Written by: Nils Peterson

The face of warfare is constantly changing, and the new dimension of cyberspace has arrived. Recent developments in this field pose an increased risk to the security of the United States and her allies. Only by taking a harsh uncompromising stance regarding cyberattacks will the United States set the boundaries of acceptability in cyberspace.  

Previously, cyberattacks stole personal sensitive data such as in the 2014 Sony Pictures hack. While this posed a serious problem for individuals and their employers, it did not pose a large-scale threat to a nation or an existential threat to a large-scale company. 2015 saw the destruction of Iranian centrifuge tubes via Stuxnext, an NSA propagated virus, as well as Ukrainian power grid blackouts by Russian hackers in the winter. In 2016, Russia interfered in the American presidential election via the “weaponization of stolen cyber information, the use of Russia’s English-language state media as a strategic messaging platform, and the mobilization of social media bots and trolls to spread disinformation and amplify Russian messaging.” 2017 witnessed the shipping giant Maersk face collapse because of the NotPetya cyberattack, also blamed on Russia. The company only survived because of “one surviving domain controller in a remote office in Ghana”,which was untouched by the virus. If the virus affected this office, Maersk’s shipping logs, financial accounts, and all vital data for the company would have been wiped, forcing the company to close. 

These attacks give the victims little time to respond once they are hit. Any proper cyberattack strikes hard, fast, and efficiently. NotPetya brought Maersk to a standstill in a mere two hours. Russian hackers turned off the Ukrainian power grid in less than twenty four hours. Therefore, an American response to cyberattacks against the civilian or military infrastructure of any allied nation must be considered a unilateral declaration of war. If a NATO member’s power went down in the middle of winter, millions of civilians could be in critical danger due to lack of heating in their homes. This event, which already took place in non-NATO Ukraine, differs little from the physical terrorist attacks on 9/11 that provoked NATO to trigger Article 5, which states an attack on one is an attack on all members. Both 9/11 and a cyber attack on civilian infrastructure violate American sovereignty and attack non combatant civilians. Furthermore, a successful cyberattack which physically destroyed a power station, not a far cry from what Russia did in Ukraine, could cause civilian suffering and death on a scale that would dwarf 9/11. Such a cyberattack strikes at the psychological mindset of a nation, a key facet of terrorism, and aims to make the civilian population feel vulnerable and defenseless. 9/11 accomplished both of these terrorist objectives, but unlike a cyber attack, could not spiral out of control and pose an existential threat to United States.

The recent past saw America destroy the physical property of Iran using cyberwarfare, while giving Moscow a slap on wrist via sanctions for attempting to hack an American power grid. Modern warfare starts in a cyberspace that is intertwined with the physical world. Weak American responses, such as sanctioning certain Russian companies, gives Putin the go ahead for future cyber operations. The late Senator John McCain got it right when he said, Vladimir Putin “understands strength, and that’s all he understands.” After all, if we will not stand up for ourselves when attacked in cyberspace what does Putin expect us to do if he attacks one of our allies in the same manner? The United States must display strength in the cyber realm to protect the national security of herself and her allies.