Mutually assured cyberdestruction?

IN March the White House invited all the members of the Senate to a classified simulation on Capitol Hill demonstrating what might happen if a dedicated hacker — or an enemy state — decided to turn off the lights in New York City. In the simulation, a worker for the power company clicked on what he thought was an e-mail from a friend; that “spear phishing” attack started a cascade of calamities in which the cyberinvader made his way into the computer systems that run New York’s electric grid. The city was plunged into darkness; no one could find the problem, much less fix it. Chaos, and deaths, followed.

The administration ran the demonstration — which was far more watered-down than the Pentagon’s own cyberwar games — to press Congress to pass a bill that would allow a degree of federal control over protecting the computer networks that run America’s most vulnerable infrastructure. The real lesson of the simulation was never discussed: cyberoffense has outpaced the search for a deterrent, something roughly equivalent to the cold-war-era concept of mutually assured destruction. There was something simple to that concept: If you take out New York, I take out Moscow.

But there is nothing so simple about cyberattacks. Usually it is unclear where they come from. That makes deterrence extraordinarily difficult. Moreover, a good deterrence “has to be credible,” said Joseph S. Nye, the Harvard strategist who has written the deepest analysis yet of what lessons from the atomic age apply to cyberwar. “If an attack from China gets inside the American government’s computer systems, we’re not likely to turn off the lights in Beijing.” Professor Nye calls for creating “a high cost” for an attacker, perhaps by naming and shaming.