In this issue of précis, we continue to explore many of the global challenges facing the Biden administration. Scholars affiliated with the Center offer their advice to the US president on a range of policy issues, including arms control, cybersecurity, financial recovery, human displacement, and how to approach Iran and Russia.
Approaching Iran (Mahsa Rouhi)
Global human displacement crisis (Noora Lori)
Cybersecurity threats (Joel Brenner)
Financial recovery (David Singer)
Approaching Russia (Carol Saivetz)
Arms control, emerging technologies (Heather Williams)
Mahsa Rouhi, Research Fellow and Professor, National Defense University; and Research Affiliate, CIS
The analysis and conclusions presented by Rouhi are based on her individual research and do not necessarily represent the policies or perspectives of the National Defense University, the US Department of Defense, or the US Government.
President Biden made returning to the Iran nuclear deal a foreign policy objective for his administration. Following an initial stalemate over which side would move first, negotiations in Vienna began in May 2021, albeit without direct American participation, focusing on returning the US and Iran to compliance with the Joint Comprehensive Plan of Action (JCPOA). It became clear from the onset that there are fundamental challenges facing the negotiations ranging from scope of sanctions relief to domestic political constraints posed by Iran’s election. The election of Ebrahim Raisi, a hardline political figure with a nefarious human rights record, poses a major challenge to the future of nuclear negotiations. The talks are already stalled, and this may prove to be yet another missed opportunity in the history of US-Iran relations.
Raisi and his support base will likely assume a more transactional and compartmentalized approach in dealings with the US. The ideological underpinning of Iran’s hardline factions is centered around resistance to the US hegemony and deep mistrust of Washington. Their worldview is geared toward challenging US dominance and moving the international order towards multipolarity. Thus, Iran will likely continue to push back at the US through regional non-state actor partners that challenge US interests and presence in the Middle East.
What should President Biden expect from Tehran in this bid to re-instate the JCPOA? Over the past several years, Iran has been walking a fine line in taking escalatory measures, while refraining from crossing lines that could provoke a war. The Biden administration should expect a continuation of this approach. Under Raisi, it is likely that Tehran will test boundaries even further on the nuclear program, missile program, and regional issues under the assumption that the US is reluctant to start a war. Hardliners may be interested in building leverage/capabilities to secure best possible terms for sanctions relief as well as seizing the opportunity to strengthen the Quds forces as well as Iran’s regional strategic network.
Tehran's main interests will be in deals that can offer sanctions relief. It will be less interested in more comprehensive security agreements. Even if there is an agreement on a roadmap to revive the JCPOA, the US should expect that Iran will push boundaries on compliance. Iran also is unlikely to meaningfully engage in “follow-on talks” about other areas of contention such as missiles and regional stability issues. In response, the US should also adopt the more transactional approach while forcefully responding to Iran’s regional provocations like it has been doing in Iraq and Syria. The top priority for the Biden administration policy should be restricting Iran’s nuclear program. From there, the US could support initiatives led by regional states on a range of issues related to Afghanistan, Yemen, and Iraq.
Noora Lori, Assistant Professor of International Relations, Boston University; and Steering Group Member, Inter-University Committee on International Migration, CIS
Human displacement is growing exponentially, and the current structure of the international human rights framework is woefully inadequate for responding to current displacement levels, let alone future projections.
Existing international and domestic laws are designed to protect refugees on an individualized basis, but human displacement is increasingly driven by a range of structural forces (eg, conflict, climate change, and income inequality) that force people to move, even if they have not been individually persecuted. This means that a large proportion of displaced persons (including internally displaced persons) do not necessarily meet the statutory definition of a “refugee” as someone who is fleeing persecution “for reasons of race, religion, nationality, or membership of a particular social group or political opinion.” And the vast majority of people who might meet this definition are unable to attain asylum because “there are very few ‘humanitarian corridors’ providing a legal way for refugees to travel to a safe country and ask for asylum.” For 99% of refugees, one of the only ways of accessing asylum is to engage human traffickers and undertake increasingly dangerous journeys as “illegal” migrants.
Moreover, the countries that have some of the most robust refugee protections—like the United States—have also been at the forefront of erecting extraterritorial or “remote” border controls that are designed to interdict migrants before they can reach the territorial threshold of the state to be screened for asylum. While this migrant interdiction policy began under the Reagan administration, it has become an entrenched practice of the United States across administrations, and has also diffused to European states and Australia over the past four decades. This has created a “Catch-22” for refugees as “rich democracies are essentially telling them, ‘We will not kick you out if you come here. But we will not let you come here.’” Paradoxically, while states increasingly associate migrants with “security threats,” the current migration management approach directly pushes migrants into the hands of human smugglers. In other words, “the hardening of the border through new security practices is the source of the violence, not a response to it.
