An Example of Deterrence in Cyberspace

In 2016, the US was successfully deterred from attacking Russia in cyberspace because of fears of Russian capabilities against the US.

I have two citations for this. The first is from the book Russian Roulette: The Inside Story of Putin's War on America and the Election of Donald Trump, by Michael Isikoff and David Corn. Here's the quote:

The principals did discuss cyber responses. The prospect of hitting back with cyber caused trepidation within the deputies and principals meetings. The United States was telling Russia this sort of meddling was unacceptable. If Washington engaged in the same type of covert combat, some of the principals believed, Washington's demand would mean nothing, and there could be an escalation in cyber warfare. There were concerns that the United States would have more to lose in all-out cyberwar.

"If we got into a tit-for-tat on cyber with the Russians, it would not be to our advantage," a participant later remarked. "They could do more to damage us in a cyber war or have a greater impact." In one of the meetings, Clapper said he was worried that Russia might respond with cyberattacks against America's critical infrastructure­ -- and possibly shut down the electrical grid.

The second is from the book The World as It Is, by President Obama's deputy national security advisor Ben Rhodes. Here's the New York Times writing about the book.

Mr. Rhodes writes he did not learn about the F.B.I. investigation until after leaving office, and then from the news media. Mr. Obama did not impose sanctions on Russia in retaliation for the meddling before the election because he believed it might prompt Moscow into hacking into Election Day vote tabulations. Mr. Obama did impose sanctions after the election but Mr. Rhodes's suggestion that the targets include President Vladimir V. Putin was rebuffed on the theory that such a move would go too far.

When people try to claim that there's no such thing as deterrence in cyberspace, this serves as a counterexample.

EDITED TO ADD: Remember the blog rules. Comments that are not about the narrow topic of deterrence in cyberspace will be deleted. Please take broader discussions of the 2016 US election elsewhere.

Posted on June 7, 2018 at 5:56 AM • 39 Comments

Comments

Wayne AndersonJune 7, 2018 6:36 AM

The cyber battlefield is just that - a battlefield - at the nation state level. I think in the plethora of motivations and attackers we forget that aspect.

Deterrence in a commercial or enterprise context is a more difficult concept as few enterprises have either the legal authority/protection or real capability to repel a determined attacker - even organized crime. The primary tool for deterrence is the risk of am arrest or detention which is often minimal as a deterrent due to complex international geopolitics and legislative landscape - to say nothing of the complexity of some types of attributive investigation.

That being said, the nation-state notion of deterrence I think is many faceted, as cyber is a land where aside from the "Alamo" type battle of Ukraine being crushed by Russia, we have not yet seen two states with significant capability be willing to go to a full scale engagement.

In that view we see a concept akin to MAD theory in other types of WMD coming into place. I say it is multi-faceted because cyber seems to have analog not only to tanks and WMD, but to the former HumInt component of the late cold war transported into our time as well. We all profess outrage about eeach other's data infiltration while any number of governments have active, well-staffed programs using electronic means to "create" SigInt remotely all the time.

Even while we stop short of many types of cyber/kinetic crossovers, we appear to have "accepted" some MAD type battlefield ROE amongst the global community which at a macro level permits information theft through a certain level. To use a cold war analogy, It is ok to send the cyber trenchcoats and fedoras, but don't use a gun on the street or the opposing state will have to react in public and you risk political will to do something about it.

At the same time, we see some clear trends in the defensive state of the cyber world. Richard Clarke (and others) early warnings to us on the needed political will have become reality - we in democratic society saw early attempts to protect transitive and enterprise links as an infringement on our libertarian ideals of access and speech. Which has created exactly the kind of threats to liberty and economic prosperity that we tried to prevent from our own agents - by enabling the other side to have that leverage when/if they choose to exercise it.

When we struggle daily to attribute attacks to whichever red-flag nation started them, when we struggle to get basic HumInt and have only variable success with SigInt in China, and when we struggle to then defend and maintain our own "arsenal" because sensibilities in a small number of people can compromise an entire class of weapons systems - is it any wonder that the deterrence outlines are illuminating for the first time, and with a tilt to the advanced authoritarian regimes on the field?

