Lorem, ipsum
Ajaybaby40
mod5WorldWithoutTrust.pdf
22 ! " # $ % & ' ( ! ! ( % # )
A World Without Trust The Insidious Cyberthreat
Jacquelyn Schneider
When sounding the alarm over cyberthreats, policymakers and analysts have typically employed a vocabulary o* con+ict and catastrophe. As early as 2001, James Adams, a co-founder o* the cybersecu- rity ,rm iDefense, warned in these pages that cyberspace was “a new inter- national battle,eld,” where future military campaigns would be won or lost. In subsequent years, U.S. defense o-cials warned o* a “cyber–Pearl Harbor,” in the words o* then Defense Secretary Leon Panetta, and a “cyber 9/11,” according to then Homeland Security Secretary Janet Napolitano. In 2015, James Clapper, then the director o* national intelligence, said the United States must prepare for a “cyber Arma- geddon” but acknowledged it was not the most likely scenario. In response to the threat, o-cials argued that cyberspace should be understood as a “domain” o* con+ict, with “key terrain” that the United States needed to take or defend.
The 20 years since Adams’s warning have revealed that cyberthreats and cyberattacks are hugely consequential— but not in the way most predictions suggested. Spying and theft in cyber-
JAC QUELYN SC HNEIDER is a Hoover Fellow at the Hoover Institution at Stanford University.
space have garnered peta-, exa-, even zettabytes o* sensitive and proprietary data. Cyber-enabled information opera- tions have threatened elections and incited mass social movements. Cyberat- tacks on businesses have cost hundreds o. billions o* dollars. But while the cyberthreat is real and growing, expecta- tions that cyberattacks would create large-scale physical e/ects akin to those caused by surprise bombings on U.S. soil, or that they would hurtle states into violent con+ict, or even that what happened in the domain o* cyberspace would de,ne who won or lost on the battle,eld haven’t been borne out. In trying to analogize the cyberthreat to the world o* physical warfare, policymakers missed the far more insidious danger that cyber-operations pose: how they erode the trust people place in markets, governments, and even national power.
Correctly diagnosing the threat is essential, in part because it shapes how states invest in cybersecurity. Focusing on single, potentially catastrophic events, and thinking mostly about the possible physical e/ects o* cyberattacks, unduly prioritizes capabilities that will protect against “the big one”: large-scale re- sponses to disastrous cyberattacks, o/ensive measures that produce physical violence, or punishments only for the kinds o* attacks that cross a strategic threshold. Such capabilities and responses are mostly ine/ective at protecting against the way cyberattacks undermine the trust that undergirds modern economies, societies, governments, and militaries.
I* trust is what’s at stake—and it has already been deeply eroded—then the steps states must take to survive and operate in this new world are di/erent. The solution to a “cyber–Pearl Harbor”
D IG
IT A
L D
IS O
R D
ER
Jacquelyn Schneider
24 ! " # $ % & ' ( ! ! ( % # )
international system. It allows individu- als, organizations, and states to delegate tasks or responsibilities, thereby freeing up time and resources to accomplish other jobs, or to cooperate instead o* acting alone. It is the glue that allows complex relationships to survive—per- mitting markets to become more com- plex, governance to extend over a broader population or set o* issues, and states to trade, cooperate, and exist within more complicated alliance relationships. “Extensions o* trust . . . enable coordina- tion o* actions over large domains o* space and time, which in turn permits the bene,ts o* more complex, di/erentiated, and diverse societies,” explains the political scientist Mark Warren.
Those extensions o* trust have played an essential role in human progress across all dimensions. Primitive, iso- lated, and autocratic societies function with what sociologists call “particular- ized trust”—a trust o* only known others. Modern and interconnected states require what’s called “generalized trust,” which extends beyond known circles and allows actors to delegate trust relationships to individuals, organizations, and processes with whom the truster is not intimately familiar. Particularized trust leads to allegiance within small groups, distrust o* others, and wariness o* unfamiliar processes or institutions; generalized trust enables complicated market interactions, com- munity involvement, and trade and cooperation among states.
The modern market, for example, could not exist without the trust that allows for the delegation o* responsibil- ity to another entity. People trust that currencies have value, that banks can secure and safeguard assets, and that
is to do everything possible to ensure it doesn’t happen, but the way to retain trust in a digital world despite the inevitability o* cyberattacks is to build resilience and thereby promote con,- dence in today’s systems o* commerce, governance, military power, and interna- tional cooperation. States can develop this resilience by restoring links be- tween humans and within networks, by strategically distributing analog systems where needed, and by investing in processes that allow for manual and human intervention. The key to success in cyberspace over the long term is not ,nding a way to defeat all cyberattacks but learning how to survive despite the disruption and destruction they cause.
The United States has not so far experienced a “cyber 9/11,” and a cyber- attack that causes immediate cata- strophic physical e/ects isn’t likely in the future, either. But Americans’ trust in their government, their institutions, and even their fellow citizens is declin- ing rapidly—weakening the very foun- dations o* society. Cyberattacks prey on these weak points, sowing distrust in information, creating confusion and anxiety, and exacerbating hatred and misinformation. As people’s digital dependencies grow and the links among technologies, people, and institutions become more tenuous, this cyberthreat to trust will only become more existen- tial. It is this creeping dystopian future that policymakers should worry about— and do everything possible to avert.
THE TIES THAT BIND Trust, de,ned as “the ,rm belie* in the reliability, truth, ability, or strength o* someone or something,” plays a central role in economies, societies, and the
A World Without Trust
Ja n u a r y / Fe b r u a r y 2 0 2 2 25
regime’s willingness to give control to lower levels o* military units in war- fare. For example, the political scientist Caitlin Talmadge notes how Saddam Hussein’s e/orts to coup-proo. his military through the frequent cycling o* o-cers through assignments, the restriction o0 foreign travel and train- ing, and perverse regime loyalty pro- motion incentives handicapped the otherwise well-equipped Iraqi military. Trust also enables militaries to experi- ment and train with new technologies, making them more likely to innovate and develop revolutionary advance- ments in military power.
Trust also dictates the stability o* the international system. States rely on it to build trade and arms control agreements and, most important, to feel con,dent that other states will not launch a surprise attack or invasion. It enables international cooperation and thwarts arms races by creating the conditions to share information—thus defeating the suboptimal outcome o* a prisoner’s dilemma, wherein states choose con+ict because they are unable to share the information required for cooperation. The Russian proverb “Doveryai, no proveryai”—“Trust, but verify”—has guided arms control negotiations and agreements since the Cold War.
In short, the world today is more dependent on trust than ever before. This is, in large part, because o* the way information and digital technologies have proliferated across modern economies, societies, governments, and militaries, their virtual nature amplifying the role that trust plays in daily activities. This occurs in a few ways. First, the rise o* automation and autonomous technolo- gies—whether in tra-c systems, ,nan-
%"1s in the form o* checks, credit cards, or loans will be ful,lled. When individu- als and entities have trust in a ,nancial system, wages, pro,ts, and employment increase. Trust in laws about property rights facilitates trade and economic prosperity. The digital economy makes this generalized trust even more impor- tant. No longer do people deposit gold in a bank vault. Instead, modern econo- mies consist o* complicated sets o* digital transactions in which users must trust not only that banks are securing and safeguarding their assets but also that the digital medium—a series o* ones and zeros linked together in code— translates to an actual value that can be used to buy goods and services.
Trust is a basic ingredient o* social capital—the shared norms and intercon- nected networks that, as the political scientist Robert Putnam has famously argued, lead to more peaceful and prosperous communities. The general- ized trust at the heart o* social capital allows voters to delegate responsibility to proxies and institutions to represent their interests. Voters must trust that a repre- sentative will promote their interests, that votes will be logged and counted properly, and that the institutions that write and uphold laws will do so fairly.
Finally, trust is at the heart o. how states generate national power and, ultimately, how they interact within the international system. It allows civilian heads o* state to delegate command o* armed forces to military leaders and enables those military leaders to execute decentralized control o. lower- level military operations and tactics. States characterized by civil-military distrust are less likely to win wars, partly because o. how trust a/ects a
Jacquelyn Schneider
26 ! " # $ % & ' ( ! ! ( % # )
Additionally, operating in a digital world can produce distrust in owner- ship or control o* information: Are your photos private? Is your company’s intellectual property secure? Did government secrets about nuclear weapons make it into an adversary’s hands? Finally, cyber-operations create distrust by manipulating social net- works and relationships and ultimately deteriorating social capital. Online personas, bots, and disinformation campaigns all complicate whether individuals can trust both information and one another. All these cyberthreats have implications that can erode the foundations on which markets, socie- ties, governments, and the international system were built.
The digitally dependent economy is particularly vulnerable to degradations o* trust. As the modern market has become more interconnected online, cyberthreats have grown more sophisticated and ubiquitous. Yearly estimates o* the total economic cost o* cyberattacks range from hundreds o. billions to trillions o* dollars. But it isn’t the ,nancial cost o* these attacks alone that threatens the modern economy. Instead, it is how these persistent attacks create distrust in the integrity o* the system as a whole.
Nowhere was this more evident than in the public’s response to the ransom- ware attack on the American oil pro- vider Colonial Pipeline. In May 2021, a criminal gang known as DarkSide shut down the pipeline, which provides about 45 percent o* the fuel to the East Coast o* the United States, and demanded a ransom, which the company ultimately paid. Despite the limited impact o* the attack on the company’s ability to provide oil to its customers, people
cial markets, health care, or military weapons—necessitates a delegation o* trust whereby the user is trusting that the machine can accomplish a task safely and appropriately. Second, digital informa- tion requires the user to trust that data are stored in the right place, that their values are what the user believes them to be, and that the data won’t be manipu- lated. Additionally, digital social media platforms create new trust dynamics around identity, privacy, and validity. How do you trust the creators o* infor- mation or that your social interactions are with an actual person? How do you trust that the information you provide others will be kept private? These are relatively complex relationships with trust, all the result o* users’ dependence on digital technologies and information in the modern world.
SUSPICION SPREADS All the trust that is needed to carry out these online interactions and exchanges creates an enormous target. In the most dramatic way, cyber-operations generate distrust in how or whether a system operates. For instance, an exploit, which is a cyberattack that takes advantage o* a security +aw in a computer system, can hack and control a pacemaker, causing distrust on the part o* the patient using the device. Or a micro- chip backdoor can allow bad actors to access smart weapons, sowing distrust about who is in control o* those weap- ons. Cyber-operations can lead to distrust in the integrity o* data or the algorithms that make sense o* data. Are voter logs accurate? Is that arti,cial- intelligence-enabled strategic warning system showing a real missile launch, or is it a blip in the computer code?
A World Without Trust
Ja n u a r y / Fe b r u a r y 2 0 2 2 27
all become ransomware targets— whereby systems are taken o2ine or rendered useless until the victim pays up. In the cross hairs are virtual class- rooms, access to judicial records, and local emergency services. And while the immediate impact o* these attacks can temporarily degrade some governance and social functions, the greater danger is that over the long term, a lack o0 faith in the integrity o* data stored by gov- ernments—whether marriage records, birth certi,cates, criminal records, or property divisions—can erode trust in the basic functions o* a society. Democ- racy’s reliance on information and social capital to build trust in institutions has proved remarkably vulnerable to cyber- enabled information operations. State- sponsored campaigns that provoke questions about the integrity o* gover- nance data (such as vote tallies) or that fracture communities into small groups o* particularized trust give rise to the kind o0 forces that foment civil unrest and threaten democracy.
Cyber-operations can also jeopardize military power, by attacking trust in modern weapons. With the rise o* digital capabilities, starting with the microprocessor, states began to rely on smart weapons, networked sensors, and autonomous platforms for their militar- ies. As those militaries became more digitally capable, they also became susceptible to cyber-operations that threatened the reliability and functional- ity o* these smart weapons systems. Whereas a previous focus on cyber- threats ,xated on how cyber-operations could act like a bomb, the true danger occurs when cyberattacks make it di-cult to trust that actual bombs will work as expected. As militaries move
panicked and +ocked to gas stations with oil tanks and plastic bags to stock up on gas, leading to an arti,cial shortage at the pump. This kind o* distrust, and the chaos it causes, threatens the founda- tions not just o* the digital economy but also o* the entire economy.
The inability to safeguard intellectual property from cybertheft is similarly consequential. The practice o* stealing intellectual property or trade secrets by hacking into a company’s network and taking sensitive data has become a lucrative criminal enterprise—one that states including China and North Korea use to catch up with the United States and other countries that have the most innovative technology. North Korea famously hacked the pharmaceutical company P,zer in an attempt to steal its 3"4%5-19 vaccine technology, and Chinese ex,ltrations o* U.S. defense industrial base research has led to copycat technological advances in aircraft and missile development. The more extensive and sophisticated such attacks become, the less companies can trust that their investments in research and development will lead to pro,t—ul- timately destroying knowledge-based economies. And nowhere are the threats to trust more existential than in online banking. I* users no longer trust that their digital data and their money can be safeguarded, then the entire compli- cated modern ,nancial system could collapse. Perversely, the turn toward cryptocurrencies, most o* which are not backed by government guarantees, makes trust in the value o* digital information all the more critical.
Societies and governments are also vulnerable to attacks on trust. Schools, courts, and municipal governments have
Jacquelyn Schneider
28 ! " # $ % & ' ( ! ! ( % # )
cyberspace makes attribution and determining intent harder, further threatening trust and cooperation in the international system. For example, Israeli spyware aiding Saudi govern- ment e/orts to repress dissent, o/-duty Chinese military hacktivists, criminal organizations the Russian state allows but does not o-cially sponsor—all make it di-cult to establish a clear chain o* attribution for an intentional state action. Such intermediaries also threaten the usefulness o* o-cial agreements among states about what is appropriate behavior in cyberspace.
LIVING WITH FAILURE To date, U.S. solutions to dangers in cyberspace have focused on the cyber- space part o* the question—deterring, defending against, and defeating cyber- threats as they attack their targets. But these cyber-focused strategies have struggled and even failed: cyberattacks are on the rise, the e-cacy o* deterrence is questionable, and o/ensive ap- proaches cannot stem the tide o* small- scale attacks that threaten the world’s modern, digital foundations. Massive exploits—such as the recent hacks o* SolarWinds’ network management software and Microsoft Exchange Server’s email software—are less a failure o* U.S. cyberdefenses than a symptom o. how the targeted systems were conceived and constructed in the ,rst place. The goal should be not to stop all cyber-intrusions but to build systems that are able to withstand incoming attacks. This is not a new lesson. When cannons and gunpowder debuted in Europe in the fourteenth and ,fteenth centuries, cities struggled to survive the onslaught o* the new
farther away from the battle,eld through remote operations and com- manders delegate responsibility to autonomous systems, this trust becomes all the more important. Can militaries have faith that cyberattacks on autono- mous systems will not render them ine/ective or, worse, cause fratricide or kill civilians? Furthermore, for highly networked militaries (such as that o* the United States), lessons taken from the early information age led to doctrines, campaigns, and weapons that rely on complex distributions o* information. Absent trust in information or the means by which it is being disseminated, militaries will be stymied—awaiting new orders, unsure o. how to proceed.
Together, these factors threaten the fragile systems o* trust that facilitate peace and stability within the interna- tional system. They make trade less likely, arms control more di-cult, and states more uncertain about one anoth- er’s intentions. The introduction o* cybertools for spying, attacks, and theft has only exacerbated the e/ects o* distrust. O/ensive cyber-capabilities are di-cult to monitor, and the lack o* norms about the appropriate uses o* cyber-operations makes it di-cult for states to trust that others will use restraint. Are Russian hackers exploring U.S. power networks to launch an imminent cyberattack, or are they merely probing for vulnerabilities, with no future plans to use them? Are U.S. “defend forward” cyber-operations truly to prevent attacks on U.S. networks or instead a guise to justify o/ensive cyberattacks on Chinese or Russian command-and-control systems? Mean- while, the use o* mercenaries, interme- diaries, and gray-zone operations in
A World Without Trust
Ja n u a r y / Fe b r u a r y 2 0 2 2 29
economy, critical infrastructure, and military power must prioritize resil- ience. This requires decentralized and dense networks, hybrid cloud struc- tures, redundant applications, and backup processes. It implies planning and training for network failure so that individuals can adapt and continue to provide services even in the midst o* an o/ensive cyber-campaign. It means relying on physical backups for the most important data (such as votes) and manual options for operating systems when digital capabilities are unavail- able. For some highly sensitive systems (for instance, nuclear command and control), it may be that analog options, even when less e-cient, produce remarkable resilience. Users need to trust that digital capabilities and net- works have been designed to gracefully degrade, as opposed to catastrophically fail: the distinction between binary trust (that is, trusting the system will work perfectly or not trusting the system at all) and a continuum o* trust (trusting the system to function at some percentage between zero and 100 percent) should drive the design o* digital capabilities and networks. These design choices will not only increase users’ trust but also decrease the incen- tives for criminal and state-based actors to launch cyberattacks.
Making critical infrastructure and military power more resilient to cyber- attacks would have positive e/ects on international stability. More resilient infrastructure and populations are less susceptible to systemic and long-lasting e/ects from cyberattacks because they can bounce back quickly. This resilience, in turn, decreases the incentives for states to preemptively strike an adver-
,repower. So states adapted their forti,cations—dug ditches, built bas- tions, organized cavaliers, constructed extensive polygonal edi,ces—all with the idea o* creating cities that could survive a siege, not stop the cannon ,re from ever occurring. The best forti,ca- tions were designed to enable active defense, wearing the attackers down until a counterattack could defeat the forces remaining outside the city.
The forti,cation analogy invites an alternative cyberstrategy in which the focus is on the system itself—whether that’s a smart weapon, an electric grid, or the mind o* an American voter. How does one build systems that can con- tinue to operate in a world o* degraded trust? Here, network theory—the study o. how networks succeed, fail, and survive—o/ers guidance. Studies on network robustness ,nd that the strongest networks are those with a high density o* small nodes and mul- tiple pathways between nodes. Highly resilient networks can withstand the removal o* multiple nodes and linkages without decomposing, whereas less resilient, centralized networks, with few pathways and sparser nodes, have a much lower critical threshold for degradation and failure. I* economies, societies, governments, and the interna- tional system are going to survive serious erosions o* trust, they will need more bonds and links, fewer dependen- cies on central nodes, and new ways to reconstitute network components even as they are under attack. Together, these qualities will lead to generalized trust in the integrity o* the systems. How can states build such networks?
First, at the technical level, networks and data structures that undergird the
Jacquelyn Schneider
30 ! " # $ % & ' ( ! ! ( % # )
and out-group divisions. Algorithms and clickbait designed to promote outrage only galvanize these divisions and decrease trust o* those outside the group.
