Today cyberattackers believe there is almost no risk that the United States or any other power would retaliate with significant sanctions, much less bombs, troops or even a counter cyberattack. And though Secretary of Defense Jim Mattis has said the United States should be prepared to use nuclear weapons to deter a huge non-nuclear attack, including using cyberweapons, against its electric grid and other infrastructure, most experts consider the threat hollow.
At his confirmation hearings in March to become director of the N.S.A. and commander of the United States Cyber Command, Gen. Paul Nakasone was asked whether our adversaries think they will suffer if they strike us with cyberweapons. “They don’t fear us,” General Nakasone replied.
So while the United States remains the greatest cyberpower on earth, it is increasingly losing daily cyberconflicts. The range of American targets is so wide and deep that it is almost impossible to understand all of the vulnerabilities. And because most of those targets don’t belong to the government — banks, power grids, shipping systems, hospitals and internet-linked security cameras, cars and appliances — confusion reigns over who is responsible for defending them and who will decide when to strike back. We have the most fearsome cyberweaponry on the planet, yet we’re afraid to use it for fear of what will come next.