In the event the U.S. ever did decide to cut loose, it would have a remarkably shitty quarter. The lack of cyberdefense would ensure that power grids would fail, vulnerable city bureaucracies would be left helpless, and all the businesses that forgot to update their Windows operating system from last decade’s would find they no longer have computers. In other words, it would hurt. But whoever the U.S. was going to war with would find themselves facing off against nearly four decades of surveillance, planning, and preparation by skilled, vengeful nerds. In the best-case scenario (for the targets), they would regress a century as everything from power to water to communications to shipping simply seized up, never coming on-line again until a complete computer-free overhaul was completed.
The Reagan administration’s guidance on cyber sat broadly unchanged for the next four presidents. Offensive cyber was used rarely and the U.S. refuses to discuss it. It is only under Donald Trump that some shifts have occurred. In Trump’s early months as executive the U.S. government leaked it had done something I find hilarious:
It didn’t simply identify the specific Russian agents who had interfered in the United States’ 2016 presidential elections, it sent cease-and-desist letters to those agents at their home addresses complete with enough personal touches to drive home to the Russian hackers that the U.S. government knew more about their personal lives than the Russian government itself.
What all this makes clear is that the U.S. realized it had undersold itself and underutilized its tools, which is quite literally the last thing you want to do with a deterrent. But times are changing and so, it appears, the pace of operations is picking up.
These operations involve extremely detailed pre-operational surveillance and planning so that when the time comes, the real break-in can happen easily. It creates options. The operation can go farther and, as the Times claims happened here, an implant ready to hurt critical infrastructure can be left at the ready. It’s a line that until recently the Americans claimed they did not cross except in exceptional cases.
The problem, of course, is that none of this, right up until the attack occurs, is public. Which makes deterrence more than a little bit of a problem.