At some date, developed countries may discover that our focus on individual liberty which at times has been our greatest strength for economic development has also been our greatest weakness. Unfortunately not the monologue of the enemy of some hero film where shortly the field will change, love will conquer all, but a statement of reality in a world where certain kinds of weakness can have real life effects. Sure, we have some pretty amazing people and capabilities as well, but we have to run hard to stay there, and it's an open question whether having some of the sharpest spears and no wall will withstand the Romans at the gate who have been tunnelling and mapping us for a decade.

MajorJune 7, 2018 9:46 AM

@Wayne

"we in democratic society saw early attempts to protect transitive and enterprise links as an infringement on our libertarian ideals of access and speech."

Could you explain this more concretely?

The last hundred years show no grand losses for the West against totalitarian regimes because of our greater openness (or anything else). I suggest that the openness of our society allows a wide range of non-military people to participate in the struggle for security, giving us an advantage. Our greatest protection against unauthorized disclosure of our tech by whistleblowers is to not give them reason to whistleblow by having a maximum of transparency and a minimum of embarrassing dirt to cover up.

SlagJune 7, 2018 9:55 AM

For the longest time, the commercial world has regulated cyberdefense to the back burner with little to no regulatory requirements and instead focused on speed to market, responsiveness and head count reducing automation. It has been this focus that leaves us open and exposed to attackers not our insistence on civil liberties and free speech. It is entirely possible to track back an attacker with sufficient log files at every step, but most business do not bother with either logs or dedicated security to watch for intrusion because no one has forced them to do it. It's like living in a land of banks where no one locks their doors. Some banks get robbed, but there just aren't enough criminals to rob them all. Now we are faced with criminals that don't want to rob anything, they just want to threaten to shut down all the banks. Our unwillingness to impose regulatory requirements with sufficient teeth to back it up due to fear of slowing economic growth leaves us politically vulnerable to that blackmail, and now we see the repercussions of that. The net is a battlefield and we are focused on all offense, no defense. That works fine for other deeply deeply networked opponents, but not so good where they use paper instead of excel.

Desmond BrennanJune 7, 2018 10:13 AM

There certainly was an "information operation" by Russia, and Russia leaning folk in the US security world in respect of this

The gist of the information operation was to suggest that Russia held the upper hand on hard cyber warfare


As to the truth of whether it did, that's another matter

Furthermore, there was indeed an information operation that was much wider, all about sowing distrust in the outcome of the election. It was led by then candidate Trump, who said he might not accept a Clinton victory ...and there were many other contributing strands, from Russia and US folk alike

This ties with the Russian targeting of voting systems, which could at the least have been used to create doubt

Furthermore there was strong fear of human form penetration of the NSA and IC more generally by Russia - this unknown, obviously contributed to fear of how bad a cyber attack could be

Ross SniderJune 7, 2018 11:00 AM

This example is bad - I think the sources maybe missed the overall timeline. The United States did respond and it did escalate cyber warfare.

The US chose to respond on multiple fronts - diplomatically, politically, with international propaganda, and in cyber (by intensifying existing efforts to flips and manipulate domestic Russian politics). Some of these were overtly public, whereas others were done covertly.

Sergey BabkinJune 7, 2018 12:17 PM

This sounds much more like making an excuse post-factum than the real reason. A lot of information about rigging the elections by democrats had to be unearthed before they've started coming up with this kind of excuses. If Obama really cared about Russia meddling with the vote tabulation, there was plenty of time to switch to the systems with the paper trail.

Bruce SchneierJune 7, 2018 12:26 PM

"If Obama really cared about Russia meddling with the vote tabulation, there was plenty of time to switch to the systems with the paper trail."

I disagree with that. Or, at least, I think that switching to paper-trail systems nationwide is a many year process.

de la BoetieJune 7, 2018 12:49 PM

"There were concerns that the United States would have more to lose in all-out cyberwar."

Perhaps they could also explain why they had mono-maniacally pursued the attack mode rather than improving defences? It's been obvious for a very long time that IT developed nations will have more to lose - yet because it was Someone Else's Problem, we're now reaping what we sowed.

I would very much like to know how long the TLAs sat on their knowledge of the Meltdown/Spectre class of vulnerabilities.

As far as influencing elections is concerned, I think that is more a symptom of a rotten body politic than anything else. And any influencing was certainly not confined to external parties. Robust civil discourse would render attempts like that far less important. Sorry.

