Medieval

There's a phrase that is used when someone or some group reacts violently when they have been attacked and injured in some tangible way. The reaction is sometimes characterized as "... going medieval." The implication is that in medieval times an attack (no matter how small) on a country or kingdom was considered an affront that required an immediate and brutal response. Regardless of whether the response was proportionate or over the top, it did tend to discourage other attacks. It indicated that aggression has consequences.

Over the past few years, the West has suffered through a increasing number of state-sponsored cyberattacks directed at private entities and public institutions. The attacks are meant not so much to foster large scale damage as they are to probe. They invade privacy, steal intellectual property, acquire identities that can be used for criminal endeavors, and otherwise shake the public's trust in the ability of said private entities and public institutions to keep information safe.

Maybe it's time for the West to go medieval.

Andy Kessler comments:

The U.S. really needs a second-strike cyberweapons program. In December 2015 the Russians launched cyberattacks on Ukraine, shutting down three power plants (which ran on Windows PCs). The U.S. should have immediately flickered all the lights in Moscow, to show them we can. Meddle in our elections? Fill Russia’s VK social network with endless Beto O’Rourke dental videos—it’s only fair. When the Chinese stole plans for the F-35 stealth fighter from Lockheed , we should have made every traffic light in Shanghai blink red, announcing “Stop, Don’t Hack Us Again.” North Korea’s Sony hack? Scramble state-run TV signals in Pyongyang. They’ll get the message.

Is the U.S. capable of doing all this? It’s been less than a year since Army Gen. Paul Nakasone took over U.S. Cyber Command, or Cybercom in military speak. The group hasn’t announced much about what it’s doing. Is it a giant bureaucracy or an effective team within the military? A friend told me the story of a hacker who took down a Scandinavian country’s internet access for a day because someone annoyed him at a conference. Hire that guy! Let him wear camo and a Metallica T-shirt.

We need to develop an offensive deterrent. An I-hack for an I-hack. Maybe America has all these capabilities already. And of course, secrecy is important lest the other side patch its vulnerabilities. But as Dr. Strangelove lamented, “Of course, the whole point of a Doomsday Machine is lost, if you keep it a secret! Why didn’t you tell the world, eh?” The hack-a-week has got to stop.

Could a hack-for-hack cause things to escalate? Possibly. But our current approach of turning the other cheek, whining about internationally-sponsored hacks, and otherwise being passive certainly is not working.