Since Donald Trump’s upset victory in 2016, the topic of information warfare has dominated strategic conversations in the United States and Europe. New research programs focused on countering disinformation and identifying propaganda and bot networks have sprung up; congressional and parliamentary hearings and working groups have been convened on the topic; and news and social media companies have been refining their policies on dissemination of hacked and possibly fraudulent materials.
The expectation, clearly, is that we are now in an era of permanent infowar. And with U.S. intelligence agencies having firmly pointed the finger at Russia for its role in the 2016 election, the question has frequently been: Will other authoritarian countries follow the same playbook? Though the question has been raised with respect to any number of countries — Saudi Arabia, Iran, North Korea — the most pressing object of Western concern is China, whose resources are substantially greater than Russia’s and which has many more points of leverage thanks to its much higher degree of embeddedness in the global economy.
And yet there are reasons to be skeptical that the particular genre of information warfare that led to this upsurge of attention will be a defining feature of modern intrastate conflict.
To be clear: The evidence that the Russian military intelligence service did perpetrate the hack-and-dump operation targeting the Democratic Party using WikiLeaks as a front is very strong. The evidence that it affected the election is less so. That’s not to say that there was no effect; with the election decided by less than 80,000 votes across three states, especially given that many voters made up their minds at the last minute, it is impossible to write off the possibility that it was at least one of several contributing factors that pushed Trump over the top. But voters often don’t accurately remember which party they voted for, let alone their rationale for doing so. Accurately tracking down the cause of any particular vote is nearly impossible.
As a result, the attack has been attributed down to the level of federal indictments for the individual military intelligence operatives responsible, but no one knows whether it was effective or not.
And yet, the shock outcome generated a massive sea change in the prominence of counter-disinformation, once a relatively quiet subfield. And the language around it quickly merged into that of national defense: democracy under attack; war by other means; we need a national mobilization to respond.
The emphasis on defending against hack and leak operations has had some positive impacts. In France, Emmanuel Macron’s presidential campaign was prepared for an attempted hack and leak and immediately discredited the story. Meanwhile the reaction of news and social media to such attempts in the current U.S. presidential election has been considerably more skeptical than during the last one.
But those successes obscure a few broader issues — not least that an overemphasis on foreign electoral interference can serve to obscure more meaningful domestic and structural problems.
For one thing, the measures taken to prevent or mitigate foreign electoral interference are shaped by the known instances of hacking, and particularly by the discourse around those instances. But the particulars of those cases are not remotely close to the potential boundaries of information warfare. Hacking and leaking emails might have worked in 2016, but if anything has generated diminishing returns since then. Is it credible that any disruptive power will keep throwing resources at a set of increasingly ineffective tactics?
It is also worth considering that — as with diplomacy and strategic messaging at the international level — “our” perspective of what is possible, feasible or effective with information warfare is fundamentally different from those who actually carry out such operations against us. Building resilience and verification mechanisms into information dissemination systems is valuable because it increases the friction for any such operation; but assuming that all adversaries have the same basic motivation and will use similar tactics in similar ways will leave avoidable vulnerabilities.
Nor, as with conventional defense, should we assume that the greatest vulnerability is to new or emerging technologies, like AI “deepfakes.” Those do deserve attention, but if we are to treat information warfare as a national security threat, we should be guided by the numerous historical examples of defenses breached by innovative tactics rather than technical wizardry, from the Blitzkrieg to the Toyota War. After all, focusing on a silver bullet technology in the hands of an adversary is as short-sighted as hoping for one in your own.
None of this is to say that hacking and leaking aren’t real threats, or that disinformation and the effect that modern mass media has of shattering our shared sense of reality — unintentionally or otherwise — is a minor issue for democracy and governance. But we should apply the same heuristics as we do in other forms of risk management and not assume that the next threat will look exactly like the last one.