Cyber Pearl Harbor

More than seven decades after the fact, Pearl Harbor still holds a special grip on the American psyche.  Other surprises have had a worse tactical impact. The North Korean attack in the summer of 1950 almost pushed the US out of South Korea, launched a war that became a tactical draw, and locked us into a Cold War struggle that lasted 40 years and cost trillions of dollars. Other surprises have had worse strategic implications. The discovery of Soviet nuclear missiles in Cuba pushed us to the brink of nuclear war. But none of the other military or diplomatic surprises we have suffered has left a sense of outrage, helplessness and betrayal as powerful as that occasioned by those images of US flagged dreadnaughts, helpless and burning, in our home waters.

And so the remarks of the Secretary of Defense take on a special meaning when he talks of the danger of a “Cyber Pearl Harbor” in America’s future. Here is what Secretary Panetta said to Business Executives for National Security earlier this year: “destructive cyber-terrorist attack[s] could virtually paralyze the nation . . . They could, for example, derail passenger trains or even more dangerous, derail trains loaded with lethal chemicals. They could contaminate the water supply in major cities or shutdown the power grid across large parts of the country . . .  disable or degrade critical military systems and communication networks . . . The collective result of these kinds of attacks could be a cyber Pearl Harbor." http://www.defense.gov/transcripts/transcript.aspx?transcriptid=5136  .

But a cyber attack is not the same thing as a broad devastating physical attack (as with a nuclear weapon). Disruption might be great, but actual death and destruction would probably be minimal. And most of the critical infrastructure involved could eventually be repaired and returned to use. This has caused some critics to doubt the Pearl Harbor comparison. (for example, see John Arquilla at http://www.foreignpolicy.com/articles/2012/11/19/panettas_wrong_about_a_cyber_pearl_harbor  )

I think this criticism misses the nature and intent of the original Pearl Harbor attack. And so a short strategic review is in order. Starting in 1904.

Set on expanding their power in the Pacific, the Japanese decided to focus on Russian holdings in Manchuria. They first launched an attack on the Russian Pacific fleet at anchor at Port Arthur (in February of 1904 during diplomatic negotiations). After land and sea battles lasting more than a year in what we now call the Russo-Japanese War, the Russians sent their Baltic Fleet wheezing around Africa and across the Indian and Pacific Oceans, only to be almost entirely destroyed by the Japanese Fleet in the Battle of the Tsushima Straits. Unwilling to pay more for holdings so far from home, the Russians withdrew and accepted the new reality of Japan as a Pacific power.

The implications for the Japanese decision to attack Pearl Harbor 37 years later are obvious.  Their hope was not to destroy America, or even destroy American military power forever – but to present the Americans with a dilemma so expensive that they would accede to the Japanese intent. Could they hurt us so badly that we would pull back from threatening the Greater East Asia Co-Prosperity Sphere? Thus, the Pearl Harbor attack was, as Clausewitz famously said of all war, “the continuation of policy by other means.”

This is an important lesson to remember as we begin to banter about “Cyber War” as though we really understood its implications. Japan was wrong about the US will in 1941. But Pearl Harbor might have worked somewhere else sometime else against somebody else.

The goal of a cyber attack would presumably be the same. Catch us unawares and take out an element of critical infrastructure (electricity, water, banking and finance, petrochemicals, air travel, military response) in a way that inflicts enough pain to make the US reconsider a course of action. That happened to Estonia. It happened to Georgia (coupled with a ground attack). It has happened most recently to Israel. A Cyber Pearl Harbor need not be about destroying everything everywhere for all time. It could just be about destroying enough to influence our decisions and our power in the world. It might be, in the words of the Sec Def, ”an attack that would . . .  paralyze and shock the nation and create a new, profound sense of vulnerability.”

That is something worth worrying about. And worth acting to prevent.