When faced with this current and future crisis, what should the Biden Administration do? I offer four policy recommendations:
1) The US and other advanced liberal democracies increasingly outsource migration enforcement to other states or non-state actors to deter migrants by pushing them out of their own territories or detaining them in offshore sites without due processes. Instead of focusing on cooperative deterrence, the US should increase inter-state cooperation on providing refugees with remote asylum-screenings and durable resettlement solutions.
2) The US should move the humanitarian protection mandate of the state alongside its security arms; extra-territorial border enforcement should also include extra-territorial asylum screening.
3) The US should de-privatize migrant detention (privatization is more costly from both the monetary and human cost perspectives), and private actors are not held to the same public oversight and accountability standards as public institutions in democracies.
4) Finally, it is time for the international community to grant Palestinian refugees the same protections as other refugees around the globe. In the short term, the Biden administration has already pledged to restore funding to United Nations Relief and Works Agency for Palestine Refugees in the Near East (UNRWA), which is a step in the right direction. But in the long term UNRWA needs to be brought into the fold of the United Nations High Commissioner for Refugees (UNHCR), and the international community should take concrete steps to close the major protection gap that has emerged in this protracted refugee situation.
Joel Brenner, Senior Research Fellow, CIS
The president has issued a detailed executive order addressing weaknesses in federal networks and has appointed excellent cyber leaders in the White House and the Department of Homeland Security. The proof will be in the follow-through. The order’s requirements should be rigorously overseen, with meaningful consequences for non-compliance.
The Pentagon, spooked by vulnerabilities in our grid, wants major military bases to generate their own power. The Defense Department’s inspector general should find out if it’s happening. Transportation Command, which is the military’s logistical lynchpin but whose networks are famously vulnerable, should be stress tested. Weapons systems are also vulnerable. In a war with the Russians or Chinese, many of them will be penetrated and some won’t work. Procurement requirements for cybersecurity should be toughened up—and enforced. This is another potential focus for the Department of Defense (DoD) Inspector General (IG).
The hardest challenges involve the private sector, especially privately owned critical infrastructure, where the state of defenses and resilience varies widely. Here the president lacks directive power. My top recommendations are:
1) Create stringent stress tests for the electric grid, as we do for banks, including simulated cross-sectoral disasters. Grid operators should not be allowed to constrain the parameters of these tests, which should include cold starts. Major insurance carriers should be consulted on simulation design.
2) Create statutory liability for selling hardware and software with known vulnerabilities. This is the only area of our economy where you can knowingly sell defective goods without penalty.
3) Permit Cyber Command to attack the network infrastructure of foreign parties that plan and direct disruptive attacks on our economy.
4) Harden critical supply chains, including code verification.
5) Sharply increase investment in the security of critical sectors and in cybersecurity R&D.
6) The focus on government information sharing with private firms is misguided. Real-time sectoral sharing among major firms is more important and gets too little attention. The president should twist arms to get this done.
7) Adopt the Cybersecurity Solarium Commission’s recommendation to create a cybersecurity certification and labeling authority.
8) Be more aggressive taking down botnets.
9) Do not certify or subsidize educational coding curriculums that do not include a rigorous requirement for secure coding.
Ubiquitous connectivity and massively aggregated data have enabled huge efficiencies while introducing vulnerabilities whose costs are finally becoming obvious. Talk is cheap. These steps are overdue.
David Singer, Raphael Dorman-Helen Starbuck Professor of Political Science, MIT
We are in the midst of a period of sustained low interest rates, and this creates opportunities that should be exploited and risks that should be monitored. Some of the opportunities are obvious: increasing spending on infrastructure, including roads and bridges, the power grid and renewable energy, and internet—all of which are areas that will yield a high rate of return and place the country on firmer footing for future economic growth. Perhaps less obvious—but critically important—is that low interest rates provide an opportunity for investments in children and support for poor families. In the short term, such investments will ensure that the labor market recovery extends to the bottom of the income distribution; in the long term, the expansion of the middle class will boost spending and sustain future growth. As to risks, low interest rates create the potential for financial instability as investors search for riskier assets, banks' margins are squeezed, and asset prices rise. The ample regulatory agencies of the US financial system, including the Comptroller of the Currency, Federal Reserve, Federal Deposit Insurance Corporation (FDIC), Securities and Exchange Commission (SEC), and the Financial Stability Oversight Council, should remain attentive to these risks and assess the adequacy of prudential regulations in the coming years.