SlagJune 7, 2018 12:52 PM

Given that every state, and in some cases every county or district has it's own election commission and process, with no funding or strong requirements from the national level, going to paper ballets across the board would be nigh impossible in less than 9 months.

That being said, the actual threat vector isn't the votes, it's the voter roles, the registration of eligible voters.

albertJune 7, 2018 1:34 PM

With subjects of this sort, I usually check the authors CV, then go from there. By chance, I found this:

https://www.counterpunch.org/2018/04/11/russian-roulette-no-smoking-gun-six-key-flaws/

which saves a lot of typing.

Dare I say that I think we can agree on certain issues?
1. Our cybersecurity systems are inadequate.
2. There seems to be no motivation to improve them, either politically, or more importantly, financially.
Any discussion beyond these issues is doomed to failure.

@Bruce, @Sergey
It's a state by state system. Even 'many years' is optimistic. -If- Congress could agree on a paper-trail system, it could be implemented on a national level relatively quickly. But it wouldn't be cheap, or easy. Despite the rhetoric, I think the politicians like the system, imperfect as it is.
..

There are many ways to game the system; voting systems are but one, and perhaps not even the most important one.
. .. . .. --- ....

VinnyGJune 7, 2018 2:38 PM

@Sergey Babkin; Bruce Schneier; Slag
Slag is absolutely correct. The administration of elections, and design of the process for tabulating votes, on both state and federal levels, lies with the individual states. While the Constitution does in theory reserve authority to prevent fraud and abuse to Congress, this power has seldom, if ever, been exercised on any significant scale. I can predict with absolute certainty that a sudden, heavy-handed, mandate from Congess to the several States for a specific, universal, audit mechanism such as a paper trail would result in a shitstorm of litigation that would drag out for years.
https://elections.uslegal.com/regulation-of-elections/

gordoJune 7, 2018 4:57 PM

"There is, however, merit in the claim that this case is different in character: By US standards, the Russian efforts are so meager as to barely elicit notice." — Noam Chomsky

Thus, the 24-hour news news cycle.

PeaceHeadJune 7, 2018 5:13 PM

Diplomacy is the best deterrent.
This cannot be emphasized enough.

There are no enemies, only misunderstandings.
Joe McCarthyism wins no wars.

The Russian involvement was NOT proven to be "state-sponsored".
Whatever happened to American ideals such as "innocent until proven guilty"?

Logical fallacies don't enhance security for anyone anywhere.
Mandating discussions based upon logical flaws is not secure either.

Bauke Jan DoumaJune 7, 2018 6:36 PM

@PeaceHead

Thank you.
The division-creation, vilification, scaremongering and warmongering should stoop.
That means a lot less money to a lot of people; they will be sour and sorry over it.
So be it.

John SmithJune 7, 2018 7:24 PM

from PeaceHead:

"..Logical fallacies don't enhance security for anyone anywhere.
Mandating discussions based upon logical flaws is not secure either."

At the risk of having my comment deleted, I thank you.

TomJune 7, 2018 8:17 PM

@All: how much does the private sector drive a federal decision on cyber-retaliation?

Clive RobinsonJune 7, 2018 9:10 PM

@ Bruce,

When people try to claim that there's no such thing as deterrence in cyberspace, this serves as a counterexample.

I've never understood that position, because it lacks the application of simple logic.

As we all should know --I've said it often enough ;-)-- "Technology is agnostic to use, it is the minds of the actors and observers that decide what is good or bad". And good or bad has not just many meanings, but many mitigations under different circumstances.

That is good or bad is subjective to those who gain or lose as in reality it's a zero sum game.

But as 9/11 demonstrated without doubt technology is a force multiplier with multiple uses. In general the more technologically advanced a tool is the more potential it has for action good or bad thus benifit or harm. But importantly technology whilst multiplying force in general also makes the use of such force comparatively simple so that most humans can use it with little training.

Deterrance at the end of the day is a "mind game". If I can demonstrate a capability sufficiently well that you not only believe that I posses the full capability but am more than willing to use it against you then irrespective of the reality of the situation you are either going to be deterred or go into attack. If you are rarional, you will only attack if you believe I will lose significantly or you believe you have no other option. Therefore for deterance to work I must also give you a way out.

