“My ambition behind the film was to set the table, to show the full picture of cybersecurity,” said filmmaker John Maggio when asked to summarize The Perfect Weapon, his latest production for HBO.
With the election less than two weeks away and reports of Iranian and Russian cyber activities in the news, it was a perfect time to discuss this much-anticipated documentary, which examines the past 15 years in cyber conflict.
Maggio, an Emmy award-winning director, made his remarks at a virtual panel event hosted by SIPA’s Tech & Policy Initiative on October 23. Joining him was the Pulitzer Prize winner and New York Times correspondent David E. Sanger, who authored the book that the film is based on. Also participating were Dean Merit E. Janow of SIPA and Jason Healey — a cybersecurity expert, former White House adviser, and senior research scholar at SIPA who is also featured in the documentary.
Drawing from the book, film, and their own expertise, the four panelists approached two of the most decisive questions in national (cyber) security: What has led to the escalation in cyber conflict over the last 15 years? And how do we mitigate current risks?
The 87-minute documentary had premiered on HBO just a week before the discussion. It provides an overview of the recent rise of cyber conflict as an unconstrained way in which nations now compete with and sabotage one another. Starting off from the Stuxnet attack on Iranian nuclear centrifuges in the late 2000s, the film explores the “cyber Wild West” where rules and red lines have yet to be drawn. Featuring major cyber incidents like the cyber-blackmail of the Sands casino company in Las Vegas, the 2014 Sony hack, and the Russian interference in the 2016 United States elections, the movie features cyber experts, victims, and state officials alike on screen.
It’s “not a film about ones and zeros; I wanted to put faces on it,” said Maggio, summarizing his cinematic approach to a topic that is usually depicted with green lines of code, shady rooms, and hoodie-veiled hacker faces.
To kick off the event, Janow asked the panelists whether the United States had opened a “Pandora’s box” of cyberspace when it targeted Iranian centrifuges in 2007—what the documentary called the “first step in cyber warfare.” Sanger responded that although the United States had been an offensive player in cyberspace long before adversaries entered the game, the world would likely look the same today whether or not the United States took the first step. This is because the benefits of a cyber attack greatly outweighs the costs, making it a perfect weapon for asymmetric warfare — and therefore, Sanger said, it was only a matter of time before some actor pulled the figurative trigger.
Assessing the cyber vulnerability around this year’s elections, Maggio emphasized that there are few conventions around cyber attacks, so responses are just as uncoordinated as the attacks are unprecedented. Sanger concurred and underlined a major vulnerability: “We don’t have the deterrence part figured out.”
One distinction between traditional warfare and cyber attacks, Sanger said, is that the latter occur below the threshold of an armed conflict, keeping state actors in a state of operations that is constantly “short of war.” Pondering about ways forward, he argued that U.S. secrecy around its cyber capabilities might have impeded adversaries’ deterrence. “We have gotten in our own way of sending signals of what we won’t tolerate,” he said.
As one possible solution, Sanger proposed that official documents would be unclassified by default and only classified as needed — the precise opposite of current practice.
In the concluding Q&A session, one question dominated — namely, where does this all end? Comparing cybersecurity with the changing role of air power between the 20th century's world wars, Sanger stated emphatically that cyber conflicts will not end but may yet normalize. “The question is, can we manage it?," he said. “So far, we’re not terribly good.”
As the panelists compared cinematic representation and real-world relevance, Healey mentioned Defrag: A Hacked Film Festival, a joint project of SIPA and Columbia's School of the Arts. Inviting experts to explain the mostly trivial but sometimes sophisticated techniques behind hacking movies, the annual event demystifies cyber attacks and seeks to explain of what many perceive as “computer magic.” One goal that Defrag, The Perfect Weapon, and last week’s panel have in common is to increase awareness of a full and realistic picture of cybersecurity as war rapidly shifts from boots on the ground to fingers on the keyboard.
—Louis Jarvers MPA ‘21
The Perfect Weapon: Panel at Columbia University