In the aftermath of the American killing of Iran’s top general, Maj. Gen. Qassim Suleimani, and amid anxieties about Iranian retaliation, many are wondering what role cyberwarfare will play.

Cyberattacks certainly complicate things. A country that might not be able to attack the United States with an aircraft, missile or submarine can use a cyberattack to strike targets on American soil. And as the most common targets are civilian — electrical grids, hospitals, water facilities, transportation infrastructure — cyberwarfare disproportionately threatens citizens, linking American foreign policy with the everyday lives of ordinary Americans. It has the power to transform overseas crises into urgent domestic concerns.

So it’s no surprise that ordinary Americans are more alarmed by the specter of a cyberattack than by the distant threat of an Iranian attack in Iraq, Saudi Arabia or Israel.

But while the doomsday scenarios — of Iranian cyberattacks knocking out digitally dependent infrastructure like electric grids or health services — are alarming, they are a distraction. Tehran is a capable and prolific actor in the realm of cyberwarfare, but it has no proven ability to create large-scale physical damage through cyberoperations.

That matters. Recent research suggests that the effects of cyberattacks must be extensive in order to sway American public opinion: Americans are significantly less likely to support retaliation against cyberattacks than against airstrikes, even if both caused the same damage.

In a 2017 war game, conducted with leaders from 14 critical infrastructure sectors, the Naval War College found that only the most destructive cyberattacks led to requests for retaliation. These findings strongly suggest that Iranian cyberattacks must overcome a high bar to significantly affect American willingness to use force in the region.

And in reality, American airstrikes in Iraq, and Iranian drone and missile strikes in Saudi Arabia, have already surpassed the violent effects of any cyberattack in history.

Focus on the destructive effects of cyberattacks is a distraction from the real risk of escalation — highly alert military forces in the region inadvertently firing at one another or crossing redlines toward all-out war.

The Iranian cyberthreat the United States should be most concerned about is the way its online operations — defacing websites, altering military communications and running social media influence campaigns — slow down and frustrate American activities in the region.

In the short term, these types of cyberoperations, small scale but prolific, will hinder American capabilities to navigate the crisis. For a digitally dependent military like America’s, such cyberattacks degrade trust in navigation systems, communication and logistics, slowing down and confusing the precise, surgical operations the United States needs to execute to limit inadvertent escalation.

But the real effects of Iran’s cyberoperations won’t be felt in the immediate crisis; instead they will shape the long-term balance of power between Iran and the United States. Low-level but highly prolific cyberoperations degrade the viability of American economic and social institutions.

A 2018 White House Council of Economic Advisers report estimated that cyberoperations cost the American economy up to $100 billion in 2016. Small businesses spend on average $200,000 a year on cybersecurity-related expenses. More than cost, the threat can be existential for some industries, like finance, that are built on customers’ trust in the integrity of their data.

And the rise in cyber-enabled information operations and the exploitation of social media threatens American democratic processes. Iran is an active participant in these activities, magnifying our divisions to influence American domestic and foreign policy.

The good news is that the United States has already started to deal with these long-term cyberthreats. The current crisis shouldn’t derail these efforts. The Department of Defense’s 2018 cyberstrategy shifted the focus from deterring destructive cyberattacks to making an active effort to pre-emptively degrade the cybercapabilities of Iran (and other states).

But the response to such cyberthreats needs to go beyond the Department of Defense. The Department of Homeland Security should continue to disseminate timely cyberthreat intelligence to the private sector. And the government should provide resources to American businesses to defray the costs incurred from Iranian cyberattacks, especially those that stem from the current tensions.

Cyberoperations affect the ability of the United States to achieve its strategic goals, domestically and abroad. But they won’t push the current crisis toward war.

Jacquelyn Schneider (@JackieGSchneid) is a fellow at the Hoover Institution at Stanford University.

The Times is committed to publishing a diversity of letters to the editor. We’d like to hear what you think about this or any of our articles. Here are some tips. And here’s our email: letters@nytimes.com.

Follow The New York Times Opinion section on Facebook, Twitter (@NYTopinion) and Instagram.

Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App







National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.