Principle Three: Get Resilient
Deterrence by denial focuses on defensive measures aimed at convincing potential attackers that their effort will not succeed or that they will be denied the benefits they seek. If they perceive formidable obstacles to their success, such that attaining their goals will be either too difficult or too costly, they are less likely to undertake the action. This approach has particular application to the cyber world, where more than ninety percent of successful breaches, including those against the Democratic National Committee, employ rudimentary hacking techniques that could be easily prevented.
There are several important steps we can take to reduce our vulnerability to cyberattacks on our voting systems and other critical infrastructure. Within the cyber realm itself, we can make a concerted effort to patch vulnerabilities, update software, and employ malware detection systems. This would go far toward making cyberattacks more difficult, even if it would not preclude intrusions by sophisticated operators. Increasing the difficulty of success can have important deterrent value, not only because it makes the operations more costly and less certain, but also because it narrows the field of potential intruders to those with advanced – usually government-supported – capabilities, allowing analysts to better focus their attribution efforts.
Because no cyber defense can preclude all attacks, we should consider supplementing our defensive efforts with the construction of separate back-up analog control systems for our critical infrastructure that would operate off-line in the event that our digital control systems were compromised. Returning to the use of paper balloting would be fairly easy to do with voting systems. It would be a lengthy and costly undertaking to build back-up controls for power generation and water supply systems, but it would greatly reduce incentives to attack our critical infrastructure and substantially increase our national confidence in our ability to withstand attacks.
Finally, our efforts to build our resilience to foreign influence campaigns should not be limited to the digital world. Moscow has engaged in propaganda campaigns since the Czarist era, and the Soviet Union perpetually targeted the U.S. with aggressive disinformation campaigns throughout the Cold War. At the time, we regarded them as irritations to be countered with diplomatic demarches and corrective press releases, not as existential threats to our national security. Today, a hidden cost of the emotionally satisfying exercise of vilifying Russia is that it distracts us from addressing the domestic roots of our growing societal divisions and putting our own house in order. There is perhaps nothing that will do more to encourage our adversaries to believe in the effectiveness of influence campaigns than the hysteria over Russian activities that has gripped Washington since last fall. Restoring our national confidence that our republic cannot be toppled by propaganda is perhaps the most effective deterrent in our toolbox.
George Beebe is the president of BehaviorMatrix LLC, a text-analytics company. He is Director of the Center for the National Interest’s intelligence program. He formerly served as chief of Russia analysis at the CIA, and as special advisor to Vice President Cheney on Russia and the former Soviet Union.
Image Credit: Office of the President, Russian Federation.