Heeding the Heretics
Robert Jordan Prescott
In January 2002, then Lieutenant Colonel John Nagl (U.S. Army) published a book on counterinsurgency entitled, “Learning to Eat Soup with a Knife”. Nagl’s book reopened the examination of counterinsurgency doctrine just as the United States military was beginning to cope with insurgencies, first in Iraq and then Afghanistan. Within a short five years, Nagl’s thesis of population-centric warfare became the basis for American counterinsurgency doctrine and new directions in American foreign policy.
In April 2010, former White House advisor Richard Clarke published a book on cyber-vulnerability titled, “Cyber War: The Next Threat to National Security and What to Do About It”. Clarke’s book identified the varied threats to America’s critical infrastructure and how the nation should respond just as revelations of hostile digital penetrations emerged daily. Two months later, media outlets reported on malware labeled Stuxnet that had penetrated and sabotaged industrial components of Iran’s nuclear weapons program. Two years later, the New York Times revealed Stuxnet was the product of American-Israeli collaboration and the first software purposely designed by one state to impair another state’s infrastructure.
Together, the concepts of counterinsurgency and cyber war have dominated the intellectual discourse of national security in the same manner containment and deterrence once did during the Cold War. Indeed, future historians may record how deeply the two concepts would influence the course of American foreign policy in the first decade of the twenty-first century. Historians might, however, also conclude how this influence was detrimental in that they jeopardized not only American national security, but the delicate balance between liberty and security. Had only rare contrarian voices been heeded.
As noted previously, Nagl was a key contributor to the landmark Army Field Manual 3-24 / Marine Corps Warfighting Publication 33.3.5: “Counterinsurgency”. The manual’s publication immediately prompted a widespread and energetic debate, specifically over the consequences of shift the emphasis of ground forces from conventional warfighting to stability operations and counterinsurgency tactics.
In this debate, Nagl’s principal foe is Colonel Gian Gentile (U.S. Army). Like Nagl, Gentile is a scholar and a veteran of the war in Iraq.
Gentile had been arguing counterinsurgency doctrine had dangerously demoted fighting and violence as critical ingredients in the war against insurgents. Moreover, Gentile additionally warned the rush to embrace counterinsurgency doctrine had foreclosed debate on the broader question of strategy: “[counterinsurgency] has morphed into a Weltanschauung of sorts, dictating how the Army should perceive and respond” to security problems around the world.
Unfortunately for Gentile, his arguments were eclipsed by the accolades showered on General David Petraeus for his purportedly successful application of counterinsurgency doctrine during the surge in Iraq. On the horizon was General Stanley McChrystal’s assignment to lead a parallel counterinsurgency surge in Afghanistan; expectations for success were similarly optimistic.
In the present day, the United States is no closer to victory in Afghanistan and the Army’s enthusiasm for counterinsurgency is markedly lower. Gentile, however, still worries the institutionalization of counterinsurgency will ultimately sacrifice combat capabilities for a nation-building force repeatedly deployed for ill-conceived interventions.
The Myth of the Counterinsurgency Narrative
For that reason, Gentile wrote Wrong Turn -- “to drive a stake through the heart of the notion that counterinsurgency has worked in the past and will therefore work in the future in whatever form it morphs into.”
Gentile prefaces his book by recalling his deployment to Iraq in 2006, the year when Al Qaeda bombed the Shia al-Askani mosque in Samarra, plunging the country into a bloody sectarian civil war. Gentile recounts daily IED attacks, patrolling past abandoned bodies in the streets, and witnessing firsthand a society torn apart by invasion and terrorism. Gentile noted he could not, for obvious reasons, provide comment on the draft counterinsurgency manual requested during that time.
When he finally returned home and began reviewing the manual, he found only “incongruities.” The manual’s proscriptions for conducting counterinsurgency contravened the reality of warfare. A historian, Gentile took upon himself the task of presenting the truth of counterinsurgency warfare and “expos[ing] the myth of the counterinsurgency narrative”.
