Zero_Days.jpgArts-Policy Risk & Security Technology 

“Zero Days” and the Need for Cyber Policy

By Lisa Thomson

“I guess we are kind of in a latent possibility for war.”

These are the words of film director Alex Gibney as he described the state of cyberwarfare—the subject of his new documentary, Zero Days.

Imagine a world where the U.S. government, in partnership with the Israeli government, could develop a computer code to control and explode centrifuges at an Iranian nuclear facility, and could do so without anyone being able to detect how it happened, or who did it. This is the world we live in and it’s one where nation-states are surveilling and attacking each other in times of peace without the public’s knowledge.

Welcome to the world of cyberwarfare: It’s shrouded in secrecy, has the potential to bring critical infrastructure and financial systems to their knees, and is barely publicly discussed.

The global threat of cyberwarfare and the lack of policy debates about how it should be carried out, particularly in the U.S. under the Obama administration, were the central themes of Gibney’s new documentary and a panel discussion hosted by New America following a recent screening.

Gibney was joined by national security experts Ian Wallace, Fred Kaplan, and Karen Greenberg to discuss the state of cybersecurity in the U.S.

One of the most telling moments of the film came early on. It was an extended montage of government and military officials from around the world declining—using a variety of creative phrases and coy facial expressions—to discuss the existence of Stuxnet. Stuxnet is the malware used by the U.S. and Israeli government to attack the Iranian nuclear facility.

Gibney said that when he started working on the film nobody wanted to talk about the malware; even friends who had been in the Obama administration wouldn’t speak off the record for fear of prosecution.

This reluctance to discuss Stuxnet speaks to the seeming contradiction inherent to the use of offensive cyber capabilities in a country governed by democracy that adheres to international norms and standards. Many in the U.S. argue that major public policy should be openly debated, but cyberwarfare requires a degree of secrecy in order to be effective and so has been carried out without much discussion. Furthermore, international norms governing cyberwarfare don’t yet exist.

Director of National Intelligence James Clapper said in a statement to the Senate Armed Services Committee last fall: “Numerous actors remain undeterred from conducting economic cyber espionage or perpetrating cyber attacks. The absence of universally accepted and enforceable norms of behavior in cyberspace has contributed to this situation…”

It’s this line between government transparency and secrecy that panel members agreed has been a hallmark of the Obama administration.

Obama is often criticized as being the president who has presided over the prosecution of more whistleblowers than all other presidents together. His administration also inherited a war in Iraq that was founded on the presentation of flawed intelligence, has handled the fallout of revelations from Wikileaks and Edward Snowden’s NSA files, and has witnessed the rise and proliferation of social media. Together these elements have fostered a public that now expects, and is comfortable demanding, more open debates regarding national security. The NSA files in particular have resulted in a more vocal call for government transparency over military, surveillance, and cyberwarfare policy.

The film and panel participants point to the absence of international cyber norms as a way for Obama to exercise his diplomatic and political dexterity in securing the Iran Nuclear Deal. Stuxnet was originally started under President George W. Bush, but it was Obama who was responsible for its reauthorization and acceleration—the use of which contradicts the oft-portrayed image of an Obama who is weak in the Middle East.

Ian Wallace, senior fellow and co-director of the Cybersecurity Initiative at New America, described an Obama who is determined to avoid bloody wars in the Middle East. He contended that Stuxnet has given Obama the chance to secure more time to get Iran to negotiate, a tactical use of malware he considers successful.

“I think what surprised me about this film was that it kind of shows both sides of Obama. The Obama who really wants to make a deal with Iran and who believes that’s the important and vital way to go. And yet at the same time has in his back pocket a very powerful and ruthless weapon that I think he’s prepared to use if Iran cheats. So there’s an aspect of Obama that is extremely steely-eyed even though he has been portrayed as weak,” said Gibney.

“We are just now beginning to think about the most basic questions that should have been propelling the weapon itself, but the technology came first and policy is way behind and everybody is in way over their heads,” said Fred Kaplan, author of Dark Territory: The Secret History of Cyber War.

As cybersecurity and espionage become ready barbs available to candidates during the U.S. presidential election, addressing international standards of engagement has become even more important. This need is highlighted all too well in Zero Days.



Lisa Thomson is an editorial assistant at World Policy Journal.

[Image courtesy of Colin. Image design by Jakob Sergei Weitz.]

Related posts