At the The New Cybersecurity Playbook, a panel on innovating and protecting the "digital frontier", one panelist brought a cold warrior approach to the proceedings. Steven Pifer, a Senior Fellow at the Brookings Institution and former Ambassador to Ukraine, advocated for deterrence as one path for protecting digital systems. For there to be cybersecurity deterrence, Pifer said there has to be the threat of retaliation.
"A company doesn't retaliate—they go to the police," Pifer told Thrival in a sit-down interview. "When you're talking about nation-states, where there is no law, there is a US doctrine which basically says that if you hit the United States or an ally with a nuclear weapon, you're probably going to have a pretty bad day."
Pifer sees none of this mentality in the cyber world, though it's possible some private sector actors have this sort of capability. Maybe some even hit back in retaliatory ways without saying so, though that's mere speculation.
"I'm a nuclear guy and what I can look at on the nuclear side is I can tell you the number of ballistic missile submarines, the number of deployed ICBMs and bombers," said Pifer. "And every year we test the missiles and exercise the bombers, so you can see there is a really potent retaliatory capability."
"My guess is that US offensive cyber capabilities are huge, but there is limited available detail out there I've seen, and there is no articulated policy," he added. "We never come out and say that these are the sorts of things that would generate a retaliatory response."
Pifer points to Russian meddling in the elections as a prime example of when retaliation would be ideal as far as cybersecurity is concerned. For him, this is not about relitigating the election results. Instead, he is worried about the chaos Russia sewed without a retaliatory US response.
"I still don't think there was sufficient retaliation, and I think the Russians will try something again," Pifer emphasized. "And there are reports that they were doing some things in France and Germany. And unless the Russians see that there is some price to be paid, they will keep doing this."
A possible response, according to Pifer, is the US government making known the financial corruption of Putin's administration. He recommends a thorough survey of our voting systems' cybersecurity. On top of that, he believes tech companies and the US government will need to look into Russian-purchased Facebook ads, as well as Russian-directed social media campaigns (see: the fake Blacktivist Twitter account) designed to introduce unrest into America's social fabric.
"The Russians would like to see division here," said Pifer. "And you can create confusion on a massive scale now with social media."
"Information that's bad can get a head start and you can never catch up with it," he added. "And the Russians are thinking of how to export that."