In Wrong Turn, Gentile identifies two interdependent narratives at the heart of the counterinsurgency myth. First, a successful counterinsurgency entails the application of population-centric tactics. Second, a successful counterinsurgency is led by a “savior general” who succeeds by finally shifting the emphasis of the campaign from conventional firepower to population-centric tactics.
Gentile asserts the narratives merely had precedence, not evidence.
Gentile recounts how several historians in the 1980s and 1990s revisited the Army’s experience in Vietnam and concluded the war had would have been won -- if only the Army had adopted population-centric tactics earlier. Unfortunately, early leadership, as embodied by GEN William Westmoreland, had favored conventional tactics and a reversal of fortune was not possible until new leadership, in the form of GEN Creighton Abrams, implemented counterinsurgency doctrine.
The assessment drew heavily on the characterization of the British experience in Malaya. In these historians’ estimation, as well as Nagl’s, the ineffectual British ground campaign had been rescued by a new general armed with counterinsurgency doctrine.
Gentile addresses these arguments directly. In successive chapters on Malaya, Vietnam, and Iraq, Gentile methodically reviews the corresponding evidence and deconstructs the aforementioned narratives.
Regarding the failure to apply counterinsurgency doctrine, Gentile discusses how the British and Americans did employ population-centric tactics as a component of their military campaigns.
- In Malaya, the British undertook resettlement to physically separate the population from the insurgents, in conjunction with large unit sweeps.
- Similarly, in Vietnam, the United States focused on rural pacification, in concert with search and destroy operations.
- In Iraq, American forces worked to re-establish local governance after overthrowing the Hussein regime, while simultaneously mobilizing against various insurgent groups.
As Gentile notes, Britain and the United States understood the criticality of protecting the population, but did not pursue it to the detriment of defeating insurgents with conventional firepower.
Regarding the importance of new military leadership shifting course, Gentile describes how the various “savior generals” actually continued operational frameworks established by their predecessors.
- In Malaya, Gerald Templer succeeded Harold Briggs; the latter had initiated conventional operations against the insurgents and resettlement of the population. Templer continued Briggs’s approach while adding a new emphasis on building up local police forces – Templer could do so, in part, because Briggs’s reorganization of command and intelligence structures prior to his departure had enhanced Templer’s authority.
- In Vietnam, William Westmoreland had conceived the dual approach of “search and destroy” coupled with pacification. When Creighton Abrams took over, he re-affirmed this “one war” approach and issued guidance indicating American forces would continue conventional tactics employed to date.
- In Iraq, David Petraeus succeeded George Casey and credited the reduction in violence to the surge of additional forces employing population-centric tactics. However, Gentile has long argued other developments reduced violence, specifically the Anbar Awakening, the coinciding intra-Shia ceasefire, and sectarian communities physically segregating themselves in response to the bloodshed. To this end, Gentile references new data showing how violence between 2005 and 2007 had peaked in December 2006 and then declined a third by February 2007, when Petraeus assumed command. (At the height of the surge, Gentile notes the number of Iraqi deaths caused by American firepower tripled.) More pointedly, Gentile cites LT COL Douglas Ollivant, an operational planner during the surge who credited Casey with initiating the methods that contributed to the reduction in violence.
In each case, the evidence confirms continuity throughout the campaign; any change was a change in degree, not kind.
Shattering the Myth: Afghanistan
By the time Wrong Turn turns to Afghanistan, the reader already intuits how Gentile will explain General McChrystal’s appointment was to be less momentous than initially depicted.
Since 2002, the United States had been committing extensive resources to reconstruct Afghanistan. After quickly ejecting the Taliban and shifting resources to Iraq, American forces worked diligently, dispensing aid, building hospitals, opening schools, and guarding civilian Provincial Reconstruction Teams fanning out across the country. Gentile reports, between 2002 and 2011, expenditures to defeat the Taliban and reconstruct Afghanistan totaled approximately $442 billion -- $90 billion during the quiet period from 2002 to 2006 and $352 billion between 2006 and 2011 when the Bush and Obama Administrations devoted more attention to the country.