There is a saying about the impossibility of herding cats. However it's fairly easy to get cats to behave almost as a single entity. You first give them a way out they can easily recognise. Then you let off a fire cracker or three. The cats with no real option will "scoot out the door" rather than stay.

Humans on mass are not realy much brighter than cats when it comes to playing "follow the leader" when acting with the primal parts of our brain.

Thus logic defines not just the fact that deterrence is a tool to be used, but that humans when given the option will most likely follow a prearranged path.

Clive RobinsonJune 8, 2018 3:32 AM

@ Albert,

2. There seems to be no motivation to improve them, either politically, or more importantly, financially.

I would not put it that way. In fact I would say there appears to be strong notivation to actually weaken them.

Regardless of if it is political or financial in primary origin, both gain greatly by such a policy.

The politicos or more correctly the agencies behind them controled and maintained for the benifit of the 1% find great advantage in the over complexity that opens more vulnerabilities than a city infested with termites. Likewise there is vast amounts to be made in selling what is little more than snake oil with lipstick on a pig human interfaces that fail to fix things and just add more complexity and mainly meaningless figures.

Such a situation can only go in one direction unless there is very strong push back to change things, and I find that highly unlikely in the current Western world especially in the WASP nations.

Richard Harknett/MichaeL FischerkellerJune 8, 2018 4:54 AM

The work cited at the end of this blog is more nuanced then suggested. The argument presented is that a strategy of deterrence cannot serve as the central security strategy for managing cyberspace (such as it did for managing the nuclear competition of the Cold War). In fact, the authors posit in this and other pieces that deterrence is a necessary but not sufficient strategy for cyberspace. It applies to managing the cyber equivalent of armed aggression and US declaratory policy should be clear about that. But as the new National Security Strategy of the United States indicates, the central challenge in cyberspace is cyber operations below the threshold of armed conflict that produce cumulative effects leading to strategic advantage. Challengers to the US are using such operations to advance their interests in a new form of power competition. A strategy of persistent engagement is necessary to counter such campaigns through a seamless operational response combining improved resiliency, forward defense and direct contesting of capabilities. In this sense, persistent engagement complements deterrence where deterrence does not work comprehensively.
The two examples from the Obama administration are fascinating as they actually cut both ways. What is clear from the quotes is that administration officials were worried about escalation, which implies that they did not think the Russians could be deterred. They also seem to have assumed that defending in cyberspace was itself escalatory to the point of armed conflict, which is not supported empirically. What they failed to conceive is that interaction is not ipso facto escalation and actively defending oneself could actually be the basis for stabilizing the domain. The reason US adversaries are using cyber operations short of armed conflict is because they intentionally want to advance their interests without breaching that threshold. Counterintuitively, US reticence to engage likely sent the message that our adversaries could experiment further with impunity.

echoJune 8, 2018 5:33 AM

@Clive

Sadly what you say is true in an administrative/healthcare/discrimination context even with professionals with regulatory obligations and duties of care. By this I mean the whole stack of standards, processes, and individual discretion. The "game" becomes a "game" in itself you are forced to play (sometimes with threats and menaces, and physical violence) or suffer the consequences. Fraud to maintain the illusion of professionalism and working to the box tick is rife. The only reason more people do not die is the majority of the world gravitates around the average.

Across the whole system this failure not only pushes up costs as problems compound but results in what has been labled "crap lives". All involved parties know this and turn a blind eye until the government is blackmailed into funding an improvement program to solve "crap life syndrome". The gold plating, headcounts, and budgets soar with no actual solving of the original failures which caused the problems.

Reading through one of the latest high profile asylum appeal cases it is clear to my eyes that the judge and the lawyers representing the client do not understand system theory. The client was in a no win situation which was what the specific policy relating to their case was designed to achieve. The judge did refer what was essentially an indicator of a problem to higher authority but the case itself was lost.

Some of the case law surrounding asylum cases (which also have Convention" bearing on general law) are extremely harsh, and the consequences for the plaintiff play in to both military and foreign policy failure with regards to social-economic development which itself causes conflict and wellbeing problems for the foreign populations.

