By Eric Vandenbroeck and co-workers
The Private Sector on
the Front Line Big Tech and the Risky Blurring of Commercial and Security
Interests.
On February 26, 2022,
two days after Russia launched its full-scale invasion of Ukraine, Mykhailo
Fedorov, Ukraine’s minister of digital transformation, sent an urgent plea to
Elon Musk to provide Internet access to the country through his Starlink system. The invasion, which Russia had
preceded with a campaign of cyberattacks, had seriously disrupted Ukraine’s
digital networks. By the very next day, Musk responded that
Starlink was active in Ukraine and that the company would soon be sending more
ground terminals to the country.
Starlink, which is a
subsidiary of Musk’s SpaceX, was not the only Western technology company to
come to Ukraine’s aid. By detecting samples of Russian malware
before the war began, Microsoft had warned Ukraine about how the
impending conflict could affect the country’s information systems. Amazon Web
Services (AWS) and Microsoft then migrated crucial government data to their
cloud servers for safekeeping, and after the war began, Google and Microsoft
offered continuing cybersecurity services. The European aerospace conglomerate
Airbus, the U.S.-based satellite manufacturer ICEYE, and the space technology
companies Capella Space, HawkEye 360, and Maxar Technologies have all been providing
invaluable battlefield imaging and data. The analytics company Palantir has
been aggregating this data to paint a more complete picture of the war on the
ground.
Although corporations
have long been involved in modern wars, their past roles have almost always
focused on the production of goods and equipment under government contracts. By
contrast, the conflict in Ukraine has initiated a new era of warfare in which
commercial companies, many of them American, are likely to provide and secure
critical digital infrastructure themselves—crucially, at their own discretion
and even for no cost. For example, because of AWS and Microsoft’s
efforts to secure Ukrainian government data, Russia’s targeting of
data centers outside Kyiv at the start of the war failed to disrupt key
government services. Russia’s effort to deploy malware also had
little effect because of Microsoft’s intervention. And although Russia hacked Viasat, a U.S. company whose satellites were vital
to Ukrainian military and civil communications, Ukraine was able to pivot
within a few days to Starlink, on which President Volodymyr
Zelensky relied for nightly broadcasts to assure Ukrainians he was still
in Kyiv and disprove Russian misinformation that he had fled the country.
Without such assistance from Western companies, Ukraine’s government might have
quickly collapsed. None of these companies build weaponry; nonetheless, their
ability to provide crucial services in the digital realm has become what might
be called warfare’s new “commercial frontier”: essential battlefield
capabilities that are controlled and furnished by civilian technology firms.
Since the private
sector drives innovation in so many of these digital
technologies and can deploy them more nimbly than governments can,
technology corporations are likely to play an ever more important role in
future wars. The challenge will be ensuring that these companies’ interests are
aligned with national ones. In Ukraine, this alignment was largely due to
chance. Ukrainian leaders had developed close personal relationships with some
of the corporations that later came to the country’s aid. Moreover, Western
countries felt a sense of urgency to defend Ukraine and, crucially, anticipated
that the war would be short; the companies offering their services—mostly for
free—assumed that the costs of doing so would be low.
Future conflicts,
however, may have more complicated circumstances. One of the central
geopolitical unknowns of the present era is whether the United States would
defend Taiwan in the event of a Chinese invasion. But this question
cannot be answered by the U.S. government alone. In any such offensive, China’s
plans would almost certainly include attacks on Taiwan’s digital
infrastructure, scenarios that Beijing has already tested by launching
cyberattacks and severing Internet cables. Many of the same companies
that protected Ukraine will be needed to protect Taiwan. But many U.S.
technology firms today have a far greater economic stake in China than they did
in Russia in 2022, and it’s highly uncertain whether they would choose to
support Taiwan. Corporate leaders’ increasing involvement in global politics
and foreign policy will only add to this uncertainty. In October, for
instance, The Wall Street Journal reported that Elon Musk has
been in regular contact with Russian President Vladimir Putin since 2022; at
one point, Putin requested that Musk withhold Starlink access to Taiwan as a
favor to Chinese leader Xi Jinping. (It was not reported whether Musk agreed.)
Making matters even more complex, Musk is now a close adviser to President
Donald Trump and leads the administration’s government efficiency efforts.
Several other of the tech industry’s biggest names also joined Musk at Trump’s
inauguration. By seeking closer ties to the administration, the country’s
biggest tech firms may be trying to move national interests toward their own,
which may prioritize shareholder value more than national security.
The only way for the
U.S. government to ensure that its own interests are advanced at the commercial
frontier of warfare is to secure that frontier for itself. To do so, the
government must understand the capabilities needed to protect an ally’s digital
infrastructure during conflict and then seek to manage their use by
contracting the relevant vendors to provide their services under U.S.
governmental auspices. The government must seek to contract these new
capabilities before conflict breaks out, preposition these technologies’
physical assets in potential geopolitical hotspots, and begin to treat the
companies that are providing these services as allies. Only then can the United
States protect digital critical infrastructure in the wars in which it is involved,
whether directly or indirectly.