Carol Saivetz, Senior Advisor, MIT Security Studies Program
When US President Joe Biden invited Russian President Vladimir Putin to a summit in Geneva, there were many who felt that Biden gave away what Putin wanted most—international recognition of Russia as a coequal of the US—without getting anything in return. Others argued that Biden’s trip was well orchestrated and that (re)establishing predictability in the bilateral relationship after four years of the Trump Administration was worth the ostensible cost. Biden’s goal was two-fold: to initiate what he called the Strategic Stability Dialogue and to make clear US national interests. Going forward, the question is how effective Biden’s two-pronged approach will be.
Since the Geneva meeting, Russian hackers perpetrated a major ransomware attack that paralyzed companies around the world. (For Putin, cyber activity, especially as implemented by erstwhile criminal gangs, allows the Russian president plausible deniability.) Simultaneously, Putin signed a new national security strategy that describes much darker ideological and cultural divides between Russia and the West. The document threatens “symmetric and asymmetric measures” in response to “unfriendly actions” to disrupt Russia’s sway among the post-Soviet states and within Russia itself.
Putin’s goals are clear: To restore Russia’s superpower status, and to stay in power and suppress any manifestations of “people power.” Some would add to the list mitigating the economic damage from US and European sanctions. In pursuit of these goals, Putin and his entourage will utilize cyber and other methods of interference in the politics of their adversaries to chip away at Western power.
So what should the Biden Administration do now? Following the latest ransomware attack, Biden held a one-hour conversation with Putin. When asked about the call, Biden said: "I made it very clear to him that the United States expects, when a ransomware operation is coming from his soil even though it's not sponsored by the state, we expect them to act if we give them enough information to act on who that is.
On July 13, 2021, REvil, the group blamed for the latest cyber attack, went dark; but, we don’t know why. Should it or others regroup and reappear, the US should retaliate. Putin already knows that the US has penetrated many of Russia’s systems and we should make it clear that we will use the access we already have.
And we can use sanctions more effectively. New refined and narrowly targeted sanctions can be directed against Russian oil exports and/or further limiting Russia’s links to international financial institutions. Even if cyber attacks emanating from Russia continue, the US should consider further targeting Putin’s cronies and even Putin, himself—perhaps focused on their assets in the West. For the two-pronged approach to be successful, Biden must take care to calibrate possible retaliation. At the same time, Biden must use every opportunity to discuss and push forward negotiations on arms control, climate, and Covid, to name a few.
In the final analysis, the goal is to create a bilateral security architecture that facilitates cooperation on common interests and ensures that disagreements do not escalate. Put more bluntly, the Biden Administration must make sure that Putin understands that enough is enough when it comes to cyber and political interference without foreclosing options for cooperation.
Heather Williams, 2020–21 Stanton Nuclear Security Fellow, MIT Security Studies Program
Historically, arms control has been a tool for managing the world’s deadliest weapons. But how can arms control manage weapons that cannot be counted, such as offensive cyber capabilities, or dual-use technologies, such as Artificial Intelligence (AI)? These questions are particularly important as the United States and Russia prepare to meet for Strategic Stability dialogues.
Arms control for emerging technologies will require getting back to first principles—ultimately, arms control is about the prevention of war. Arms control does not always equate to disarmament and may not necessarily entail reductions or eliminations, but rather is avoiding arms races and crisis escalation. Tools for managing emerging technologies, such as AI and cyber, may look very different than they did for nuclear weapons. Three guidelines for exploring future opportunities for arms control of emerging technologies might include:
Specificity—because technologies such as AI can have both positive and negative effects on international security, it will be important to identify specific applications that are potentially dangerous. For example, the use of AI in nuclear decision-making could present ethical and strategic challenges. Nuclear possessors might jointly agree to always keep a “human in the loop” in nuclear decision-making.
Cross-domain—because of dual-capable systems, such as Russian cruise missiles or hypersonics, future arms control cannot be solely nuclear focused. Instead, it might focus on how non-nuclear systems could increase nuclear risks, such as cyberattacks on nuclear command and control. As such, the United States, Russia, and China might agree to refrain from offensive cyber intrusions into each other's nuclear command and control.
Flexibility—treaties take time and political capital to conclude, but technology is evolving at a rapid pace and US domestic support for arms control might be waning. The United States and Russia, therefore, might conclude less formal agreements that reduce nuclear risks, such as a 21st-century version of the Incidents at Sea Agreement.
As ever, though, prospects for arms control will depend on political rather than technical factors. Russia’s legacy of non-compliance and America’s repeated withdrawal from existing agreements will be difficult for both sides to ignore. China continues to refuse to engage in strategic arms control dialogues. And, of course, the private sector is an increasingly important actor in many of these technological advances that should be involved at some point.