RichardJune 8, 2018 7:13 AM

I really question the "Vegas fallacy" that what starts as cyber must stay as cyber. Is it really all that helpful to talk about "cyber deterrence" as if there was some physical law that prohibited responding to a cyber attack kinetically? What would be the probability that a crippling attack on the power grid would trigger only a cyber response rather than crossover to a kinetic response or even eruption into a nuclear response?

As noted by several posters above, adversaries use cyber because it allows one to apply suasion to further national interests while remaining below thresholds that would trigger crossover into the kinetic realm (which, in the case of nuclear armed states, can lead to eruption into a nuclear conflict). We used to call that brinksmanship as it relies on detailed understanding of the decision making processes of one's adversary. Miscalculation can have consequences that are severe.

echoJune 8, 2018 7:37 AM

@Richard

This is basically how systemic abuse happens. For "cyber" read "paperwork". For "kenetic response" read low level bullying. As the Cold War was covered by protocols so is everday abuse covered by the Health and Safety Executive, Companies Act, and harassment and other laws.

Clive RobinsonJune 8, 2018 9:15 AM

@ Richard,

I really question the "Vegas fallacy" that what starts as cyber must stay as cyber.

There is no reason, but cyber attacks so far have rarely crossed out of the cyber domain even when attacking infrastructure.

The reality is that getting out of the cyber domain into the physical domain is actually not that easy (actually try to "red team" it on parallel test setups to see why). In many cases the information required to do so is unavailable. Hence APT agents both natural and otherwise are often sitting there doing very little than look for the off chance that some snipit of information becomes available. It's why other attack modes such as social engineering or supply chain interception are tried, including implanting real live humans and less pleasent techniques to others. The US is as far as we know the first Nation to do it with hostile intent (CIA claims for siberian gas explosion) and continue it as a policy through Stuxnet and other varients of the software behind it.

Interestingly when you look at the history of US - Russian treaty agreements it is usually the US that renages on them, and 20th Century history points at certain types of people who are most likely to do this (those that grasp most from the 1% and in the process enslave / endanger US citizens the most).

Thus if people want things to "stay in Vegas", then perhaps stopping the US walking away from treaty agreaments it has willingly signed up to would be a very major first step. After all North Korea can be shown to have gone the route it has due to the US continuously regnaging on aggreaments over the past sixty years, likewsise other nations just the latest being Iran, that apparently upset the US by agreeing to it's proposals, which it was not supposed to do...

To put it biblicaly "you reap what you sow" as others do unto the US what the US has done unto others. Thus the Chinese and Russian build up of forces can be seen as a result of US foreign policy to build up significant military fources directly on these nations borders, via the likes of NATO etc. Sooner or later there will be another Cuban Missile crisis and the foreign nation won't blink in the stupid game of chicken the US usually plays at which point the brown stuff will hit rather more than the fan.

A further step in the correct direction would be to get rid of Political Appointees. They have mostly been an unmitigated disaster for the average US citizen, and have caused worse much worse for other nations citizens. The classic "more than bl33ding obvious" example would be the horse breeder judge put in chage of FEMA as payment for doing political mischief for party seniors... As is becoming clear to many here the current incumbrant at the FCC is demonstrating, that most political appointies know how to feather their nest for the future by acting very much not in the public interest, but unlike others he appears to be rather inept at keeping it out of the public eye.

As for what is going on at the FBI / DoJ I don't think even they know from the very top down through the rank and file. As a review of the latest nonsense they have launched over Marcus Hutchins shows,

https://www.theregister.co.uk/2018/06/07/wannacry_reverse_engine_marcus_hutchins_hit_with_fresh_charges/

https://www.emptywheel.net/2018/06/06/to-pre-empt-an-ass-handing-the-government-lards-on-problematic-new-charges-against-malwaretech/

And US Citizens have asked me why I advise non US citizens to go to the US even in transit to other places...

RosebudJune 8, 2018 9:25 AM

I have read both of your works with great interest, as I suspect that they either will be or already are quite influential in government circles.

Me, I can't help but see parallels between the kind of ongoing encounters and skirmishes we see in cyberspace and anti-submarine warfare. In both instances, deterrence is still part of the picture but not sufficient and contact must be sought to signal resolve.

