Debate: Should the U.S. Pursue an Offense-Oriented Cyber Warfare Strategy? | Opinion

Is America already in the midst of a cyber war—or is that overstating the case? More generally, what should our approach to this 21st-century warfare front look like? On the one hand, we need to always be on our toes; but on the other hand, it's never ideal to unnecessarily poke the beast. Perhaps this is merely the latest area in which foreign policy hawks and doves will disagree—or perhaps this debate is more intricate and complex than the old bromide of "hawk versus dove."

This week, Jamil N. Jaffer of George Mason University's Antonin Scalia Law School debates Bonnie Kristian of Defense Priorities on whether the U.S. should have an offense- or defense-oriented cyber warfare strategy.

We hope you enjoy the exchange.

Josh Hammer is Newsweek opinion editor.

The Best (Cyber) Defense Is a Good (Cyber) Offense

We are at war in cyberspace. While lawyers might quibble about the definitions of armed attacks and other niceties of international law, the fact of the matter is that, for around a decade, we've been in series of consistent—albeit small-scale—conflicts in cyberspace. These conflicts have intensified recently, particularly since the start of the COVID pandemic, and have had a massive impact on the American public and private sectors. One can hardly pick up a news magazine today without being assaulted by headlines about data breaches, ransomware, cyber-enabled financial crime or social media-spread misinformation and disinformation. Standing alone, cyber-enabled economic warfare conducted by China drains the American private sector of billions of dollars a year, with total damages estimated in the trillions. Former NSA Director Gen. Keith B. Alexander described this concerted effort as "the greatest transfer of wealth in human history," and former House Intelligence Committee Chairman Mike Rogers (R-MI)—nearly a decade ago—called out the ongoing cyber economic war.

Even worse, in the last six years alone, we've seen our adversaries undertake attacks tantamount to acts of war. For example, we've seen North Korea and Iran engage in the affirmative destruction of data and the bricking of computer systems here in the United States. And the threat level continues to grow. Just last year, then-Director of National Intelligence (DNI) Dan Coats told Congress that Iran is actively "preparing for cyber attacks against the United States and our allies" and is "capable of...disrupting a large company's corporate networks for days to weeks." During the same testimony, the DNI noted that "China has the ability to launch cyber attacks [in the U.S.] that [could] cause...disruption of a natural gas pipeline for days to weeks." Of course, we all know about Russia's wildly successful covert influence campaign that has undermined public confidence in our elections and rule of law institutions. While the Russian activities are likely to go down in history as among the most effective covert influence operations ever, what sometimes goes missed in all the election talk is the DNI's assessment that Russia is also actively "mapping our critical infrastructure with the long-term goal of being able to cause substantial damage," including by "disrupting an electrical distribution network for at least a few hours."

The U.S. Needs a Cyber Strategy Designed for Defense

Cyber warfare is a new arrival to the foreign policy toolkit—so much so that our government seems uncertain of how to classify it. Should we think of cyberattacks like sanctions? Airstrikes? Espionage? Is "warfare" a misnomer?

Though any terminology will have its flaws, cyberattacks are best considered a scalable tactic than can function as a weapon of war, a weapon—like any more conventional weapon—whose use by the United States should be subject to constitutional oversight, constrained by rules protecting innocent civilians and designed for defense.

U.S. Cyber Command joint operations center
U.S. Cyber Command joint operations center BRENDAN SMIALOWSKI/AFP via Getty Images