Pernicious, pervasive and yet potentially undetectable, cyberwar will take the shape of the theft of vast amounts of intellectual property, causing great damage to America's economic vitality in the process. It will include denial of service attacks masked as internet outages, power shortages and other disruptions to society. And it will take the form of covert information operations that seek to tear at the roots of our democracy.
This is no longer unimaginable. Indeed, it may well already be underway in the form of a low-intensity conflict with Russia.
The incidents, perhaps unappreciated by those who see conflict principally in terms of bullets and bombs, are warnings of what we may expect in digital life and warfare in the 21st century.
For as long as nation states have been in conflict with each other, they have sought advantages against their adversaries through information operations -- through the collection of tactical information, the dissemination of propaganda, and more recently through exfiltration, manipulation and exploitation of an adversary's most vital information.
Of course, all major powers, including the United States, engage in information operations in various contexts today. But last month's attack on the US, and the exploitation of connected devices to take down parts of the internet, reflect a new clear and present danger to our emerging online world of connected lives and things.
What the hackers did is relatively simple and seemingly mundane, but the implications are great. In the case of recent internet outages, hackers "weaponized" hundreds of thousands everyday devices -- DVRs, webcams and other common products -- with malware code to attack and shut down sites that support and sustain our economy like Twitter and Paypal.
In addition, hackers have sought to infiltrate the Illinois State Board of Elections
, the Arizona election system
and elsewhere, and to steal or manipulate information vital to our upcoming election
-- voter registration data, key campaign emails of individuals and of the Democratic National Committee.
The Department of Homeland Security has now reportedly had requests for security assistance
from no fewer than 46 states and 35 counties and local election agencies as election officials scramble to prevent damage.
But the damage -- in terms of loss of confidence in our democratic institutions -- has already been done. And we are still not out of the woods. While there are a number of protections inherent in the US election infrastructure that make it relatively difficult to attack the way we vote, targeted intrusions against individual voter registration databases, i.e. against who gets to vote, are still possible.
In terms of the way we vote, US voting procedures and practices are decentralized; they have been delegated to state and local governments and are run by around 8,000 independent local jurisdictions
. The varied nature of each jurisdiction's voting systems and technologies makes it so that an attacker would have to tailor an attack to each and every system in each and every jurisdiction -- very hard.
Plus, the vast majority of voting machines are not even connected to the internet, and there are numerous processes for outside observers -- the media, campaign officials and third parties -- to audit and validate results. So changing votes or the outcome of a national election is unlikely.
But suppressing voting in targeted districts is a concern. Illicit access to the nation's voter rolls makes possible the manipulation or deletion of voter data and could potentially see disruption in the availability of these databases, which could impact a voter's ability to vote on Election Day.
This is critical because as everyone knows, only registered voters can vote. If your voter registration file is hacked, however, and your name or address data is changed, or your record is deleted, then when you present yourself to vote, your record may not be found or may not match and you will be turned away.
Worse, if something like this is reported and lines begin to form, and rumors begin to spread, it may suppress additional voting as busy and already frustrated voters may simply choose to avoid voting altogether. In a tight election, like Bush v. Gore in 2000, an attack like this in a handful of targeted tipping point districts -- think key cities in Pennsylvania or North Carolina -- could be the difference between a candidate winning or losing a national election. In the world of geopolitics and security, this is regime change by other means -- overthrowing, in effect, the will of the people by way of a cyberattack.
Beyond the November election, though, these attacks are a warning of how conflict may occur in the future. In the 21st century, information has become the lifeblood of business and of our economy; databases have become a critical asset class for commerce.
Not surprisingly, as these assets have become increasingly prevalent and valuable, they have become more attractive targets to criminals as well. And that's precisely what we are seeing -- dramatic increases in identity theft, ransomware attacks and intellectual property theft, causing significant financial loss to individuals and businesses and our economy.
Against this backdrop, we see a parallel transformation in the nature of warfare. Instead of conventional military attacks -- i.e., adversaries focusing primarily on physically destroying their opponent's military forces and infrastructure -- nation states are increasingly launching cyberattacks against the very databases and information systems that make our infrastructure and world smarter, that sustain our economy, that bolsters our security, that maintains our democracy, and that improve how we live our lives.
This is warfare in the information age. If you can shut down the electric grid in Ukraine, or destroy centrifuges in Iran, or sabotage an election by manipulating data -- data that runs the grid, the centrifuges, or the way we vote -- you have a new attack vector: information bombs.
Make no mistake, Russia's likely attack on our election is a warning shot; it is a clear message for our next president that securing cyberspace must be a preeminent focus from day one. The next president will be the first president of the digital age, and will need to lead the nation through one of the most dramatic transformations in human history, disrupting all aspects of how we live and work, at the speed of light.
As such, we will need a cyberpolicy, legislative, economic and security agenda that pervades every element of the president's activities over the next four years. The president's advisers, staff, and Cabinet must be single-minded about this shift.
We must come to grips with a new murky and uncertain world where bright familiar lines between espionage and aggression, and between black and white notions of war and peace, don't exist. We must understand that as we move ever more deliberately into ubiquitous connectivity, we move equally from splendid isolation to uncertain integration, and vulnerability, as well.
With that in mind, we will have to ensure that the fundamental nature of our humanity and the fabric of our society is not torn apart by the distillation and subjugation of human activity through pervasive, remote, anonymous and autonomous connectivity, and potentially surveillance, too.
There is much that must be done. For a start, we must ensure that the global community establishes normative behavior for how we govern ourselves in cyberspace. In addition, we must put in place clear legal and judicial frameworks to prevent and minimize hacking, cybercriminal safe havens, cyberviolence and the current ambiguity in rules of the road that may unwittingly lead to state conflict.
And we must also build our digital and physical infrastructure with the requisite security and resilience baked in at all levels of cyberspace -- chip, device, network, and cloud -- to protect against emerging threats, while developing a new model for deterrence that not only thwarts Russian and other state cyberaggression, but other malicious actors as well.
There are also institutions so vital to the functioning of our democracy that as they go digital we must protect them akin to how we protect critical physical infrastructure. Our election system is one such example.
We will be electing a president who will begin his or her term in the midst of a new form of conflict and an emerging digital world that will define the next generation. The one thing we can and must each do in support of the next president -- and in defense of our nation under attack today -- is to vote. Don't let Russia or anyone take away that right, or your voice in our democracy.
Vote. And in the actions of each of us, we begin to help shape and secure the nation for all of us.