The phrase “cyber Pearl Harbor” has had a lasting impact on the public’s perception of cybersecurity threats. Coined by then-Secretary of Defense Leon Panetta a decade ago, the phrase was used to warn of dire future digital assaults on the United States. It was meant to convey the idea that critical infrastructure, transportation systems, and financial platforms were vulnerable to exploitation. The media, pundits, and politicians latched onto this phrase, along with others like “cyber 9/11” and “cyber Katrina,” to galvanize support for national efforts to address cybersecurity challenges.
However, some experts argue that the “cyber Pearl Harbor” narrative is misleading and does not accurately reflect the realities of global cyber conflict. They contend that the collapse of Western society due to digital disruption is highly unlikely, as such disruptions do not offer strategic utility to the most capable actors. These disruptions may occur sporadically, as seen in incidents like NotPetya, but they are unlikely to be as cataclysmic as the “Pearl Harbor” mnemonic implies. Instead, recent cyber conflicts in Ukraine and Israel, which were limited in scope and lacked a “cyber blitzkrieg,” are seen as more representative of future cyber conflicts.
In light of these arguments, the Department of Defense recently published its 2023 Cyber Strategy, which offers a more pragmatic approach to cybersecurity. Unlike previous strategies, the 2023 document does not present any major conceptual developments or radical reactionary takes on the war in Ukraine. Instead, it focuses on stability and finding balance between civilian, industry, and government efforts in the cyber domain. This marks a welcome evolution of the government’s perspective on cybersecurity challenges, bridging the gap between national cyber defense concerns and industry efforts to build a healthier cyber ecosystem.
The 2023 Cyber Strategy also aligns with the concept of “campaigning” outlined in the 2022 National Defense Strategy. This concept emphasizes the idea that national security and foreign policy objectives are achieved through sequential and cumulative activities across multiple domains of government and national capacity. It recognizes the need for collaboration and cooperation between military and non-military actors to address cybersecurity threats effectively. This includes aligning military activities with those that are strategically relevant to non-military actors, such as their interests, infrastructures, and capacities to impact international politics and commerce.
By highlighting the need for greater cross-sector consideration in national cyber defense, the 2023 Cyber Strategy aims to enhance public-private relations in the cybersecurity space. It acknowledges that most cybersecurity activities occur below the threshold of armed conflict between countries and urges delegation and co-reliance across public-private boundaries. This approach reflects a more practical understanding of the complex nature of cybersecurity and the importance of collective efforts to mitigate threats.
In conclusion, while the phrase “cyber Pearl Harbor” captured public attention and raised awareness about cybersecurity threats, it is important to view it in the context of the larger landscape of global cyber conflict. The recently published 2023 Cyber Strategy offers a more pragmatic approach to cybersecurity, focusing on stability, balance, and greater cross-sector consideration. By bridging the gap between government concerns and industry efforts, this strategy aims to build a healthier cyber ecosystem and enhance national cyber defense capabilities.