Corporate Deployment
In the early days of
the war in Ukraine, firms such as AWS, Microsoft, and SpaceX could not draw on
any previous experience of involvement in global conflict. And ultimately,
their actions were not spurred by grand strategies or government directives. They
all made quick decisions that were often based on direct contact with Kyiv or
Washington and that drew on favorable circumstances.
In the weeks leading
up to the war, Vadym Prystaiko, Ukraine’s
then-ambassador to the United Kingdom, and Liam Maxwell, AWS’s director of
government transformation, discussed the idea of moving Ukraine’s data to the
cloud. Prystaiko, a former computer scientist, had
previously befriended Maxwell, a former chief technology officer for the
British government. On the day of the invasion, they sat together
and listed, with pen and paper, the essential data that would need
to be moved from government servers to the cloud, such as records
pertaining to land ownership, tax payments, and bank transactions. The massive
migration happened just before Russia attacked areas around Kyiv that house
critical data centers.
Corporate support for
Ukraine also relied on relationships with U.S. officials. Hours before the
invasion began, Microsoft uncovered a Russian malware attack on Ukraine’s
government ministries and financial institutions. During previous incidents,
Tom Burt, a senior security executive at Microsoft, had asked Anne
Neuberger, the White House’s senior cyber official, with whom he had a personal
relationship, to connect him to Ukrainian officials he could trust. When the
larger malware attack came, Microsoft had a direct line to Ukraine and was able
to quickly notify the country’s top cybersecurity authority.
The urgency of
Russia’s all-out invasion also created a special demand for corporate
involvement, because the private sector was better equipped than the U.S.
government to respond in real time. Big tech firms were able to
transfer huge quantities of Ukraine’s sensitive data almost immediately, with
AWS even delivering to Ukraine physical data-storage units known as Snowballs
to facilitate data transfers that would have taken too long to do over the
Internet. SpaceX activated Starlink in Ukraine just two days into the war. In
addition to covering all the initial service costs, SpaceX also paid to ship
enough terminals to meet Ukrainian demand from Southern California, where
SpaceX is based. “People were dying, and we thought we could be helpful in that
urgent phase of the conflict,” one SpaceX official later said. In contrast, it
took two weeks for the U.S. military to deliver its first supplies to Ukraine,
and some forms of military assistance took much longer. Major General Steven
Butow, the director of the Space Portfolio at the Pentagon’s Defense Innovation
Unit, said, “When we had delivered 25 things, there were already over 1,000
Starlink terminals being used every day.” Starlink has been described as “the
essential backbone” of Ukrainian battlefield communications.
The cost of all this
aid has become significant. To date, Microsoft’s support, which includes
hosting Ukraine’s data on its cloud for free, amounts to more than $500 million
worth of services. SpaceX spent more than $80 million on Starlink terminals and
services. The companies denied that financial interests played a
role in their decisions, but they also did not expect their involvement to last
as long as it has. At the start of the war, the predominant view among the U.S.
foreign policy establishment was that Ukraine would lose and lose quickly.
These companies had the same expectation, but once it proved false some began
to withdraw. Microsoft, for instance, still provides the Ukrainian government with
free cloud storage, but SpaceX transferred the cost of Ukraine’s Starlink
access to the U.S. government in late 2022. The service became part of the
United States’ aid package to Ukraine. Some terminals have been provided by
European allies, too.
The Fire Next Time
If Ukraine was the
technology industry’s initial foray into warfare, it won’t be the last. Yet in future
wars, many of the conditions that pushed corporate entities to deliver massive
aid to Ukraine may be different. For one thing, the personal
relationships that encouraged direct, fast communication between the Ukrainian
government and the big U.S. companies that could help it may not exist. The
corporations that mobilized for Ukraine were also acting on decisions they had
never anticipated making. They are far more aware of the risk that conflicts
can last longer than expected, that costs can accumulate to significant levels,
and even that overwhelming public support to help a country in conflict can
wane over time. As of December 2024, opinion polls showed that for
the first time, a majority of Americans expressed a desire to end the war in
Ukraine quickly, even if it meant Ukraine forfeiting territory.
All these factors
will influence how the commercial frontier will play into what might be the
next big conflict: Taiwan. A Chinese invasion of the island would
likely start with a campaign to dismantle the Taiwanese government’s digital
infrastructure. In anticipation, Taiwan has discussed Starlink access with both
SpaceX and U.S. government officials. But Musk’s appetite for supporting Taiwan
through Starlink appears low. In 2023, he compared China’s relationship with
Taiwan to that between the United States and Hawaii, and asserted that the
island was an “integral part of China.” Taiwan is wary of relying
on Starlink access, as well, owing to Musk’s business links to China, where
Tesla operates several large factories and recently broke ground on its first
energy-storage plant outside the United States. As a result, Taiwan has decided
to partner with Eutelsat OneWeb, a European provider, and discussed partnering
with Amazon’s Project Kuiper, too. Neither has nearly as many satellites or the
same proven resilience as Starlink. Separately, Taiwan has begun building its
own satellite network, though by its own projections it will not have a
communications satellite in orbit until at least 2026, and it will take far
longer to field the constellation of satellites needed to operate an effective
system.