Still, even though you skirt the issue with your references to AI-enabled automated responses, I feel that you would do well to speak plainly about the actual "mechanics" underpinning your proposed strategy of "cyber persistence." This strategy would appear to require a near ubiquitous seeding of the global information infrastructure with "sensor-shooters." If the adversary is everywhere, then so must we.

Am I completely off the mark, here? If so, please clarify my thinking. If not, could you please comment on the inherent risks of this approach?

echoJune 8, 2018 10:51 AM

@Clive

Many tourists to the US buy medical insurance as they should. I always advise anyone travelling to the US to also buy seperate legal insurance.

Some US law is extremely tricky due to precisely how it is interpreted. Some people may wish to consult with a lawyer regardless of whether they are using the visa waiver programme or not because they may need access to this legal advice for their defence if alleged visa irregulaties are later discovered and used as a prosecution tool.

RosebudJune 8, 2018 11:00 AM

@ Richard Harknett/MichaeL Fischerkeller

(Sorry for the double post, but I thought it best to be clear as to whom I am directing my questions.)

I have read both of your works with great interest, as I suspect that they either will be or already are quite influential in government circles.

Me, I can't help but see parallels between the kind of ongoing encounters and skirmishes we see in cyberspace and anti-submarine warfare. In both instances, deterrence is still part of the picture but not sufficient and contact must be sought to signal resolve.

Still, even though you skirt the issue with your references to AI-enabled automated responses, I feel that you would do well to speak plainly about the actual "mechanics" underpinning your proposed strategy of "cyber persistence." This strategy would appear to require a near ubiquitous seeding of the global information infrastructure with "sensor-shooters." If the adversary is everywhere, then so must we.

Am I completely off the mark, here? If so, please clarify my thinking. If not, could you please comment on the inherent risks of this approach?

RatioJune 8, 2018 11:30 AM

Who would have guessed that “the narrow topic of deterrence in cyberspace” was this vast and not even necessarily related to deterrence or cyberspace? Fascinating.

vas pupJune 8, 2018 12:31 PM

@Clive:"A further step in the correct direction would be to get rid of Political Appointees."
Agree 100%. Good exception is new CIA Director Gina H. who was working more than 30 years within structure on many levels.
Clive, the whole idea you've pointed to is like in former Soviet Union: they move folks from one high position to another based on their loyalty with zero expertise in particular field. That is path to failure. You could manage loyalty of smart person, but you could not make loyal dummy smart.

Bauke Jan DoumaJune 8, 2018 4:08 PM

To get full 'physical' deterrence, a logical next step would be to expressly hook up cyberspace to, say, the nuclear arsenal.

Richard Harknett / Michael FischerkellerJune 8, 2018 5:33 PM

@ Rosebud Happy to respond to the important points you raise, which we have anticipated and have been working on, but since Bruce’s blog is about deterrence examples, we should take that tangent off the blog page (please e-mail us directly).

What, me worry?June 10, 2018 5:12 PM

How might back-channels, military to military communications, or the like, work with regard to trying to prevent a cyberwar as opposed to a nuclear war? How might Kompromat effect front-channel or back-channel communications?

From emptywheel.net
...
1) Bob Conyers says:
June 10, 2018 at 2:11 pm
"... I think Trump’s fear of Putin is real, but I’m still lacking a sense of what is behind it."
Reply
2) emptywheel says:
June 10, 2018 at 2:29 pm

"Two things.

First, I suspect a concerted Russian effort could take out the Trump business.

And I do wonder–suspect, actually–that Trump agreed to “terms” at some point that made him complicit in direct attacks on the US."

https://www.emptywheel.net/2018/06/10/on-the-anniversary-of-the-june-9-trump-tower-meeting-putin-tells-trump-to-keep-his-campaign-promises/#comment-738984

https://www.washingtonpost.com/news/worldviews/wp/2018/06/09/putin-to-trump-the-ball-is-in-americas-court

echoJune 10, 2018 6:27 PM

@What, me worry?

People are still paying attention to that overgrown toddler?

Wesley ParishJune 11, 2018 5:40 AM

Since a major part of the Russian interference seems to have been sowing dissidence and uncertainty, I'd say they've been admirable students of the United States Federal Government in Iran (1952), Indonesia (1966), Chile (1973), and undoubtedly, many another place around the world.