In June 2008, General David McKiernan assumed command over an augmented force. McKiernan -- like Briggs, Westmoreland, and Casey -- had emphasized defeating the insurgency as well as protecting the population. McKiernan, Gentile writes, was the “consummate counterinsurgency general” and quotes General Petraeus’s May 2009 testimony attesting to his leadership. Nevertheless, in June 2009, President Obama requested McKiernan’s resignation and named McChrystal his successor. DOD leadership and observers hailed McChrystal’s appointment as a game-changer, but his arrival changed little. McChrystal adjusted some tactics but his impact was minimal; one independent source documented how violence only increased between 2009 and 2011, noting the Taliban’s resurgence was not arrested. (The same source also castigated American and European leadership for inaccurately portraying the situation.)
Gentile punctuates the matter by revisiting an American unit’s destruction of Tarok Kolache in 2010. For ostensible counterinsurgency purposes – severing the link between the insurgents and the population – the unit leveled the Afghan village. The episode was an eerie echo of Vietnam, when American forces ingloriously “destroy[ed] Ben Tre to save it.”
In each example, Gentile conducted a voluminous review of primary sources -- directives, memos, diaries, letters, meeting minutes, and interviews -- including the perspectives of the adversaries. In Malaya, Gentile reviews how the communist insurgency leader, Chin Peng, had confessed his frustration with Briggs’s plan and had to adjust the tactics, all before Templer had arrived. In Vietnam, Viet Cong fighters noted pacification may have failed, but conventional firepower had succeeded in severing the link between the insurgents and the population -- because the latter had to flee. In Iraq, locals credited the Awakening with reducing violence, not the surge or employment of counterinsurgency tactics; an Al Qaeda defector asserted the same.
The myth shattered, Gentile proclaims counterinsurgency is as it has always been and always will be: “brutal industrialized warfare.”
At the opposite end is the pristine digital battlespace of cyber warfare.
As noted above, Clarke is a prominent proponent of preparing for an imminent cyber war and he is hardly alone. President Obama has authorized offensive cyber operations and numerous national security principals have warned of cyber “Pearl Harbor” and “9/11” equivalents.
Mirroring the rapid transformation unleashed by information network technologies, the cyber war thesis has attained considerable acceptable. Faced with a steep technical learning curve, national security professionals have more or less ceded the debate to advocates, as dissent has been minimal. In general, skeptics deliberate on aspects of the thesis, but not the assumptions, and will only concede the debate is inconclusive.
In this debate, German scholar Thomas Rid has finally stepped forward with a meticulous deconstruction of the cyber war thesis.
No Violence, No Warfare
Right from the outset, Rid knocks out the thesis’s foundation: “most cyber attacks are not violent and cannot sensibly be understood as a form of violent action.” Cyber attacks are less direct physically, emotionally, symbolically, and accordingly, instrumentally. Code can be “weaponized,” but it cannot cause physical or psychological trauma, cannot be brandished, and cannot compel allegiance. Cyber attacks cannot simply accomplish to the same degree what real-world violence can: the undermining of interpersonal trust and the collective social cohesion between the government and governed.
Alternatively, Rid explains cyber attacks are appropriately categorized as sabotage, espionage, and subversion.
Regarding sabotage, Rid reminds the reader that sabotage targets infrastructure, not humans. As such, sabotage can be accomplished in degrees ranging from disruption through disablement to destruction. In examples of cyber sabotage to date, Rid notes the consequence has primarily been disruption. Israel may have employed a cyber attack in its strike on the latter’s covert nuclear reactor, but the cyber package only disabled Syrian air defenses; Israeli missiles destroyed the site.
Rid acknowledges industrial control systems are inviting targets for cyber saboteurs, but he highlights several caveats. Industrial control systems are old, are being secured more and more, and, most importantly, labyrinthine systems administered by individuals well-versed in their complexity. Thus, any successful cyber sabotage would depend on a knowledgeable insider. To accomplish a worst-case cyber sabotage of an industrial control system, an adversary would have to identify such an insider and then induce (or compel) him or her to facilitate the attack, a difficult if not improbable prerequisite.
Regarding espionage, Rid readily acknowledges networked data systems have greatly facilitated the cyber collection and theft of proprietary and classified information. As documented in an ever increasing number of incidents, massive amounts of computer-based information can be transferred effortlessly.
