14 January 2020

Why US Officials Are Revealing More about Cyber Ops

BY MARK GRZEGORZEWSKI

In foreign policy, it is essential to indicate to friends and foes alike where a country’s national interests lie. Some of this is done in documents such as the National Security Strategy. But potential challengers in the international system often choose to probe whether such documents truly reflect a nation’s interests and its willingness to defend them. So states signal their resolve in various ways intended to forestall more aggressive challenges and costly defensive operations. 

To prove they are not bluffing, states sometimes send “costly signals” — ones that impose some cost on the sender. This is what the Trump administration is doing when it publicizes various cyber activities against, say, Iran or Russia. Cyber tools and networks are a limited commodity; publicizing them makes them harder to use a second time. The hope is that burning this scarce commodity will persuade potential challengers of American resolve. 

Most of the information we have about recent U.S. cyber activities has come from unnamed, but likely authorized, government sources. These choreographed disclosures allow the Trump administration to signal to adversaries that it views certain actions as infringing upon U.S. national interests — yet they also create plausible deniability that keeps the administration’s options open and its domestic political risks down. 


This represents a shift from the Obama administration, which was far more reticent to combine covert cyber activities with more overt signaling. Surely, the United States undertook classified D4M — degrade, disrupt, destroy, manipulate — operations in cyberspace. Yet that administration was reportedly wary of second- and third-order effects of what were then relatively untested capabilities, and rarely coupled such operations with signaling. 

The most famous Obama-era cyber operation was Stuxnet, a worm that caused Iranian nuclear centrifuges to tear themselves apart. Administration officials engaged only reluctantly in sunk-cost signaling: they officially denied involvement, gave no authorized comments, and finally talked with select reporters only on deep background and after the operation was being discussed in the media.

In comparison, the Trump administration is more openly using cyberspace activities to signal to adversaries that when certain lines are crossed it will result in consequences. Examples include operations against Iran after the Saudi oil attack in August and after the drone downing in September; and operations against Russia after the 2018 midterms.

The administration has moved to even more overt signaling in its efforts to deter Moscow’s meddling in the 2020 elections. Officials have told the Washington Post and other media outlets of efforts to develop information warfare tactics that target Russia’s senior leaders and elites. Such open declarations represent even larger costs — in essence, a larger bet — because they are “tying-hands signals” that cannot be easily backed away from without reducing the Trump administration’s credibility at home and abroad. 

The genius, or folly, of tying-hands signaling is that the preemptive publicity of the threat ties the Administration to the public will expect a response. These increased audience costs locks the Administration into a course of action and increases the reliability of the signal. Accordingly, the tying- hands strategy is a much more credible signal in international relations, although one that can create escalatory spiraling, than the sunk-cost signal. 

If it works — that is, if the threat proves credible and powerful enough to deter Russian meddling in the upcoming elections — the United States would do well to continue with this signaling, coupled with the deniability of cyberspace activities, since it appears to fall short of instigating armed conflict and still signals to adversaries the resolve of the U.S. in defending its interests.

No comments: