THE BLOG

Forget The Red Line, Worry About the Digital Line

When Washington is up in arms over a "Red Line", it usually has something to do with the oft-delayed and perpetually overcrowded Metro line. Now of course, we are dealing with a completely different situation involving what was apparently an off-hand line from President Obama about what would force him to act in the Syrian civil war.

As the President and Congress wind their way down the serpentine path to bombing (or not) Syria, we ought to realize that the real implications of this potential. For the first time in at least 50 years, we may be about to engage a foe that can quickly strike back at the United States and has -- in fact -- made it clear that it will do so.

Since the end of World War II, the U.S. has basically not engaged in a direct military conflict with an enemy that could directly harm the continental United States. Sure, we faced foes that could and would support sporadic terrorist reprisals after American military action -- anyone remember Gaddafi's bombing of a Berlin disco in retribution for our air raids against him? Those are distant memories, and that relative lack of fear of retribution has colored our many military adventures. However, in the 21st century, we now face a completely different dynamic: a physical attack on Syria will almost assuredly provoke cyber-attacks on the United States. Welcome to the precipice of the digital line.

This represents a fundamental altering of the military and national security balance across the world. The past 60 plus years has been all about proliferation control: bans on chemical and biological weapons, nuclear non-proliferation treaties, nuclear test bans, and so on. Even the spread of certain "conventional" weapons has been controlled -- acquisitions of submarines, aircraft carriers, long range aircraft, and ballistic missiles have been carefully monitored and at times disrupted by global superpowers.

The net result of those efforts has been that with very few exceptions, no nation has truly had the capability to strike at the continental United States as it saw fit. Obviously terrorists have been able to sporadically ply their deadly trade in the United States, but such attacks typically have only come long after after military action has occurred.

With Syria, we face a completely different picture. We are dealing with an attack vector over which we have virtually no control. Cyber threats come in many shapes and forms, and the points of entry are essentially infinite. Syria, its allies, and friends can use innumerable different types of viruses, worms, and other forms of malware to strike back -- or even preemptively -- at the United States. No amount of export control or "battlefield preparation" is going to completely eliminate the cyber threat, or potentially even materially degrade it. We might be able to prevent some methods of cyberattack, but that only represents a small fraction of the threats we face.

Additionally, our foes now have the ability to deliver a disruptive or potentially destructive attack on American soil with previously unheard of speed. Not since the days of "mutually assured destruction" has America faced such a realistic threat of immediate counterstrikes by our enemies. Realistically it is doubtful that Syria could launch a cyberattack that would rival a Soviet ICBM onslaught, but there is little reason to dismiss the idea that it or any other reasonably sophisticated country could unleash a cyberattack that could disrupt some part of our economy. The Pro-Assad "Syrian Electronic Army" mainly stuck to cyber vandalism (shutting down or defacing websites), but we must be wary of the possibility that they have additional, more destructive capabilities up their sleeve.

Even more disconcerting is the fact that our potential enemies can easily purchase disruptive or destructive cyber capabilities from the cyber-underworld. McAfee recently published a study on "cybercrime as a service" wherein it noted the amazingly minimal costs associated with outsourcing cyberattacks. For just a few dollars an hour anyone can retain individuals who will shut down public websites, or for a slightly heavier investment (prices starting at $5,000) a "zero day" attack (a new piece of malware designed to exploit previously unknown vulnerabilities) can be yours. Thus anyone with a few dollars can amass quite a digital arsenal for counterattack purposes.

True, it is unlikely that a few keystrokes from Syrian sympathizers will set our economy back 100 years. Their capabilities are limited, and if they were to cause any true harm to the United States it would likely have to be done with the assistance of another rogue state like Iran or a "frenemy" like Russia. Nevertheless, technology does exist to easily cause some disruption and possibly physical destruction in the United States as soon as we decide to lob a few cruise missiles at Damascus.

In light of all that, what will ultimately define any conflict with Syria is the fact that we will have crossed a digital line, where are enemies can retaliate quickly and effectively without launching a single plane or missile.

And thus we have 21st century national security politics -- it is going to be ugly out there.

Brian Finch (Twitter: @BrianEFinch) is a partner at Dickstein Shapiro LLP, and leads the firm's Global Security practice. He can be reached at finchb@dicksteinshapiro.com.

Subscribe to the World Post email.