Nonetheless, Rid notes that successfully breaching network defenses still depends on exploiting a targeted individual’s credulity. Moreover, once data have been successfully extracted, the perpetrator still lacks the data’s context and sophistication only the authors and users possess. As with sabotage, an adversary would have to first identify, and then induce (or compel) an informant to help decipher the stolen information, another problematic requirement.
Regarding subversion, Rid again readily concedes cyberspace has greatly increased opportunities for individuals and groups to subvert established orders. The most prominent examples include the Occupy and Arab Spring protesters who relied extensively on social media technologies to organize. Rid contends such movements, while emblematic of what’s possible, have already demonstrated the limitations of cyber-based dissidence. Rid reviews how virtual movements can collapse as easily as they begin because a networked group has no means to discipline its members and these members decide their own level of participation. Without sustained commitment, online insurgents can incite memorable outbursts, only to quickly disappear from the scene.
In this regard, Rid’s observation underscores an important distinction between the Occupy and Arab Spring movements. The former did not pose an existential threat to regimes whereas the latter did, principally because the former took place in a democracy whereas the latter occurred in a dictatorship. Successful subversion depends on undermining trust and democracies, by their nature, have mechanisms to convert dissent into the basis for new trust relationships; dictatorships do not and the attempt to suppress dissent only sustains the movement’s commitment until defeated or successful. In short, dictatorships have more to worry about cyber subversion than democracies.
After elaborating on these three categories, Rid examines a critical matter that concerns many national security professionals -- attribution.
Rid admits attribution is difficult and, regardless of advances in online forensic capabilities, observers should recognize assertions of traceability are bounded by the difference between evidence and intelligence. The former, of course, must be airtight to obtain the desired verdict, whereas the latter need only be necessary and sufficient to persuade a decision-maker to act. On this sliding scale, attribution then becomes a function of the attack’s severity and what assumptions the victim has about the likeliest perpetrators and their motives. Thus, if Iran discovers the industrial control systems running its nuclear centrifuges have been the subject of a cyber attack, then incontestable attribution will be difficult, but its leadership will probably be persuaded, on minimal evidence, that the perpetrators can be reasonably narrowed to one or two or both of its principal enemies. In brief, no matter how well a cyber aggressor conceals his identity, the harsher the attack, the more he must be prepared for a military response.
Halting the Hype: Stuxnet
After comprehensively identifying the relevant theoretical constructs and reviewing the evidence, Rid puts forward the converse: the cyber realm does not abet violence, it abets non-violence. If the Stuxnet attacks, a vaunted cyber-Hiroshima, did not provoke an American-Israeli-Iranian war, then what will?
Accordingly, the following corollary emerges. The use of cyber force is simply not as credible, much less effective, as the deployment and use of tangible conventional forces. In the aftermath of Stuxnet, Iran has surely taken steps to close the vulnerabilities exploited by the software as well as any other security shortcomings. The United States is very capable of developing even more potent weaponized code, but, without complete confidence the software will be delivered and achieve the desired results, would decision-makers choose to rely on it as part of an ultimatum? To be direct, to which form of deterrence do American decision-makers think Iran will respond -- threat of another Stuxnet attack or the deployment of carrier strike groups in the Persian Gulf and ground forces along its border?
In the end, Rid demonstrates how the specter of cyber war is merely hype. Rid laments the only “warlike” aspect of cyber aggression is the debate. Elected officials and policymakers have been unceasing in their insistence that cyber war is imminent and that aggressors are decisively advantaged, yet they have rarely paused to recognize what considerable resources and capabilities the United States already has at its disposal. More pointedly, for all the frenzied discussion of vulnerabilities, American leadership has rarely convened public and private stakeholders to systematically examine how to secure cyberspace. After all, if evidence shows countries and companies alike have been resilient in the face of unrelenting cyber attacks, then how difficult would it be for the United States to erect cyber defenses?
Distinct Appraisals of Conflict
Independently, each book should be required reading for national security professionals and military servicemembers.
