Last week began with the extradition denial of super-hacker Gary McKinnon from the U.K. to the United States. It ended with strong warning from Defense Secretary Leon Panetta, speaking at the Business Executives for National Security conference. In his address, Secretary Panetta warned of a cyber attack on the horizon that could rival Pearl Harbor or the 9-11 Attacks.
“The collected results of these attacks could be a cyber Pearl Harbor — an attack that would cause physical destruction and the loss of life. In fact, it would paralyze and shock the nation and create a new, profound sense of vulnerability. A cyber attack perpetrated by nation states or violent extremist groups could be as destructive as the terrorist attack of 9/11. Such a destructive cyber terrorist attack could paralyze the nation.”
The reaction to this warning has been mixed across the various news channels and cybersecurity websites. NetworkWorld referred to Panetta’s warning as mere sabre-rattling. “It is not as though warnings of a ‘digital Pearl Harbor’ are new. The concept goes back at least to 1991, when author and cyber terrorism expert Winn Schwartau called it ‘electronic Pearl Harbor.’ Former counter-terrorism czar Richard A. Clarke mentioned it a dozen years ago.” Bloomberg.com, however, believes that Panetta’s words carry some merit. “One of the most pressing military threats facing the U.S. today is one we can’t see, and therefore is the most difficult to have a sensible discussion about. Panetta provided chilling details of recent attacks that disrupted U.S. financial institutions and a virus that infiltrated the computers of the Saudi Arabian Oil Co. These are just the latest examples of a disturbing trend. Cyber attacks have led to the theft of about $1 trillion in intellectual property.”
Between Denial-of-Service attacks where computers are recruited remotely to visit one specific site in order to overload the site and take it offline, and the dangerous “Shamoon” virus that included a “wiper” that replaced genuine data with garbage data rendering 30,000 computers useless when released on Saudi Aramco, the idea of a cyber-attack that could shut down infrastructures and cripple communications between police, fire, and other public safety entities, once reserved for spy thrillers and science fiction novels is now a real and credible threat. It is a possibility that makes for uncomfortable discussions in all sectors — government, commercial, and personal — because the hackers’ tactics are discovering vulnerabilities where we do not expect them to be.
We are facing another similarity between post-9/11 and this warning from Panetta: How far are we willing to go? While there appears to be countermeasures from the Department of Defense against cyberterrorism, there is still work to be done. In the weeks and months following 9/11/01, the Patriot Act was passed and now — over a decade later — continues to be debated as to exactly what right we as Americans surrendered. The same can be said for proposals such as the Stop Online Piracy Act (SOPA) and the Preventing Real Online threats to Economic Creativity and Theft of Intellectual Property Act (PIPA) that have been scrutinized over their freedom to the government for monitoring the Internet. Where do we as a society draw lines and when do we need to government to step in and take a stand against real threats?
Perhaps what is our best defense against cyber attacks and in assuring that our own rights as law-biding citizens of the Internet are not compromised come down to what we know. We the users, as the first line of defense against cyberterrorism, must find out as much as we can about the legislation currently in motion within our government. We should also find out more about what other countries are doing in their own battles against cyber attacks. Finally, we need to be prepared, and how we prepare begins with reliable back-up, new approaches to security, and vigilance against potential threats.
Security is something we cannot take for granted. It is a continuously changing arena of challenges and threats, and we should pay close attention to the opposition, who they target, and how they operate, lest we find ourselves — literally — in the dark.