Another day, another report warning that the U.S. is dangerously unprepared for the realities of 21st century cyber-warfare. Monday’s study, which was the subject of a story by AP’s Lolita Baldor and which is slated for full release in the coming weeks, doesn’t say anything you haven’t heard before: The computer networks of the military-industrial complex, and the U.S. generally, are very vulnerable to mischief and attack because the feds can’t talk amongst themselves and also can’t coordinate with the private sector.
The Intelligence and National Security Alliance says the dramatic expansion of sophisticated cyber-attacks has moved beyond acceptable losses for government and businesses that simply threaten finances or intellectual property. “The impact has increased in magnitude, and the potential for catastrophic collapse of a company has grown,” said the report, which is slated to be released later this month. It adds that it is not clear that the business community understands or accepts that.
The report comes amid growing worries the U.S. is not prepared for a major cyberattack, even as hackers, criminals and nation states continue to probe and infiltrate government and critical business networks millions of times a day.
But in Washington, when you say “The sky is falling and everyone’s responsible!” that means no one will pay attention, because no one person’s job is on the line. When Adm. Thad Allen was the commandant of the Coast Guard, he used to say the U.S. needed to have a “national discussion” about whether it wanted to continue permitting small vessels to operate mostly out of sight of state and federal regulators, given the terrorism dangers of having no “air traffic control system” for American coasts and waterways. Well, we didn’t have a “national discussion,” the Coast Guard didn’t get better monitoring or a more robust system for testing and licensing boaters, and the risk of a Mumbai-style terror attack remains.
Cyber-security and cyber-warfare are the same way: Every month brings another speech, or hearing, or white paper that points up the weaknesses of our American cyber-defenses, and calls for a “discussion” and “better coordination with industry,” and — you’ve heard it all. Last year, a congressional report said that China had improperly redirected some 15 percent of the world’s Internet traffic through its systems in April 2010, for purposes about which we can only speculate. Every time he gets a chance, Rhode Island Rep. Jim Langevin warns about the dangers of a so-called SCADA attack, in which a cyber-attacker might try to sabotage the supervisory control and data acquisition networks in a factory or power plant.
In short, the cyber-security situation is roughly where terrorism was in the months before Sept. 11, 2001. The U.S. had been attacked several times, including at the World Trade Center; in Dar es Salaam and Nairobi; and in Yemen with the bombing of the destroyer USS Cole. But the threat of terror wasn’t truly driven home until the Sept. 11 attacks, which prompted massive federal reorganization, two wars, trillions in new spending and a “new normal” of electronic eavesdropping, heightened security, and all the rest of it.
So the question is, will the ongoing cyber-crisis continue as a slow burn, or will there be a “Die Hard 4”-style meltdown? It’s not the same as terrorism, obviously — a lot of cyber-mischief is perpetrated by spies and criminals who have a parasitic relationship with the institutions they attack; they don’t want to destroy the defense industry because they can continue profiting from vacuuming up its secrets.
Still, as Langevin and others have tried to warn us, there’s a chance that cyber-terrorists, possibly backed by a national enemy — we won’t mention any names — could try to bring down the New York Stock Exchange, or the power grid of the East Coast, or who knows what. Do you think such an action movie-style attack is only a matter of time, the way retired Gen. Myers nonchalantly said “a security surprise is in our future?” Or do you think it’s all too far-fetched?