In the years immediately following 9/11, we scrambled to figure out what went wrong, and ultimately coined an expression “connect the dots” to describe what we were unable to see before the attacks. Connecting the dots has since become a key justification for increasing analysis budgets everywhere, all in the hopes of avoiding another tragedy by focusing on the “dots”, or details.
But this vision in our current geopolitical and multidomain reality is misguided. A far better use of time, capital and manpower is to understand and take action on the big picture – and this proverbial forest through the trees is what was (and still is) missing.
In nearly every pivotal crisis in our country’s history, the surprise attack shouldn’t have been a surprise at all. In every case, both the vulnerability and likelihood were right before our eyes, and targeted at domain-dominant industries. The attack on Pearl Harbor struck in the maritime domain, with the specific goal to thwart our ascendance to maritime dominance that once belonged to the British. The twin towers fell because of Al Qaeda’s cunning misuse of American aviation dominance and dependence. The common denominator to these attacks is that our adversaries have acted to prevent or manipulate Western capability and superiority. In today’s world, that means an attack on our space infrastructure, which embodies our 21st century domain advancement, is imminent.
The most likely attack vector against the United States’ space infrastructure is cyber. Certainly the easiest to perpetrate given the number of attack surfaces and least self-destructive due to its virtual nature, cyber threats are the “soft underbelly” to our space systems.
Recent space cyber-attacks in the Ukraine-Russia and Israeli-Hamas wars displayed vulnerabilities in some of these targeted systems. At the same time, US Representatives are voting if space should be designated as critical infrastructure, which regardless of outcome speaks to its measurable impact on everyday American life. Together, these trends reveal both the dependence on and the fragility of space capabilities in daily life and especially in wartime – and combined with the concerns of an ascendant China, make for a glaring vulnerability with an adversary eager to exploit it.
Long before Xi Jinping became China’s president a decade ago, there was the inevitable fear of conflict that came with China’s swift rise to economic and political power. What most policymakers had hoped for, a geopolitical stasis reinforced by economic dependencies, is not sustainable long-term. Hope is not a strategy, as the military so often quips; but neither is inaction.
What was missed (again) was the big picture: a new Communist party leader and his ultimate hegemonic ambitions for China. Over time, China has been slowly moving into position. It invested in the Belt and Road Initiative to erode global economic ties, formed literal islands in the South China sea to assert maritime control, set its economic engine to an ambitious and competent expansion into space, and forged alliances with countries at odds with Western democratic values – all in an effort to check American dominance.
China has been putting an advanced offensive cyber strategy into play, too, in order to render every sector of US dominance useless. I’ve confirmed personally with former colleagues in the Pentagon that Chinese cyber-attacks, including everything from emplacing bots into proprietary networks while aggregating and manipulating open, unclassified networks, is rampant – far worse than formally acknowledged to formal public affairs channels.
With our eyes open to the larger view of the threat landscape, we can now source responsibly to combat the threat. Those companies scaling commercially and offering technologies and tools to solve the problem could very well become attack vectors themselves if not secure – either in terms of physical supply chain or virtual cyber network – and simultaneously scale the cyber risk. To combat this problem, Deputy Secretary Hicks announced the Pentagon’s new initiative, “The Urgency to Innovate.” This is fine, but “mapping and debugging the DoD innovation ecosystem” will not solve the problem. It is time the Pentagon follows up from the White House Zero Trust Executive Order with an “encrypt everything,” zero-trust mentality and protocols as well. And do so by deploying commercial technology today rather than spending another billion dollars and 10 years to develop something that will be obsolete when fielded. Doing so will prevent the much feared catastrophic cyber space Pearl Harbor in our future.
The proverbial forest through the trees is clear: the dominant domain in which 21st century wars will be decided is cyberspace, and ensuring the security of this domain long into the future is nonnegotiable.
The details – the dots – and their connections matter. But without a big picture to guide our path, we’re shooting blind in an acquisition race with our adversaries at best and shooting ourselves in the foot at worst. We must zoom out occasionally to see the attack vectors and threat clearly, and refocus our priorities to defend and protect against future catastrophe.