Wrong Turn acknowledges counterinsurgency doctrine may be shelved for the interim, but notes how modern American foreign policy invariably leans toward intervention and that the perennial impulse to rescue persecuted populations could resurrect this myth. Looking back one last time at Vietnam, Iraq, and Afghanistan and the ostensibly benevolent motives that prompted these interventions, Gentile argues some wars should not have been fought, not because of the tactics or the generals, but because of the “failed strategy and policy.”
Gentile warns, “we end up with the simplistic idea that the United States can intervene military to rebuild entire societies if the tactics are just right and the right general is put in charge. It is a recipe for perpetual war.”
Cyber War Will Not Take Place demonstrates how the elevation of cyber attacks to the realm of warfare will ultimately jeopardize security. Cyber war will intrigue elected officials and policymakers in the near term, but, as Rid notes, the debate allegedly welcomed by many has hardly progressed beyond urgent demands for more resources, more authorities, and more secrecy. Weaponized code can support sabotage, espionage, and subversion operations, but no more. If the depiction of Stuxnet as a “cyber Hiroshima” is accepted, then the United States will have been the only country in history to use nuclear and cyber weapons of mass destruction. In the case of the former, their use was justified after four years of war against an enemy that had attacked the United States and had helped close the war. The use of the latter occurred without a declaration of war or open conflict with Iran.
Either the United States is communicating it is ready to wage war against Iran now or it will only undertake those actions that it believes will not entail violence, an extremely risky proposition either way. After all, American leaders have not commented whether they expect Iranian retaliation, but they have made clear a major cyber attack on America will be answered with conventional forces. Why expect less from Iran or other future victims of American cyber attacks?
If, as Rid demonstrates, weaponized code actually facilitates non-violent aggression, then what justification would the victim have for a violent response? As Rid makes evident, weaponizing code will not bring about war -- the misguided readiness to wage a chimerical “cyber war” will.
Complementary Critiques of National Security Priorities
At first glance, the two books examine divergent aspects of warfare. One revisits the challenges of jungle canopies and desert landscapes while the other examines the particularities of broadband byways connecting cyberspace. Nevertheless, the two books converge by manifesting how the United States has misjudged contemporary security challenges and has jeopardized treasured liberties in the process.
For all the debate as to whether the Army should focus on defeating insurgents or re-establishing local governance, Wrong Turn shows how no cosmetic reformulation of military doctrine or single officer will rescue a misconceived strategy. Furthermore, the debate obscures how successive Administrations embraced covert and clandestine mechanisms as the preferred instruments for waging war against insurgents.
The original surge did not occur in Iraq under Petraeus in 2007, it occurred on paper immediately after the September 11, 2001 attacks whereupon the Department of Defense (DOD) directed increased manpower, resources, and responsibilities to Special Operations Command (SOCOM).
As reported by the Center for Strategic and Budgetary Assessments, DOD raised SOCOM’s end strength from 38,000 in 2001 to 63,000 in 2012, or by 68 percent. Similarly, DOD increased SOCOM’s budget from $2.3 billion in Fiscal Year 2001 to approximately $10.4 billion in FY 2013. Prior to 2001, approximately 2,000 special operations forces were deployed annually overseas; since 2001, the number was approximately 12,000 on an annual basis.
Lieutenant Colonel Nagl himself has spoken positively of their deployment, characterizing the Joint Special Operations Command, the entity responsible for killing Osama bin Laden in May 2011, as a veritable “industrial-scale counterterrorism killing machine.” As described in The Command, “The JSOC is the secret army of the president of the United States.”
During the same period, the Central Intelligence Agency (CIA) began employing remotely piloted vehicles (drones) against suspected insurgents and terrorists.
During the first half of the Obama Administration’s first term, the president and his national security team moved to further integrate JSOC operations with those of the CIA. In contrast to George W. Bush, President Barack Obama took responsibility for authorizing JSOC and CIA operations against targeted individuals. Additionally, the Obama Administration greatly expanded the use of drone strikes, primarily in Pakistan, Yemen, and elsewhere.