Governments can try to regulate these forces on social media, but those virtual enclaves re+ect actual divisions within society. And there’s a feedback loop: the distrust that is building online leaks out into the real world, separating people further into groups o* “us” and “them.” Combating this requires education and civic engage- ment—the bowling leagues that Put- nam said were necessary to rebuild Americans’ social capital (Putnam’s book Bowling Alone, coincidentally, came out in 2000, just as the Internet was beginning to take o/). After two years o* a global pandemic and a further splintering o* Americans into virtual enclaves, it is time to reenergize physical communities, time for neigh- borhoods, school districts, and towns to come together to rebuild the links and bonds that were severed to save lives during the pandemic. The fact is that these divisions were festering in American communities even before the pandemic or the Internet accelerated their consolidation and ampli,ed their power. The solution, therefore, the way to do this kind o* rebuilding, will not come from social media, the 3$"s o* those platforms, or digital tools. In- stead, it will take courageous local leaders who can rebuild trust from the ground up, ,nding ways to bring together communities that have been driven apart. It will take more frequent disconnecting from the Internet, and from the synthetic groups o* particular- ized trust that were formed there, in order to reconnect in person. Civic
sary online, since they would question the e-cacy o* their cyberattacks and their ability to coerce the target popula- tion. Faced with a di-cult, costly, and potentially ine/ective attack, aggressors are less likely to see the bene,ts o* chancing the cyberattack in the ,rst place. Furthermore, states that focus on building resilience and perseverance in their digitally enabled military forces are less likely to double down on ,rst-strike or o/ensive operations, such as long-range missile strikes or cam- paigns o* preemption. The security dilemma—when states that would otherwise not go to war with each other ,nd themselves in con+ict because they are uncertain about each other’s inten- tions—suggests that when states focus more on defense than o/ense, they are less likely to spiral into con+icts caused by distrust and uncertainty.
HUMAN RESOURCES Solving the technical side, however, is only part o* the solution. The most important trust relationships that cyberspace threatens are society’s human networks—that is, the bonds and links that people have as individuals, neigh- bors, and citizens so that they can work together to solve problems. Solutions for making these human networks more durable are even more complicated and di-cult than any technical ,xes. Cyber- enabled information operations target the links that build trust between people and communities. They undermine these broader connections by creating incen- tives to form clustered networks o* particularized trust—for example, social media platforms that organize groups o* like-minded individuals or disinforma- tion campaigns that promote in-group
A World Without Trust
Ja n u a r y / Fe b r u a r y 2 0 2 2 31
ance over convenience or deterring and defeating cyberthreats. And the initial cost o* these measures to foster trust falls disproportionately on democracies, which must cultivate generalized trust, as opposed to the particularized trust that autocracies rely on for power. This can seem like a tough pill to swallow, especially as China and the United States appear to be racing toward an increasingly competitive relationship.
Despite the di-culties and the cost, democracies and modern economies (such as the United States) must prioritize building trust in the systems that make societies run—whether that’s the electric grid, banks, schools, voting machines, or the media. That means creating backup plans and fail-safes, making strategic decisions about what should be online or digital and what needs to stay analog or physical, and building networks—both online and in society—that can survive even when one node is attacked. I* a stolen pass- word can still take out an oil pipeline or a fake social media account can con- tinue to sway the political opinions o* thousands o* voters, then cyberattacks will remain too lucrative for autocracies and criminal actors to resist. Failing to build in more resilience—both technical and human—will mean that the cycle o* cyberattacks and the distrust they give rise to will continue to threaten the foundations o* democratic society.!
education could help by reminding communities o* their commonalities and shared goals and by creating critical thinkers who can work for change within democratic institutions.
BOWLING TOGETHER There’s a saying that cyber-operations lead to death by a thousand cuts, but perhaps a better analogy is termites, hidden in the recesses o0 foundations, that gradually eat away at the very structures designed to support people’s lives. The previous strategic focus on one-o/, large-scale cyber-operations led to bigger and better cyber-capabilities, but it never addressed the fragility within the foundations and networks themselves.
Will cyberattacks ever cause the kind o* serious physical e/ects that were feared over the last two decades? Will a strategy focused more on trust and resilience leave states uniquely vulner- able to this? It is o* course impossible to say that no cyberattack will ever pro- duce large-scale physical e/ects similar to those that resulted from the bombing o0 Pearl Harbor. But it is unlikely—be- cause the nature o* cyberspace, its virtual, transient, and ever-changing character, makes it di-cult for attacks on it to create lasting physical e/ects. Strategies that focus on trust and resilience by investing in networks and relationships make these kinds o* attacks yet more di-cult. Therefore, focusing on building networks that can survive incessant, smaller attacks has a fortuitous byproduct: additional resil- ience against one-o/, large-scale at- tacks. But this isn’t easy, and there is a signi,cant tradeo/ in both e-ciency and cost for strategies that focus on resilience, redundancy, and persever-
