European officials worry about U.S. hawks starting a war in cyberspace

By: Rachel Marsden

MOSCOW — U.S. national security adviser John Bolton was in the United Arab Emirates last week for the implementation of a defense cooperation agreement between the two nations. Bolton and Abu Dhabi Crown Prince Mohammed bin Zayed, who’s also commander of the Emirati armed forces, have a long-shared obsession: Iran.

Speaking of mysterious damage done to some oil tankers in Emirati waters last month, Bolton said: “There is no doubt in anybody’s mind who is responsible for this, and it’s important that the leadership in Iran knows that we know.”

Actually, there’s doubt in a lot of people’s minds as to who is responsible for those attacks, which is why it would be nice if, for once, Bolton could provide skeptics with some reliable evidence. Bolton may not realize it, but he’s cried wolf so many times now that even some of the countries he considers to be his best geopolitical buddies are giving him the side-eye on matters of attack attribution.

Judging by Bolton’s Twitter account, he’s on a nickname basis with European allies. He gave France, Germany and the UK a shout-out last week, tweeting that it’s “always good to connect with our Quad partners.”

The Quads? There’s a name for the clique? Are we in a ’70s-era Broadway musical?

While Bolton may fancy himself John Travolta in a leather jacket leading a “T-Bird”-like gang of Western allies, France is expressing reservations about blindly following the sort of assessments Bolton often peddles.

The French are now zeroing in on the one place where Bolton may find it easiest to drum up a war: in the Matrix.

When Claire Landais, the French general secretary for defense and national security, testified at a French Senate commission inquiry on digital sovereignty last month, she remarked on the tendency of U.S. officials to “name and shame” attackers in the absence of reliable attribution. Landais also took issue with the Donald Trump-era policy of turning a blind eye to U.S.-backed private actors taking cyber retribution into their own hands.

“France is promoting internationally its vision,” Landais said, “according to which international law is applicable to cyberspace, and public attribution remains a political decision which is sovereign and cannot therefore be delegated to an international organization.”

It doesn’t sound as if France has much trust in U.S. cyber attribution, or any interest in going along with an international organization that relies on it.

“Faced with a growing cyber threat, some actors, mainly Americans, question the monopoly of states in the use of legitimate violence,” Landais said. “Based on a questionable interpretation of the right to self-defense in the cyberspace, which is not ours, they promote an offensive doctrine of response to attacks, allowing a response by the private actors themselves (“hack back”) that goes beyond the mere protection of their own information systems, allowing, for example, intrusions into the enemy systems to destroy them.”

Who might Landais be referencing when she refers to the U.S. encouraging rogue actors in cyberspace? In September 2018, the Trump administration announced a new national cyber strategy, fronted by none other than Bolton.

“We will identify, counter, disrupt, deter and degrade behavior in cyberspace that is destabilizing and contrary to our national interest,” Bolton said at the time.

How convenient: a realm with even fuzzier and more complex attribution to leverage as a pretext for starting new wars (possibly even via private-sector cyber-mercenaries) with whichever foreign entity Bolton and his likeminded war hawks choose.

As with more conventional warfare, the new U.S. cyber strategy involves trying to build an international coalition against those deemed to be bad actors. Judging from the cyber strategy report, the targets have already been identified: Russia, Iran, China and North Korea.

The French apparently aren’t willing to jump in with both feet and prefer to make assessments on a case by case basis — just as they declined to blindly join the coalition of the willing in Iraq.

Germany doesn’t seem keen on trusting U.S. assessments on cyber matters either. The Germans have resisted U.S. pressure to preemptively ban Chinese 5G network competitor Huawei from its market.

Huawei represents a significant threat to American competitors, and surely the German government recognizes this when assessing the credibility of warnings issued by the U.S. under a national-security pretext. After all, it wasn’t long ago that the Trump administration was labeling Canada as a national security threat in order to justify implementing tariffs on Canadian steel.

The abstract nature of the digital space coupled with the smoke and mirrors involved in attribution create a troubling blind spot — a loophole ripe for exploitation by anyone hell-bent on launching a new war.