SpaceX is not the
only company whose support for Taiwan is uncertain. Although AWS, Google, and
Microsoft have all significantly curtailed their operations in China, each continues to rely on Chinese manufacturing and
sells to the Chinese market. That these tech firms will have potential
conflicts of interest underscores the importance of developing a U.S. strategy
for the commercial frontier, centered on guaranteeing to allies such as Taiwan
the availability of essential technological capabilities before a military
confrontation arises. Doing so would ensure a greater alignment between
governmental and corporate interests in future wars; establish any necessary relationships
and connections in advance; and involve newer companies in emerging industries,
such as artificial intelligence and mesh communications networks, with
technologies that could one day prove essential on the battlefield. Deploying
such capabilities now has geopolitical advantages, as well. In the case of
Taiwan, a U.S. government-led effort to secure the island’s digital
infrastructure would not only support the island in the face of a Chinese
invasion—it could help to deter an invasion in the first place, because China
would feel less certain about its ability to cripple Taiwan without armed
conflict.
Ready, Set
The U.S. government,
through the Department of Defense, should build strategies for protecting
allies’ digital infrastructure ahead of potential conflicts. First,
the department must fully understand each country’s needs. It must then
contract the relevant vendors, such as the companies that supported Ukraine, to
provide access to their services immediately in the event of a conflict.
Physical assets like Starlink terminals and AWS Snowballs should be in place
beforehand. For capabilities that do not require pre-positioning, such as AWS
cloud licenses or radio-frequency satellite communications, the U.S. government
does not even have to spend the money today; it can contract now for future
services, so that if an emergency arises, pricing and provisioning for vendors’
licenses are set and vendors know what they need to deliver. Given the lessons
of the war in Ukraine, which demonstrated that private-sector companies could
deploy technologies far faster than the government, the United States should provide contracts in advance for
companies that can offer immediate logistical support to an ally in the event
of an invasion.
The Department of
Defense’s authority over the use of these capabilities would not only help
ensure that the right technologies reach allies in a time of need but also ease
concerns over some regulatory controls. Ukraine’s use of Starlink, for example,
raised questions about possible violations of the International Traffic in Arms
Regulations, which govern the ability of U.S. companies to provide military
technologies to other countries. Management by the Department of Defense will
also streamline the process of introducing new technologies into warfare’s
commercial frontier. To identify new players and determine necessary
capabilities, the Department of Defense should establish an advisory group
comprising officials from the National Security Council and the Department of
Homeland Security’s Cybersecurity and Infrastructure Security Agency as well as
executives from the companies that supported Ukraine and policy experts who
have war-gamed Taiwan scenarios. The department has tools to reduce acquisition
time of new capabilities to a few years or to deploy existing solutions under
development urgently at 80 percent readiness. It can also make any immediate
purchases through its Rapid Acquisition Authority, which has a budget of $800
million.
The U.S. government
should manage public-private partnerships with active diplomacy, treating
corporate entities and their leaders as it would allies. This means being
prepared to hold technology companies accountable for actions that may
undermine the national interest. But it also means including them in national
security discussions, providing certain personnel with security clearances, and
sharing information about threats that their technologies could be used to
counter. Additionally, the government should praise firms for
acting in the national interest, appealing to their desires to maintain
positive public images. Ukraine, for instance, awarded “peace prizes” to AWS,
Google, and Microsoft; Ukrainian officials have likewise praised Musk and
SpaceX publicly and privately.
The U.S. government,
on the other hand, has missed critical opportunities to recognize these firms’
work in Ukraine. For instance, in September 2022, when SpaceX tried to shift
the cost burden of Starlink service in Ukraine over to the Pentagon, after months
of paying for most of it itself, media coverage framed the company
as uncharitable—a characterization the U.S. government did not attempt to
change. A year later, Musk was heavily criticized after he refused to activate
Starlink for a Ukrainian drone operation in the Black Sea because he feared the
operation would be too escalatory. The U.S. government likely felt the same—at
this point, it was prohibiting Ukraine from using U.S. weapons for offensive
operations—but remained silent. Other tech leaders watched Musk deal with the
complexities of war without the apparent support of the U.S. government; this
experience may lead them to hesitate to offer their own solutions in the
future.
In the decisive early
days of a Taiwan conflict, resilient digital critical infrastructure may again
prove vital, as it did in Ukraine. Securing that infrastructure for the future
requires that the U.S. government act now. Leaders in Washington must recognize
that, although corporate interests and national interests will not always
align, commercial capabilities may be essential to national security
objectives. Because of this, the government must devise a framework that allows
these interests to complement each other. The United States’ continued ability
to defend its allies and partners may soon depend on how well it can harness
U.S. tech companies’ growing power.
For updates click hompage here