Less than a year away from the 2020 general election, government efforts to protect the vote from foreign interference and cyberattacks are already underway.
New York Times national security correspondent David Sanger stopped by Reset to talk about his new book, The Perfect Weapon: War, Sabotage and Fear in the Cyber Age, which looks at how the rise of cyberweapons has transformed geopolitics.
On why cyber is the “the perfect weapon”
David Sanger: First: It's dirt cheap. So if the North Koreans can afford to do it, you've got to figure just about anybody can afford to do it. Second, it's still pretty stealthy. It's pretty hard to figure out exactly who was attacked. … The third thing about it is that it's very hard to deter. All the things we learned about deterrence in the nuclear age that kept us from blowing ourselves up and the Soviet Union up and so forth don't actually apply in the cyber world. There are simply too many players. Not many people had nuclear weapons. They belonged only to states. Cyber can be done by criminal groups. It can be done by terrorist groups. They can be done by states. They can be done by criminals who are working for the states on a freelance basis. And they can be done by teenagers.
On protecting the 2020 elections
Sanger: There's good news and bad news out here. The good news is that it's not that our radar was off in 2016. We hadn't even built a radar in 2016. ... We had no concept, astoundingly obvious as it seems now, about how vulnerable all of this is, that a foreign power that had done this in Ukraine and other places in the world would attempt to try this in the United States.
All of the major hacks that have hit the United States ... the one thing they all have in common is that no one saw them coming. Our intelligence on cyber so far in the major cyber attacks, the attacks on Sony that North Korea did, on the casinos and the banks that Iran did, the Russian … efforts to get into ... the electric grid, they all have one thing in common. ... We've predicted absolutely none of them. ... So what are we worried about in 2020? The things that we haven't seen yet.
On understanding what cyberwarfare could look like
Sanger: Part of our difficulty here is getting people to understand what the dangers are and that that danger is not necessarily the “Cyber Pearl Harbor” that shuts off all of the electricity from Boston to Chicago. It’s the low-level stuff that makes it hard to operate. It's changing data. If you got into the Pentagon's databases, you might try to go change the targeting of weapons, but it’d be a lot easier to get into the medical databases and just try to change everyone's blood type. And imagine the damage you could do there.
On how individuals can protect themselves from cyberattacks
Sanger: The good news is that people are doing more. I mean, you now get that six-digit code back from your bank to make sure it's you and so forth. It's possible to defeat those, but a lot of the small cybersecurity things we're doing, changing passwords, that kind of two-factor authentication, as they call it, that gets rid of 85% of the drive-by crime. But it's not going to protect you against a state. And the key change in the past decade is that cyber has become the primary way that states compete and undercut each other. … The second big factor is … that while we're getting better at cyber security, we are adding to our homes more web-connected devices, and … each one of them is another pathway in.
On disagreement within the U.S. government on how to use cyberweapons
Sanger: We haven't had much public discussion of it … we don't have agreement right now about how to go use it and we don't even have agreement about who's responsible when we fail to protect these weapons.
So the WannaCry attack that took out the British health care system was done by the North Koreans — the U.S. has gone out and declared that. What they haven't told you is that it was done by the North Koreans with code that was stolen from the NSA, published by a group called Shadow Brokers that we believe to be Russians and then reformatted and used against our allies. Now, if that had been a missile that got shot against our allies, someone would have been court martialed. But because it was a cyber weapon, no one took responsibility.
This interview has been edited for brevity and clarity. Click the “play” button to hear the entire conversation.