In February 2013, NBC News obtained a copy of an undated Department of Justice memo entitled "Lawfulness of a Lethal Operation Directed Against a U.S. Citizen who is a Senior Operational Leader of Al Qa’ida or An Associated Force." This memo, a summary of still-classified legal analyses, elaborates on the basis employed by the Administration for conducting operations against American citizens if they are believed to be “senior operational leaders” of al-Qa’ida or “an associated force” -- even if there is no intelligence indicating they are engaged in an active plot to attack the U.S. According to this memo, the U.S. Government can kill an American citizen who is "continually planning attacks" for al Qaeda when an "informed, high-ranking" official decides that the target "poses an imminent threat" and capture is "infeasible."
At the same time, Cyber War Will Not Take Place explains how launching a cyber attack is to undermine information, communications, and relationships, with the cumulative deleterious effect on trust. Except, the American government has not targeted just the enemy. In all the alarm over how the country should cope with a seemingly infinite number of cyber threats and vulnerabilities, successive Administrations have dedicated substantial resources to monitoring and decrypting the American people’s various communications.
Based on documentation leaked by former intelligence contractor, Edward Snowden, the United States expended approximately $500 billion on national intelligence since the 2001 terrorist attacks. The Fiscal Year 2014 request totaled $52.2 billion, a 2.4 percent reduction from Fiscal Year 2012, but this amount, in constant year dollars, is approximately twice the estimated level of the Fiscal Year 2001 budget and 25 percent above the Fiscal Year 2006 budget.
The entity responsible for monitoring and decrypting foreign communication is the National Security Agency (NSA). The documentation revealed the NSA had been collecting and archiving the metadata of Americans’ telephone communications and online habits, attempting to break encryption protocols, and intercepting the communications of allied foreign leaders and their citizens.
The documentation also revealed the NSA has the authority under Section 702 of the FISA Amendments Act to target the communications of foreign targets; approved in 2011, the authority allows the communications of Americans in direct contact with foreign targets to also be collected without a warrant.
Most importantly, however, the authority also allows the NSA to search individual Americans' communications using their name or other identifying information.
Priorities to the Extreme
In January 2010, the media reported that the Obama Administration had identified Anwar Al-Awlaki, an alleged leader of Al Qaeda on the Arabian Peninsula, for a counter-terrorist operation. On September 30, 2011, an American drone strike succeeded in killing Anwar al-Awlaki. Al-Awlaki was a U.S. citizen; he had been indicted but never brought to trial and the intelligence concerning his alleged activities has never been disclosed. On October 14, 2011, an American drone strike killed al-Awlaki's sixteen-year-old son, also a United States citizen. According to Nasser al-Awlaki, Anwar's father, the United States government has refused to explain why Abdulrahman was killed. and the U.S. Attorney General will only admit that Abdulrahman was not “specifically targeted."
In September 2013, NSA Director GEN Keith Alexander acknowledged in congressional testimony that twelve agency employees had abused surveillance capabilities to spy on personal acquaintances. In a quarter of the cases, the NSA only found out about the misconduct after the employee confessed. In seven cases, individuals guilty of abusing their powers resigned or retired before disciplinary action could be taken. Two civilian employees kept their jobs and their security clearance and received only a written warning. The abuses did not result in a single prosecution, even though more than half of the cases were referred to the Department of Justice. The associated documentation, a letter from the agency inspector general, listed only those that were investigated and substantiated by the office, raising the possibility that many more cases went undetected.
Since 2001, in battling insurgents and preparing to wage cyber aggression, the American government has instead proceeded with the surveillance and assassination of American citizens without due process.
The last linkage between Wrong Turn and Cyber War Will Not Take Place restates what has been timeless.
Gentile dismantles counterinsurgency theory of population-centric tactics by examining the evidence of large unit sweeps, search and destroy, resettlement, and pacification. Rid deconstructs evidence of cyber attacks by revisiting the theories of war, violence, and trust.
Between brutal industrialized warfare, strategy and policy, and the instrumentality of physical violence, Gentile and Rid evoke the dicta of Sun Tzu, Clausewitz, and Sherman: wars are meant to be won, wars are the extension of political objectives, and wars are episodes of hell on earth.
American leaders would be well served to remember accordingly.