Originally published on the Star Tribune Blog.
Between the chatter of corporate bankruptcies, emails, and “stamina” in last Monday’s presidential debate between Hillary Clinton and Donald Trump, an immensely important national security topic arose.
That topic? Cyber warfare.
When asked by Lester Holt who the culprits are behind the world’s cyber attacks and how those cyber attacks should be combatted, Clinton responded with points that should not go unnoticed. Beyond claiming that cyber warfare will be one of the foremost security challenges of the Twenty-First Century, Clinton singled out Vladimir Putin and Russian-linked cyber attacks on the DNC as an example of state-sponsored cyber warfare. Additionally, Clinton suggested that state-sponsored cyber attacks might invoke retaliation by traditional military methods: “And we’re going to have to make it clear that we don’t want to use the kinds of tools that we have. We don’t want to engage in a different kind of warfare. But we will defend the citizens of this country.”
Yet the international rules of engagement on cyber warfare are still murky, not to mention the difficulties involved in ascertaining precisely who may have perpetrated a cyber attack. This murkiness could lead to mistakes, and it would seem, merits gentle treading.
Nonetheless, echoing her debate remarks, Clinton has said elsewhere during the campaign that cyber attacks should be treated “just like any other attack.”
Indeed, this was the affirmation that NATO made this summer when they decided cyber attacks must be defended against in the same way traditional armed methods (land, sea, and air) are to be defended against. Such policy positions developing at a time with heightened antagonism between Russia and the West cause one to wonder what type or size of state-sponsored cyber attack would elicit a retaliatory response from the United States or NATO. If there is a cyber attack by Russian hackers on a Baltic NATO member state such as Estonia or Latvia, will NATO’s Article 5, declaring that an armed attack on one member country is an attack on all member countries, be invoked? Given recent NATO declarations and Clinton’s statements, such a scenario is not out of the question.
While such specifics were not discussed by Clinton, her stance is clear: a serious cyber attack amounts to the act of aggression and requires a commensurate military response.
As for Trump, he elaborated little on how cyber warfare should be combated, instead diverging into various military officials who support him, and simply exclaiming that “we have to get better on cyber.”
The little amount of discussion around this topic is rather troubling, especially with a virtually non-existent body of international law directly relating to it. When an early post-WWII security alliance such as NATO was designed, cyber attacks were a thing of science fiction. “Armed attacks” meant firepower, not fiberoptic power. However, now they exist, and the book is yet to be written on how states and intergovernmental organizations such as NATO will respond in practice.
And although both NATO and Clinton have affirmed a state-sponsored cyber attack is an attack just like any other, such talk brings to mind the words of the infamous Niccolò Machiavelli: “The promise given was a necessity of the past: the word broken is a necessity of the present.”
When faced head-on with the reality of a severe state-sponsored cyber attack, how will a Clinton, Trump, or NATO actually respond?