The U.S. has incomparable resources, but it may never be as strong as it is in cyberspace as it is today. Cyber power may be a particularly ephemeral form of power. China is developing new competing technologies. India, Europe, and other friends hold different visions of how to manage the Internet and protect privacy. The gap between the interests of American technology companies such as Google, Apple, Facebook and Amazon and Washington is growing. The global, open Internet, a wellspring of U.S. economic, political, and military power, is fragmenting as Beijing, Moscow, Tehran and many others are assert cyber sovereignty.
Some of this loss of power is unavoidable, the result of demographics as the center of gravity for Internet users shifts rapidly from the developed to the developing world. China now has close to 670 million Internet users; India has more than 350 million and will pass 500 million in 2017. (In comparison, the U.S. currently has more than 300 million Internet users.) Some of the diminishment of power stems from the logic of international politics, from competitors that seek to balance U.S. power. And some of it is self-inflicted. The documents revealed by the NSA contractor Edward Snowden suggest the U.S. pursued massive amounts of data in service of defending itself from terrorist attacks but at the expense of other diplomatic, economic and national security interests.
Policymakers and politicians have been slow to understand the threat. This myopia is partly the result of American Internet exceptionalism, a sense that the U.S. has a unique, beneficent role in cyberspace. This was not an outlandish view, given the U.S.’ history in creating the Internet and overseeing its global expansion. But this exceptionalism not only led to an exaggerated sense of U.S. power and influence but also blinded decision makers as to how other countries defined their own interests and interpreted U.S. actions.
It also left policymakers ill-prepared for the technology communities’ reaction to the Snowden disclosures. As story after story emerged alleging that the NSA undermined encryption, hacked into cables carrying the data of U.S. companies, placed implants and beacons in servers and routers, and generally weakened Internet security, Washington struggled to find its feet. Most of the national security justifications offered for the intelligence agency’s actions, such as breaking up terrorist plots, seemed unsubstantiated or rang hollow. Policymakers failed to comprehend the depth of Silicon Valley’s anger.
The challenges of cyberspace are both familiar—other states will pursue policies that limit U.S. power and influence—and unconventional—criminals and terrorist hackers may exploit unexpected and unknown vulnerabilities in networks to wreak damage and destruction. Policymakers, military officials, and diplomates will lose their sense of strategic stability, predictability, and control while gaining new tools of coercion and a wider legitimacy for digital policy.
In order to address the challenges, the U.S. must at least accomplish three things: enhance cybersecurity defense at home, create a working truce between the government and the private sector, and build a coalition of like-minded countries in the international sphere. Washington will have to funnel new money to research, development and innovation in cybersecurity; forge agreements with the private sector on the sharing of data; and, with its friends in Europe and Asia, clearly define what behaviors are acceptable in cyberspace and how it plans to respond if lines are crossed. The U.S. will have to be more limited in its ambitions but more assertive in their pursuit. While it should continue to promote and espouse the virtues of an open, global, and secure Internet, the U.S. must prepare for a more likely future—a highly contested, nationally divided cyberspace.