Because our social and economic structures are far more dependent on computer networks than those in any other country, a major cyberattack would do far more damage to us. Therefore, the situation in the cyber domain is more like this: We hurt you; you cripple us. That being the case, an offensive cyber strategy amounts to a suicidal trap…
His worry wasn’t (and isn’t) that the Chinese (or whoever) will one day, all of a sudden, set off the “logic bombs” that they’ve embedded throughout our computer-dependent power grids and financial networks—any more than the more sophisticated strategists of the 1950s and ’60s thought the Russians might, out of the blue, launch a nuclear first strike.
Rather, the issue is how foes might leverage their cyberwar assets to an advantage in a crisis—and what the United States needs to do, ahead of time, to nullify that advantage. For instance, let’s say China puts a move on Taiwan or the South China Sea—and threatens to trigger a power blackout in every American city if we interfere. In this sort of crisis, threatening to “retaliate in kind”—that is, to unleash John McCain’s “offensive capabilities”—would have little effect. What we need, Clarke wrote in his book, is “a credible defense,” which would cast doubt in the minds of potential attackers that their cyberattack would knock us out or paralyze the president with fear…
There was no putting Einstein’s genie back in the bottle, and there’s no putting back the cyber genie, either. But the early nuclear strategists had ideas on controlling this genie, ideas that have relevance for the new one, too—except for one thing: nearly everything about the cyber genie is very highly classified.
