Joseph Margulies: We Can't Get Our Heads Around Cyberattackers

05_16_Cyberattack_Who_01
Concertgoers hold up their cellphones at the 2015 Nobel Peace Prize Concert at the Telenor Arena in Oslo, Norway, on December 11, 2015. Joseph Margulies writes that hacking is not yet associated with an identifiable subgroup of the population. It therefore exists as an act without an actor. And with no actor, there can be no demon; on that score the lesson of history is perfectly clear. ODD ANDERSEN/AFP/Getty

This article first appeared on the Verdict site.

Though the United States was spared the worst of it, the devastating cyberattack that crippled approximately 200,000 computers in 150 countries last Friday revealed yet again the enormity of the threat posed by hackers who can cause incalculable damage from anywhere on the globe, so long as they have a reliable internet connection.

Yet the muted response to the attack in the national media and the public square reveals something even more important than the attack itself—something that has almost entirely escaped notice.

Cyberattacks of the sort unleashed last week represent an unprecedented challenge to national—indeed, to global—security. Yet the threat of such an attack does not prompt nearly the same sense of national urgency in this country as the far more modest threat of domestic attack by Islamic fundamentalists.

The former poses a risk that is greater in scope, scale and severity than anything facing the country today, dwarfing the risk posed by fundamentalists of any stripe. Yet the latter produces an unhinged hysteria, complete with overbroad travel bans, needless denunciations of Shar'ia law and literally thousands of hate crimes over the past fifteen years.

This hysteria is especially widespread among the most diehard Republicans, for whom antipathy toward Islam is almost literally an article of faith.

Why does the far greater risk generate far less national attention?

The first explanation is simple enough: Hacking is not yet associated with an identifiable subgroup of the population. It therefore exists as an act without an actor. And with no actor, there can be no demon; on that score the lesson of history is perfectly clear.

Notwithstanding the risk to national security, cyberattacks cannot be made to loom large in the public imagination unless and until they take on a human form—that is, until we can put a face to the threat.

Islamic fundamentalism, by contrast, fits perfectly in the American demonizing canon. We imagine that we can see , and therefore identify, target and contain the Islamic terrorist, just as we have over the years targeted and contained Black men and Brown immigrants. The magnitude of the threat, in other words, is not nearly as important as the complexion of the target.

A second explanation draws less on race than on politics. A relatively subdued response to the latest attack might be attributable to the imbroglio over Russian interference with the U.S. and French presidential elections.

Though last week's attack was not launched by Russia—in fact, Russian computers were among the hardest hit—one can easily imagine that Republican politicians and pundits would treat the attack as a third rail, avoiding it at all cost. To acknowledge—let alone to stress—the connection between hacking and national security makes it all but impossible to suggest that the investigation into Russian meddling should be anything but prompt, wide-ranging, and robust.

Coming fast on the heels of Trump's decision to fire FBI Director James Comey, one can readily see why this would be a subject the right would avoid.

Related: Sessions's Return to Zero Tolerance Policing Will Not Work

But perhaps the most important explanation is the most counterintuitive. Paradoxically, politicians and policymakers may opt to wave the flag of Islamic terror and ignore the risk of cyber-terror precisely because the former risk is small and insignificant, while the latter is massive and unmanageable.

To understand how this might be the case, consider the progeny of the latest virus. As of this writing, we do not yet know who is responsible for the attack, and it may have been simply a massive extortion scheme. But we do know a thing or two about the virus itself. The attackers, whoever they are, modified a cyber-weapon developed by and stolen from the National Security Agency (NSA), which sets the stage for what follows.

U.S. policymakers consider it perfectly legitimate for the NSA to develop and, if necessary, deploy such a weapon in defense of national interests. They consider it entirely appropriate, for instance, that U.S. cyber-spies would plant a computer virus to thwart North Korean or Iranian nuclear ambitions.

In fact, weapons like these are uniquely attractive, since they allow the U.S. to achieve its security goals without detection (at least, if all goes according to plan) and without putting U.S. troops at risk. And of course, other countries make the same calculus.

Related: Helping White Drug Addicts Doesn't Help Black Addicts

We can predict with great confidence, therefore, that the developed world will continue to invest in ever more sophisticated means of penetrating and disabling computer systems used by others.

This in turn spurs the development of equally more sophisticated counter-measures, creating a spiral of increasingly complex mousetraps and mice.

Yet this modern day arms race is unlike its Cold War predecessor. The former involved only a favored few, and for practical purposes meant a contest between the Soviet Union and the United States.

Now, by contrast, the entire world—and especially the world of international commerce—relies on the interconnectivity of the Internet. But the most recent attack makes plain that the tools developed to advance national security can be readily converted into a weapon of mass disruption.

Therein lies the rub. The same conditions that make cyberwarfare irresistible to the U.S. and other countries, and which guarantee its continued use, also make it irresistible to those who would misuse it. Meanwhile, the technology and expertise involved in launching these attacks have become more and more widespread, which means that weapons like these are not only irresistible but will be increasingly commonplace.

And the only surefire solution is to destroy or impair the interconnectivity that makes the Internet a unique engine of global productivity, and upon which the civilized world has come to depend. The result is a national security threat of unparalleled magnitude and exquisite irony—we have become utterly dependent on the very thing that makes us so vulnerable.

And that state of affairs is simply too terrifying to contemplate. People simply cannot wrap their minds around the idea that the most transformative technology of the modern era is also what creates unprecedented vulnerability.

When faced with conditions of this sort, people naturally tend to seize on small problems that seem to admit of easy solutions while ignoring the massive conundrums that seem utterly intractable, particularly if addressing the latter would require wholesale changes in their way of life.

Examples of this are everywhere. Many people fret, for instance, that their cars contribute unduly to climate change, and gladly pay more for a car that squeezes an extra mile or two out of each gallon of gas. Yet they ignore (or are oblivious to) the fact that the agricultural production of meat has a far more serious environmental impact.

Though certainly it is good to save gas, if you want to help the environment, you are better off giving up beef than giving up the Buick.

So why do so many make so much of so little? For all the worst reasons: Because they believe terror has a face, because spitting on that face allows them to ignore Russian intermeddling, and because it takes their mind off the iceberg that looms in our path.

Joseph Margulies is a professor of law and government at Cornell University. He is the author of What Changed When Everything Changed: 9/11 and the Making of National Identity (Yale 2013), and is also counsel for Abu Zubaydah, for whose interrogation the torture memo was written.