Cyberconflict right now, at this very moment, is like this airplane. It was the first military airplane that was ever built — back in 1909. But in just a few decades, planes would be capable of destroying entire cities. Right, so when we talk about cyberweapons, we’re still basically in 1909. “That’s why you have to have some humility about what’s going to happen in the world of cyberconflict.” David, here, is a national security correspondent for The Times, and he’s written a book about cyberconflict. It seems like we’re hearing more and more — “One of the worst cyberattacks ever.” — about state-sponsored cyberattacks. “Occasionally, there are going to be breaches like this.” “And this weapon will not be put back into the box.” “We have more to lose than any other nation on earth.” So, we really wanted to find out just how bad things are. And how bad they could get. Should we be afraid? “Yes, you should be afraid, but not for the reason you think — not because somebody is going to come in and turn off all the power between Boston and Washington. You should be worried about the far more subtle uses of cyber.” For example, not an overt attack on U.S. troops, but instead, maybe hacking into military health records and switching around people’s blood types. It still causes havoc. “Think terrorism —” “About a third of the building has been blown away.” “— instead of full-scale war.” “Why do you call it the perfect weapon?” “Because it’s deniable. If you can’t figure out right away where the attack’s coming from, you can’t really retaliate.” Plus, you can fine-tune the strength of cyberattacks. You can make them just strong enough to do real damage, but not so strong that they trigger a military response. “It’s cheap compared to, say, nuclear weapons. You just need some twenty-somethings who are good at programming, a little bit of stolen code and maybe some Red Bull just to keep them awake during the night.” That’s why cyberweapons have only just begun to spread. “And cyber is the perfect weapon for a country that’s broke.” “And we can confirm that North Korea engaged in this attack.” Take that time North Korea hacked into Sony — “Because of a satirical movie starring Seth Rogen and James Flacco.” What if they didn’t have cyberweapons? “Maybe they would have landed some commandos at Long Beach, called an Uber, stuck some dynamite underneath the Sony computer center and run like hell.” So really, North Korea’s only option was to use cyberweapons. But it wouldn’t be so easy for the U.S. to hit North Korea’s cybernetworks. “They have fewer IP addresses — Internet Protocol addresses — in North Korea, than you have on any given block of New York City.” Still, we wanted to know who’s the best at cyberconflict. “Russia, China, Iran, they use it regularly to advance their political agendas. The Russians to disrupt, the Chinese frequently to steal information, the Iranians to show that they can reach the United States.” “How good or bad is the U.S. at this stuff?” “Among the very best at cyberoffense. The problem is that while we’re good at offense, we’re the most vulnerable in the defensive world because we’ve got so many networks that form such a big target. The United States has 6,200 cybersoldiers.” “Are these people sitting in military fatigues behind a computer?” “They are sitting in military fatigues behind a computer. But the Russian hackers, or the Chinese hackers, may not be in uniform. They may be in blue jeans. They are probably sitting at the beach somewhere — someplace that’s got a really good internet connection.” All this cyberconflict really kicked off in 2008. Right, that’s when the U.S. and Israel attacked Iranian nuclear facilities. “It was the most sophisticated use of cyber by one state against another, and it opened up the Pandora’s box.” And remember — it’s still only the beginning. “We haven’t seen a full-blown war, and we don’t know what one looks like.” “What’s the most challenging part about covering this beat?” “The hardest part about covering the state use of cyber, is the enormous secrecy that the U.S. government wraps around it. But we’ve hit the point where the secrecy has actually begun to impede our ability to deter attacks. Because others don’t understand what we can do to them, and what we’re willing to do to them. In other words, we’re not setting any red lines out there.”