And if democratic politicians are more vulnerable to the effects of leaks, democracies are also more likely to produce leakers to begin with. The legal protections individuals enjoy in the democratic states make it hard to deter this type of behavior—though as illustrated by the case of Chelsea Manning, who provided classified U.S. government documents to WikiLeaks in 2010, leakers can be prosecuted and jailed. (Edward Snowden, who leaked classified details of government surveillance programs to journalists, fled the U.S. before he could face prosecution.) But the cost of leaking in an autocratic society like Russia, where political opponents of Putin have been known to wind up dead, could be far higher, obviously posing a major disincentive.
Democracies, too, have used cyberattacks against non-democratic states. Perhaps the best known example is the use of StuxNet, the successful attack, most likely by the United States and Israel, involving a malicious computer worm that sabotaged an element of Iran’s nuclear program. Other countries with similar capabilities could be stealthily using them against their rivals. As a member of former President Barack Obama’s council of advisers on science and technology told me: “The internet is now fully weaponized.”
But, so far, the main political victims of cyberattackers have been leaders and public figures in democratic countries—especially the United States. And the United States is not the only democracy vulnerable to political cyberattacks. One of the conclusions of the intelligence community’s report on the 2016 election hacks points to a much broader implication: “We assess Moscow will apply lessons learned from its Putin-ordered campaign aimed at the U.S. presidential election to future influence efforts worldwide, including against U.S. allies and their election processes.”
With elections coming up in several European countries, the Kremlin might turn its attention to influencing outcomes that would benefit its national interests. From bolstering populist candidates who have vowed to leave the EU, to encouraging skepticism of NATO by global leaders (most notable, so far, being President Trump), to supporting candidates who would ease the economic sanctions imposed on Russia for its actions in Crimea, there are numerous incentives for Putin to interfere, and numerous ways in which he could do so. Indeed, Russian cyber meddling was longstanding practice in Europe before 2016, and France, Germany, and the Netherlands are facing cyberattacks ahead of their elections this year.
The question is: Why haven’t Western democracies made the necessary reforms to adapt to the threat? Why have they let countries like Russia get the upper hand, not in capabilities, but in practice? One answer is that democracies, by their very nature, hinge on checks and balances that limit the concentration of power and slow down governmental decisionmaking. While all bureaucracies, including those of authoritarian regimes, are slow-moving, Vladimir Putin or Xi Jinping surely are less encumbered by their laws and institutional constrains than their democratic counterparts.
Japan’s attack on Pearl Harbor in 1941 unleashed a massive American reaction. It remains to be seen what the reaction to America’s political cyber-Pearl Harbor will be—if any.