ARGUMENT: Cyberspace spooksCovert Action, Espionage, and the Intelligence Contest in Cyberspace

In recent months, the world learned that China carried out an indiscriminate hack against Microsoft Exchange, while Russia hacked U.S. information technology firm SolarWinds and used cyber capabilities in an attempt to influence the 2020 U.S. presidential election. Michael Poznansky writes in War on the Rocks that the attacks raise important questions about how best to characterize these and other kinds of disruptive cyber events. One perspective that has gained considerable traction is that cyberspace is not primarily a warfighting domain where strategic theories involving deterrence and coercion reign supreme, but rather an intelligence contest centered on spies and spycraft.

Embracing this paradigm shift has significant implications. It affects how we think about a broad range of fundamental questions. How can the United States actually succeed in cyberspace? How might it fail? When should the United States compete hard and threaten retaliation? When should it show restraint?

In practice, however, the answers to these questions depend significantly on what kind of intelligence activity we are dealing with. Cyber operations focused on information acquisition (i.e., espionage) operate according to a different logic than those meant to exert influence or cause some effect (i.e., covert action). The intelligence contest concept in its current form does not explicitly grapple with these differences. But they are essential.

Understanding these nuances is critical to setting clear objectives that match what a given situation calls for. It also highlights potential trade-offs.

Responding to covert cyber operations with an espionage mindset, for example, may lead policymakers to exercise forbearance when they should instead be more assertive, and vice versa. Moreover, ambivalence about the goals of an operation, or confusion about what a particular operation is, has the potential to yield unwanted results.

The variety of Russian operations against the United States in recent months clearly illustrates the need for a more refined framework. The hack against SolarWinds, which compromised hundreds of Fortunate 500 companies and U.S. government agencies, appears to be a work of espionage. Their continued efforts to sow disinformation during U.S. elections, laid out in a recently declassified report from the director of national intelligence, was a work of covert action. While both are intelligence activities, the U.S. response should be tailored. Whereas bolstering resilience may be how we prevent another SolarWinds, signaling of some kind may be an appropriate response to election meddling and help set the parameters of “agreed competition” the United States can live with.

Poznansky concludes:

Cyberspace may be an intelligence contest among rivals, but all intelligence operations are not created equal. While cyber-enabled espionage and covert cyber operations both qualify as intelligence activities given their reliance on secrecy, and are therefore distinct from conventional warfare or diplomacy, they are also distinct in key ways from one another. Failing to appreciate these differences impedes our ability to understand the richness of cyber operations, underlying motivations, the prospect for signaling, and metrics of success.