open menu

Online Exclusives

Internet Watchdog Says Nation’s Cybersecurity Is in a Sorry State

Lawfare's Jack Goldsmith believes that negotiation and diplomacy may be the best strategies for mitigating attacks.


There is a saying from 19th century strategist and military reformer Carl Von Clausewitz that “war is the continuation of politics by other means,” and in our digitally dependent age, it should not be surprising that an increasing amount of hostile activity is waged using digital weaponry and tactics.

Jack Goldsmith

From the admitted hacks of millions of Yahoo clients to the Democratic National Committee hacks this past election cycle, cyberwarfare and cybercrime are becoming an increasingly ubiquitous part of our modern life.

Such were the issues discussed by Jack Goldsmith, Henry L. Shattuck Professor of Law at Harvard, in a February 8 program at BC Law hosted by the Federalist Society. He summarized the fundamental strategic concerns posed by the rise of nonstate and state cyberwarfare, as well as possible avenues of mitigation and response.

A fellow at the Hoover Institution and co-founder of the national security and legal website Lawfare, Goldsmith focused on the legal and cybersecurity issues facing the government and why, as he put it, “the government is in a big pickle and why we should expect these cyberattacks to only increase in the future.”

Goldsmith took issue with the government’s slowness to respond to the emerging threat. “For the past two-and-a-half decades, there have been studies warning of the theory of cyberwarfare and drawing attention to America’s increasing cybervulnerability,” he said. “But for 18 of those years, many in the government saw these reports and studies as crying wolf, because nothing seemed to be happening at the time.”

This complacency, he argued, “significantly harmed the US government’s ability to counter attacks that have adversely affected its interests, even extremely simple attacks such as the version of the common phishing scam that led to the DNC hacked emails.”

Over the past decade, cyberattacks against classified government information have been relentless, Goldsmith said, and even though they haven’t often risen to the level of what in a conventional attack would be deemed a hostile provocation, their effect is perhaps more dangerous.

Common strategies used by national security experts to respond to threats are not working adequately. That’s because, Goldsmith explained, “in the context of the complexity of computer software, and the interactions between various types of software and hardware, computers generate plenty of exploitable vulnerabilities that often do not require a large amount of sophistication to take advantage of.” In other words, in the realm of cyberwarfare, offense has a serious advantage over defense.

Furthermore, he said, matters of critical importance, such as cyberdiplomacy and mutual cooperation between allies and adversaries, “just haven’t been on the radar of most national security specialists in the government.” Yet, he believes those strategies have the greatest chance for decreasing the seemingly unstoppable tide of confidential breaches.

“As a highly developed, aggressive, and very digitally dependent nation, we are handicapped by our inability to properly escalate our own cyberoffensives without provoking attacks of potentially even greater devastation, even to our fundamental ability to defend ourselves conventionally,” Goldsmith said.

In essence, he concluded, since we cannot escalate without inviting worse outcomes, we must try negotiation and diplomacy with our potential adversaries.