Advanced persistent conflicts in the cyber age
Today’s threat landscape can be defined by advanced persistent conflicts — advanced because the tools are increasingly technology based (think cyber); persistent because there is no definitional timeline, no beginning and therefore no end; and conflict because the lexicon of war is outdated. Historically, the military paradigm involved a progression from peace to crisis to war, and eventually back to peace. Conflicts, in the context of war, had clearly defined beginnings and ends. World War I, WWII, and the Cold War had defined enemies, defined timelines, and a call to action that was met by generations of soldiers who donned uniforms to serve their country. A clear threat, met with clear purpose, defined by a clear end to the conflict. The U.S. has been truly great at rising to the task in this environment — we are the perfect adversary for perfectly defined enemies.
Today, we live in an environment defined by persistent conflict but undefined, at least in the U.S., by a clear mission and a clear sense of the enemy. We behave in a gray zone with frenemies who invade our networks, steal our information, but buy our debt and support our economy. A declaration of war feels like a thing of the past. Take Stuxnet. An unnamed state actor used offensive cyber capability to destroy a sovereign nation’s infrastructure. In the last century, that would have qualified as a declaration of war. None was made this time.
And in this state of perpetual conflict, the U.S. faces an imminent threat from within, because our society, our political system, and our common will are not set up to do business and succeed against advanced persistent conflicts where our enemies are not storming our borders, but rather lurking in our networks, where they possess the power to cause as much destruction as they would with their weapons.
In fact, cyber-attacks represent perhaps the most troublesome component of today’s conflict landscape, regardless of whether they involve nations-states, criminals or terrorist groups. As Stuxnet made clear, cyber tools are capable of disrupting and destroying networks, physical infrastructure, and critical systems. Is it time to recognize that in the cyber age, there is and will be no peace for the United States and that this reality requires a new kind of call to action and clarity of purpose?
Unfettered by the shackles of a democratic process, the Chinese, by contrast, are able to set a priority, focus on it with a clarity of mission that allows them to pursue their goals with single-minded determination. This has been true with respect to espionage and intelligence gathering dating back to the 13th century and the time of the Great Khans, who devised the most sophisticated intelligence network known at the time (and for centuries to come). And when it comes to instantiating prolific intelligence networks and gathering sensitive information, the Chinese government continues to set a certain standard.
Recent headlines and developments clearly indicate that the Chinese are “fully engaged in leveraging all available resources to create a diverse, technically advanced ability to operate in cyberspace as another means of meeting military and civilian goals for national development.” There are lessons to be learned from the Chinese: Singular focus on a mission; infrastructure commitment to support the mission; proper alignment of incentives; leadership. While I don’t believe that the Chinese focus on information warfare poses an existential economic threat to the U.S., it clearly presents a significant military and national security threat, a threat that needs to be addressed day-to-day with equal clarity of mission, embraced publicly and privately. The challenge is just as equally an obligation of the private sector to embrace as it is of our government.
And if the strength of China is singular and long-term focus, the strength of America is innovation, determination, and fearlessness — strengths resident in our businesses and entrepreneurs more than anywhere else. If every entrepreneur in Silicon Valley embraced the concept that we live in the age of perpetual global conflict fueled by offensive cyber-attacks, with a multitude of adversaries (criminal and state-run), some of whom are simultaneously friend and foe, and we need to re-invent our approach to security, how quickly could we vitiate and even eliminate this threat?
It is time to recognize that we are all under attack and you no longer have to wear a uniform to be a soldier in today’s conflict.
Niloofar Razi Howe is a managing director at Paladin Capital Group, a Washington, D.C.-based private equity firm focused on investing globally in the homeland security sector, with a particular focus on security in the cyber age. Prior to Paladin Paladin, Niloofar was a consultant with McKinsey & Company. She graduated cum laude from Harvard Law School and received her B.A. from Columbia College.