Armchair admirals on CBS News are calling for a retaliatory attack against Russia after the SolarWinds hack. “We’re not willing to attack. And that’s what we’re missing now. There’s no capability that the United States has that scares them enough to not attack us, ” said Jon Miller, a former “ethical hacker.” 

There’s a small but essential contradiction in his statement: are we not willing to attack, or are we incapable of attacking? Unfortunately for the US, it’s the latter. Graduation rates for Computer Science majors in the US have been steadily declining for at least two decades.

There’s just no money in it: starting salaries are laughable. IT businesses see no need to raise pay as they can easily outsource work abroad or import foreign programmers via the H-1B visa program. 

A few days ago, Microsoft president Brad Smith claimed that the SolarWinds hack took more than a thousand engineers to create. Maybe if they were Microsoft engineers… In reality, I would be amazed if more than a few dozen people wrote the whole thing. Whoever those programmers were, they must be demanding a raise.

The US has a profound shortage of qualified home-grown developers. And you can’t attack Russia or China using the hackers you leased from them.

I am not saying that the US can’t strike back. It can, and it can probably cause some appreciable damage. What it can’t do is sustain a broad attack for very long while effectively defending itself against the inevitable counterstrike. 

Additionally, the US economy is far more computerized than Russia’s, and, consequently, it is far more vulnerable to hacking. You start throwing stones, and soon you may discover that your glass house makes for an easier target.

It may very well be that this Pandora’s box we can’t afford to open. At least not now or in the near future. So what can we do? We can certainly try to fix the situation with computer science education and employment in the US with investment and tax incentives, so we are not wholly reliant on foreign brains.

Will this be our government’s response? Probably not. Likely, the big brains in Washington will launch some half-assed hack back and get embroiled in a protracted tit-for-tat cyberwar that will cost the taxpayers billions and ultimately will hurt us far more than it will the other guy.