When Virginia’s voter registration site went down on the last day before the deadline, David Sanger’s phone was ringing off the hook.
“Everyone thought, ‘Are the Russians in the registration system?’” said Sanger, national security correspondent at the New York Times and author of the best-selling book, “The Perfect Weapon,” which was the subject of a newly released HBO documentary.
They weren’t, as it later turned out. The system failure was traced to an accidentally clipped fiber optic cable in a nearby roadside utility project. “It was a perfectly innocent explanation,” Sanger explained in a recent interview with the podcast Press the Button. “But you can see what people’s minds go to.”
To Sanger, this gut reaction is symptomatic of a new era in geopolitical competition in which cyberwarfare is increasingly taking center stage. In such an environment, where actors operate anonymously—even invisibly—and attribution can be exceedingly difficult, the mere rumor of foul play is often enough to sow widespread doubt and paranoia. Sanger calls this phenomenon the “perception hack.”
“Essentially you do something fairly small, but the fact that you have done it makes people think that you’ve got a much broader attack underway,” he said. “You don’t need to get into every registration system in Wisconsin or Pennsylvania. All you need to do is get into a couple of cities and towns that are badly protected, and then word gets out.”
“Take this to the supercharged moment of a battleground state on November 3, and you’ve got something that could be pretty explosive.”
To fully understand this new cyberwarfare era, said Sanger, you first need to go back a decade to the Bush-Obama years. At the time, Washington was grappling with how to prevent Iran from acquiring a nuclear weapon short of starting a general war. Eventually, George W. Bush settled on, and Barack Obama accelerated, Operation Olympic Games, a campaign of crippling cyberattacks on Iranian nuclear facilities through its Stuxnet computer worm.
It was a watershed moment for offensive cyber operations, one which the White House allegedly acknowledged. According to Sanger, President Obama “frequently mentioned to his staff that once [Olympic Games] got out, every country in the world would use it as an excuse to say, ‘Look, the Americans are doing it, so why not us?’”
“And of course, that’s exactly what happened.”
The decade that followed the Stuxnet revelation witnessed “a huge acceleration in cyberattacks” against the United States, both in “volume and sophistication,” said Sanger. Hackers penetrated everything from federal personnel files, to major Hollywood studios, to the Baltimore city government in an attack that used malware stolen from the National Security Agency.
Even the fight against the coronavirus has not been immune from cyberwarfare. This summer, the U.S. Justice Department accused two Chinese nationals of hacking into a Massachusetts biotech firm to steal data on a potential coronavirus vaccine.
“In the current age, if you had to decide what is more important—to get your intelligence agencies to steal jet fighter designs or to steal COVID-19 vaccines, there’s no question—to the Chinese, vaccines would be far more important,” Sanger said. “Not only because they want to go inoculate their own population, but because they want to use it to spread their soft power influence around the world.”
Soft power aside, the rapidly changing cyber landscape has officials worrying about symbols of American hard power, too. He pointed to the ongoing nuclear modernization efforts in the United States, including an upgrade to a command and control system that relied on eight-inch floppy disks until last year.
In today’s interconnected world, such improvements carry with them danger, too. “As you modernize you run the risk of introducing new vulnerabilities because suddenly you have a digitized network system,” said Sanger.
This is a major concern in the nuclear weapons field, where technical errors were already endemic in the analog era. Sanger told the story of a 1980 phone call that woke then-Undersecretary of Defense William J. Perry and warned him that computers were showing hundreds of incoming Soviet missiles. Had officers not quickly determined a hardware glitch was causing a false alarm, the call may have been elevated to the president, who would have felt tremendous pressure to launch American nuclear missiles in response before they were destroyed.
“You can imagine that in a network and digital age, all of that could happen much faster,” said Sanger. “Everything from insider threats to data in transit all introduce opportunities for some kind of problem.”
The entire interview with David Sanger is available here on Press the Button.
Zack Brown is a policy associate at Ploughshares Fund, a global security foundation.