I suppose if the Obama Administration had been as ruthless as the Carter Administration was towards Palau they could've insisted on redoing the elections until they got what they wanted:

https://www.washingtonpost.com/archive/opinions/1979/10/21/how-america-killed-a-constitution/b00796fb-cf9c-4b7a-ad25-b8db05a8ce40/?utm_term=.dc76c7417c4d

The most flagrant example is in Palau, an island district of nearly 15,000 residents. Next Tuesday, the citizens of Palau will go to the polls to vote on a new constitution, written to U.S. specifications after the Carter administration, acting through an illegally convened local legislature, succeeded in killing an earlier constitution which the people overwhelmingly ratified in July.
To wit:
In April, a popularly elected constitutional convention, approved and partly funded by the U.S. government, completed a constitution which, among other things, would ban storage in Palau of nuclear weapons, nuclear wastes and other deadly weapons of war, establish a 200-mile territorial jurisdiction and impose stringent controls on acquisition of lands for U.S. military bases. The United States, which wants to preserve transit rights for its aircraft and nuclear-powered ships and to continue to set aside land for possible future bases, opposed these provisions during the convention. Shortly after it adjourned, U.S. Ambassador Peter Rosenblatt traveled to Palau and, in a closed-door, heavily guarded session with the Palau legislature, restated the strong American opposition to the constitution.
People were still seething over that in 1988.

In a world where one side was prepared and the other wasn't, deterrence would be possible from the prepared side, not the unprepared side. That the Russians were able to appear able to deter the United States, says more for the United States' unpreparedness than anything else.

RockLobsterJune 11, 2018 11:20 PM

I find it quite disheartening to read discussions like this. So many people have tried, they have stuck their necks out and put themselves at risk to try and tell you all but you take no notice of them I don't understand it.
General Wesley Clark, Steve Piecezenik, US Marine Ken O'Keefe many many others.

The United States Government has been infiltrated, by a 5th column bent on using the US military for their own purposes.
That f****** psychopath and godamn liar Netanyahu came here 2 years and received 29 standing ovations from them in congress!!!

Their agenda has been and is to destroy countries in the middle East, to literally murder those people to fullfil an agenda based on a plan drawn up in the 80s by Oded Yinon for the expansion of Israel to biblical descriptions and the only one that intervened is Russia by stopping it in Syria and that is the reason we are back to this cold war style confrontation with Russia.

FoolJune 12, 2018 1:08 AM

@albert

I'm afraid you are right. The "cyber defense" lies often in private company hands and there security is just a cost factor. Of course those could be regulated, but that is against the current spirit in the government to regulate as little as possible. Cyber attacks on the other hand lies in governmental hands (incl budget).

And I know as a fact, that if a real cyber war kicks, then some areas will go down fast, very fast.

So diplomacy is an answer .....

vas pupJune 13, 2018 2:42 PM

@all:"So diplomacy is an answer".
Yes, I agree. The diplomacy based on reciprocity, absence of double standard, respect of international laws and understanding that strategy of zero-sum game versus compromise is counterproductive.
In short, permanent members of UN Security Council should follow principles of UN Charter when doing international business providing leadership by example for other players on international arena. I know, in pipe dreams only...

PeaceHeadJuly 9, 2018 6:02 PM

Regarding Deterrence: Cyberwarfare is just another vector vulnerability to InterContinentalBallisticMissile warfare. Therefore, it is totally unacceptable.

There's no survival of a Nuclear War, whether triggered via Cyberware or not. Doomsday Preppers or not, nothing human would survive such a mass suicide genocide demonstration to the cosmos that human leadership is oxymoronic and just plain moronic.

Accidents need to be prevented before, during, and after Cyberwarfare Treaties and Peace Pacts.

That's specifically where the true security specialists have the intellectual upper hand. The technical details are apolitical.
Technical holes have potential solutions. Do we want to fix the breach in the Titanic's (modern day technological landscape) hull, or continue to pass blame around like legal tender?

Time is not on our side. Not until AFTER de-escallations.
The only thing worth escallating is Peace itself. But Peace needs scientific rigor to make it happen.

In light of this, the only two words worth memorizing to the point of being able to recite them immediately before losing consciousness in case of emergency: STAND DOWN!

(and of course your personal authorization codes).

May Peace Prevail Within ALL Realms of Existence.
Seriously. No Jokes.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.