington Post, this is the fourth attempt to explain Clapper's statement and "is at odds with Clapper's own previous admission that he had given the 'least untruthful answer' he could give in response to a question about a classified program." Congressman Mike Rogers, Chairman of the House Intelligence Committee, has refused to let Litt testify before his panel since last summer, even in classified sessions. An unnamed US government official noted, "The committee has not found Bob to be the most effective witness to explain complex legal and policy issues" and his testimony before other committees has been described as "conciliatory in tone, but often tailored in legalistic fashion to obscure broader truths."

Sensenbrenner was Chairman of the House Judiciary Committee from 2001-2007, one of the key architects of the USA Patriot Act, and thus qualified to speak on his experiences with the intelligence community and the original intentions of the USA Patriot Act. As he complained, "How can we do good oversight if we don't get truthful and non-misleading testimony?" How indeed?

About this Archive

This page is an archive of recent entries written by David Husband.

Find recent content on the main index or look in the archives to find all content.