THE HILL | October 3, 2019
BY GEN. (RET) KEITH B. ALEXANDER AND JAMIL N. JAFFER, OPINION CONTRIBUTORS
The recent attack on Saudi Arabian oil facilities by Iran (and its proxies) highlights a growing conflict in the Middle East that has its roots in a failure of deterrence. The Iranian regime has undertaken terrorist attacks and engaged in highly destabilizing actions for more than four decades. The recent attacks bring into stark relief the fact that, over the past decade or so, our allied coalition has been unable to effectively deter or offset Iran’s increasingly bellicose activities.
We’ve tried tougher sanctions, which surely brought Iran to the negotiating table but didn’t address the full scope of Iran’s malign behavior. We tried bringing Iran into the economic community of nations, but as they began to sell more oil, we simultaneously watched them enable the chemical weapons massacre of civilians in Syria through the support of their Hezbollah proxy army.
And while other sanctions were in place, we saw the murder of hundreds of U.S. soldiers during the Iraq war by Iranian proxies, as well as the spate of destructive cyber attacks against our allies in the region from 2012 to the present. Having now seen these efforts at deterrence fail, it is critical that we undertake a new path, particularly if we are to avoid a larger conflict in the region.
To do so, we must work with our allies from the region and across the globe. President Trump started this process in the aftermath of the Saudi oil attacks. Once we’ve built a substantial coalition, we must make clear to Iran what actions will elicit a serious, forceful allied response. And then, if and when Iran crosses those clearly-established lines, we must – publicly and with decisive force – make Iran pay a significant price. Serious, assured consequences from a coalition are the only thing likely to truly deter the Iranian regime.
The core problem facing the Trump administration is that as the U.S. has increased pressure on Iran to force it back to the table towards more comprehensive nuclear deal – a position our allies recently have bought into – Iran has gotten much more aggressive. And while the administration has demonstrated its willingness to get tough – as the recent alleged cyber response to Iran’s downing of an American drone demonstrates – the Iranians continue to believe we won’t really extract a serious price for their behavior.
This is in part because the Iranians recognize that our nation is war-weary, having lost thousands of soldiers in Afghanistan and Iraq. And it is easy for us – protected as we are by two oceans and defended by a committed force of volunteer patriots who embody MacArthur’s notion of duty, honor, and country – to believe that pulling back from the world is appropriate. To do so, however, would ignore history.
We saw the horrific results of staying out of World War II for too long, and we saw the results of our effort to reap the “peace dividend” after the fall of the Soviet Union and before the 9/11 attacks. Our history is rife with examples of America waiting too long, focusing internally, while threats gathered abroad and eventually hit us at home.
Of course, our recent history with Iran also suggests to them that we might not be ready for a real fight. Every time the United States has sought to change Iranian behavior in recent years, Iran has lashed out against us and our allies. And each time, we’ve responded by taking limited action that hasn’t fundamentally altered the Iranian calculus. It is, therefore, no surprise that the Iranians continue to test our resolve with aggressive actions.
The question is not whether we ought to respond to this latest round of Iranian aggression, but how and when to respond and, specifically, whether to put our armed forces – those volunteer patriots – into the fight. To answer that question, the Trump administration rightly has been soliciting the views of our allies in the region and elsewhere. This effort is critical, because getting our allies to share the burden of – and even lead – any direct response to Iranian aggression in the Middle East is the best route to ensuring long-term success.
While all of this may seem obvious when it comes to physical attacks, we believe that this approach is just as important – if not more important – when it comes to cyber threats from Iran and others. For too long we have taken a pounding in cyberspace from Russia, China, Iran and North Korea, among others, with little forward response. Public reports – and recent action by Congress – suggest that dynamic is changing and the Trump administration is more willing than ever to take the fight to the enemy in cyberspace. This is a positive development.
As we’ve said previously in these pages, the United States must be prepared to aggressively defend ourselves against cyber threats in the modern era by both creating a real collective defense fabric between the public and private sector and by being postured to respond rapidly and decisively when the time comes.
The key lesson here for both physical and cyber attacks is simple: If we aren’t willing to impose real, serious and public consequences for bad acts by our enemies, we ought not be surprised when they get more aggressive. That aggression is likely to elicit a more significant response, potentially leading to a much larger conflict. Our goal is to avoid yet another war in the Middle East. To do so, we must continue the effort to build a strong coalition now, and must be prepared to enforce clear “red lines” going forward.
Gen. (Ret) Keith B. Alexander is the former director of the U.S. National Security Agency and the founding commander of United States Cyber Command. He currently serves as chairman and co-CEO of IronNet Cybersecurity, a startup technology company focused on network threat analytics and collective defense.
Jamil N. Jaffer is the former chief counsel of the Senate Foreign Relations Committee and a former associate counsel to President George W. Bush. He currently serves as vice president for strategy, partnerships and corporate development at IronNet Cybersecurity.