Ready, Fire, Aim

 

This is why the United States is having so much negative reaction to strikes in everywhere from Libya to Afghanistan when civilians get killed while American pilots are bombing anti-aircraft sites or killing terrorist leaders.

This is what Cartwright has failed to recognize. The concept of "Ready, Fire, Aim" works no better in cyberspace than it does with real bullets. That's especially a problem in cyber-warfare; it's frequently impossible to know right away who is actually responsible for an attack. Unless the attacker makes a mistake or takes public credit for the attack, you almost never have any actual proof.

Even the attacks suspected to be the work of the Chinese military against U.S. interests haven't been proven, despite the fact that U.S. intelligence agencies are reasonably certain that's where they originate from. But even in a case where the source of attacks is clear, is Cartwright ready to have the military attack China? If so, how would he propose to do this? Would he drop a cruise missile on a Chinese military academy building on the off chance it was the source of an attack? Would he launch an all-out cyber-attack against China's army? And what would he do if China openly retaliates? This sounds like the start of a real war, not a cyber-war.

And worse yet, what if we're wrong? It's no secret that it's possible to have the evidence from a cyber-attack point to somewhere else. Suppose we analyze the cyber-attack that's hitting our critical infrastructure, determine that it's coming from, for example, China, when in reality it's not. It's simply that someone has made it seem that way. Are we willing to attack another nation's digital infrastructure based on that sort of evidence?

When I mentioned my service in the Navy in a recent column about the final flight of the space shuttle Atlantis, I made it clear that I've served in the military. In fact, I'm a retired Navy officer, and I recognize it's the duty of the military to protect the United States and its citizens against all enemies. But that doesn't mean that we should go off attacking people, organizations or nations (rogue or otherwise) on a whim, on the basis of assumptions or on guesses.

While Cartwright is correct in saying that people who attack the United States should suffer consequences, that only works when you can know with certainty who they are, and where they are. Otherwise, the only thing you're shooting is yourself-in the foot.