Of the thirty contingencies included in this year’s Preventive Priorities Survey, a highly disruptive cyberattack on U.S. critical infrastructure and networks was assessed as a top tier priority for the United States in 2019. The contingency was assessed to be moderately likely to occur and, if it did, of having a high impact on U.S. interests.
In the lead-up to the 2018 mid-term elections, concerns over election interference via cyber means ran high. Fortunately, protection measures undertaken by state and local officials, as well as the private sector, in advance of the elections guarded against major cyber intrusions. Analysts have argued for years, however, that the United States is vulnerable to cyberattacks—particularly on the power grid, financial networks, or election infrastructure—and attempts to hack or seize control of networks appear to be on the rise.
Because offensive cyber capabilities provide an asymmetric advantage to potential attackers who may not have the capacity—or desire—to launch a conventional attack against the United States, these tools can provide states like China, Iran, North Korea, and Russia with the ability to seriously disrupt the U.S. economy, government, and services. Building on the work of previous administrations, the Donald J. Trump administration released a national cyber strategy in 2018. However, while the document called attention to the vulnerability of the United States to cyberattacks, it did not provide detail on how exactly the United States would respond to such an attack.
As tools for cyberattacks proliferate, the United States will remain vulnerable to a serious attack on its infrastructure and networks. Conducting joint exercises and practicing responses to attacks will help U.S. companies and the government respond to these attacks quickly, but by indicating a willingness to go on the offensive itself, the United States may be inviting escalatory measures—and it may not be ready to face the consequences.
The Preventive Priorities Survey was conducted in November 2018, and reflects the expert opinion of respondents at that time. As such, it should be viewed as a snapshot assessment. Recognizing this, CPA tracks ongoing conflicts with our Global Conflict Tracker. For a database of publicly known state-sponsored cyber incidents since 2005, see CFR’s Cyber Operations Tracker.
View the full Preventive Priorities Survey to see which other contingencies were deemed top tier priorities for 2019.
About the Preventive Priorities Survey
Since 2008, the Council on Foreign Relations’ Center for Preventive Action (CPA) has conducted an annual survey of foreign policy experts for their collective assessments on contingencies that represent the greatest risk to U.S. interests. This year, CPA began soliciting contingencies in October 2018, narrowing down a list of possible conflicts from nearly one thousand suggestions to thirty contingencies deemed likely and potentially harmful to U.S. interests. In early November, CPA sent the survey to over six thousand experts and received about five hundred responses. The survey results were scored according to their rankings and the contingencies were sorted into one of three preventive priority tiers (I, II, III) according to their placement on CPA’s risk assessment matrix.