National Security Agency director Mike Rogers said yesterday that he was constrained in combating Russian cyberattacks, and this sparked an overreaction.
And while President Trump should authorize more aggressive NSA action to disrupt Russian cyberwarfare activities, like his predecessor, Trump has one good excuse for not taking action.
Namely, keeping a secret weapon secret — retaining the top capabilities in reserve so that they can be employed to maximum effect should cyberwar ever occur.
First off, considering that the highest-end cyberespionage and counter-cyberespionage capabilities are highly innovative in their construction and action, the moment they are deployed, an adversary can learn from, adapt to, and appropriate those capabilities into action. This is additionally relevant in that the NSA retains the world’s most advanced cyber capabilities. As such, saving their use for any future crisis event such as a cyberwar offers the United States the greater confidence that it can win a rapid and decisive victory.
At the same time, were these tools to fall into the hands of an adversary, the consequences would be deeply unpleasant.
After all, where the U.S. would likely employ its tools against state intelligence and military structures, a foreign adversary such as Russia would have few qualms about using those tools against civilian targets. Indeed, the Russians and other states such as China, Iran and North Korea already target civilian interests. When it comes, for example, to threats against a hospital or air traffic control system, unintended use of NSA tools could be catastrophic. We need to hold our fire.
The phrase is “retained capabilities,” and the strategic conception of retained capabilities is also especially important in the post-Edward Snowden era.
With former NSA contractor Snowden and other hackers leaking highly guarded capabilities, NSA officials and political leaders have good reason to want to keep secret their newest capabilities. They fear that drawing any attention to their tool kit might risk new leaks and thus billions of dollars in lost investments and immeasurable national security damage.
Don’t misunderstand me. Ultimately, I believe that Trump should take more aggressive action against Russian cyberattacks. Nevertheless, retention of capabilities is a factor that defined President Obama’s cyber strategy and one that President Trump’s administration must also consider. It would thus be a gross misrepresentation to suggest that the only reason Trump is not taking greater action is because he is in Russia’s pocket.
