Editor’s Note: We are very excited to publish the inaugural installment of Strategic Outpost, a new column by David Barno and Nora Bensahel. Their column will appear every other Tuesday.
A senior government official recently posed the provocative question: “Is land warfare dead?”
While his premise was primarily directed at the Army and Marines, the broader question is relevant to all of the military services: Are all forms of traditional warfare – land, sea, and air – dead?
This question might seem flippant, given the enormous challenges of dealing with the Islamic State in Iraq and Syria, the Russians in eastern Ukraine, and Chinese assertiveness in the South China Sea. Traditional forms of warfare – which one of us has described as “Wars of Iron” – are not dead. But they are becoming increasingly irrelevant to the average American.
Allies and adversaries alike have learned a key lesson from all U.S. wars since the 1991 Gulf War: fighting the United States in a conventional, force-on-force battle is a recipe for failure. Instead, fighting the United States successfully requires an asymmetric approach that extends beyond military means.
In the coming years, the key national security challenges facing the United States will be centered less and less on states or other actors who employ traditional forms of military power to accomplish their objectives. Perhaps even more importantly, individual Americans will increasingly experience threats to their security not from enemy tanks, bombers, or submarines, but through indirect, asymmetrical means.
Other than the potential risk of a nuclear terrorist attack, the most disruptive of these will be delivered through the cyber domain. The United States is arguably more vulnerable to asymmetric threats from the digital domain than any other nation on earth – our entire society now relies almost entirely upon the cyber realm simply to function every day.
The recent attacks on Sony in response to their wicked film spoof of North Korean leader Kim Jong-Un are an overdue wakeup call, but only one example. In 2014, there were publicly reported hacker attacks against financial services company J.P. Morgan Chase, retailers Neiman Marcus and eBay, and communications firms AT&T, Yahoo, and Google. Criminal attacks targeting credit data at stores like Target and Home Depot are now almost commonplace. And these are just the events we hear about. While attributing the source of these attacks – and estimating the damage they have caused – remains difficult, their impact and growing frequency cannot be dismissed. A Justice Department indictment of five Chinese People’s Liberation Army officers for cyber-theft of intellectual property last year was a strong harbinger of this mounting threat to Americans.
Yet the larger threat is the wholesale disruption of the very digital fabric that allows American society to function – such as the networks that undergird the financial system, power grids, the air traffic control system, and energy flows. A sophisticated attacker could severely damage a number of these vital webs simultaneously. And the sustained damage may far exceed any immediate disruption. Such a massive attack could quickly erode citizen confidence in our entire system of trade, records, and transport – the intricate symphony of interrelated events we take for granted every day, but upon which our society depends. This central nervous system of the nation is now at catastrophic risk.
Yet the United States continues to spend a staggeringly large part of its national security budget on traditional threats. The 2015 Department of Defense (DOD) budget tops $500 billion, but most of its capabilities investments are still squarely aimed at building more effective conventional warfare tool sets – bigger and better bombers, fighters, armored vehicles, and warships. The F-35 fifth generation jet fighter program alone has an expected lifetime cost of nearly $1 trillion, an unprecedented investment in high-end warfighting hardware. DOD cyber spending has increased in recent years, but even defense experts often fail to realize that these efforts focus primarily on DOD networks and cyber warfare. They are not designed to address the broad societal vulnerability to digital threats.
In 1999, two colonels in China’s People’s Liberation Army, Qiao Liang and Wang Xiangsui, published a little-noticed volume called “Unrestricted Warfare.” They argued that a rising power like China would have little chance of competing militarily with an established dominant military power like the United States. They recognized that China could only prevail in a conflict with the United States by thinking and acting asymmetrically – fundamentally bypassing American strengths and striking at U.S. vulnerabilities.
Qiao and Wang listed a number of areas where concerted action against the United States would be immensely more effective in achieving China’s political objectives than military attacks would be. These included economic warfare, financial warfare, telecommunications and network warfare, resource warfare, information and media warfare, and international law warfare, to name but a few. Some of these ideas have already been incorporated into official Chinese military thinking. In 2015, it takes little imagination to see how many of these domains embody the core strengths and profound vulnerabilities of the United States. And yet the Department of Defense has at best a peripheral role in protecting Americans from the disruption and the collapse of vital functions should even one of these areas be successfully attacked and effectively upended – and the coercion such painful attacks could enable.
In the next few years, a catastrophic asymmetric attack on the United States is most likely to emanate from the cyber domain – and DOD would almost certainly be quickly mobilized to respond. If the response to the 9-11 attacks is any guide, the government might task DOD to deal with this critical vulnerability. In a world where decentralized access to hacking skills and entree to global networks is simple, and where attribution for attacks is maddeningly difficult, this would be the wrong answer. The militarization of cyber defense directed across the infinite array of cyber users would likely be fruitless, ineffective, and fought with stubborn resistance by businesses and individuals alike.
DOD should clearly not be the lead agency responsible for shielding American citizens, industry, and public utilities from this growing threat. That responsibility is shared widely with other U.S. government agencies, state and local governments, the private sector, and individual citizens (to practice what DOD and others call “cyber hygiene”). But DOD does have a role, and one that can begin now to better protect the nation.
Rather than mobilizing more and more active duty manpower and building new organizations to exploit cyber operations, DOD should leverage its own asymmetric options – it should turn to its reserve components. The ranks of the National Guard and reserves are filled with members who have civilian pursuits that equip them with diverse skills often far beyond their military specialties. A number of these patriotic Americans work in the technology and cyber domains, and many more could be recruited.
Even more importantly, the National Guard has a unique dual role. Its primary domestic mission is to respond to civil crises at the state level, whenever requested by the governor. Furthermore, it has authorities and responsibilities that lend themselves well to ongoing cyber vigilance and partnering with private industry to better grasp the scope of this pervasive and compelling problem. Guardsmen and women would be among the first called to respond to a widespread disaster resulting from the physical disruption of a massive cyber attack. Their role before the attack must now expand to leverage their unique, dual state and federal responsibilities for prevention, as well as response.
DOD must continue to invest in conventional war capabilities, to deter potential adversaries from concluding that the age of U.S. military superiority is over. But in many ways, the United States continues to overinvest in those capabilities compared to the increasingly urgent – and potentially existential – threat posed by today’s massive societal vulnerability to asymmetric attacks. DOD needs to rethink its current priorities to stay relevant to the core security threats now facing individual Americans, and find innovative ways to use the full range of talents in its active and reserve components to better protect the nation’s security in this new, uncharted space.
Lt. General David W. Barno, USA (Ret.) is a Distinguished Practitioner in Residence, and Dr. Nora Bensahel is a Distinguished Scholar in Residence, at the School of International Service at American University. Their column appears in War on the Rocks every other Tuesday.
Photo credit: The U.S. Army