17 December 2014

Prepare for Cyber Armageddon

December 15, 2014

The United States is woefully unprepared to deal with the inevitability of a major cyber attack. Recent hacks of private companies such as Sony, Home Depot, Target and the like are warnings of greater dangers to come; like the proverbial canary in the coal mine. These companies don’t represent critical infrastructure such as the power grid, banking system, food distribution and storage or air traffic control. A successful attack on any one of these could bring this country to its knees.

The Internet was never intended to be secure. Neither is much of the software in use today by individuals, companies and even governments. As anyone with security software on their PCs or devices knows, they receive a continuous stream of updates as security companies such as McAfee strive diligently to stay abreast of the threat.

Some progress has been made in the area of cyber defense, particularly by the Department of Defense. It created Cyber Command, a component of U.S. Strategic Command, to oversee and direct the activities and operations of the individual Service cyber elements. Together with the Defense Information Systems Agency, Cyber Command is said to be doing a very good job securing defense networks. It also has developed very potent offensive capabilities that it doesn’t talk about.

Unfortunately, the rest of government, state and local as well as federal, is not nearly as well protected as DoD. Neither is the private sector which owns and operates 85 percent of this country’s critical infrastructure. Cyber Command lacks the necessary authorities, not to mention sufficient resources, to enable it to defend the rest of the federal government much less the country as a whole.

Some parts of the private sector do make an effort to secure their networks. But most companies either don’t know what to do, don’t want to spend the money or don’t even now see the necessity. This is why cyber security experts both inside and outside government like to speak about the possibility of a cyber “Pearl Harbor” as the necessary galvanizing event that will force the nation to address its vulnerability to cyber attack.

In a way, a cyber Pearl Harbor is actually a comforting metaphor. To be sure, it was a tragic event heralding U.S. involvement in a world war. But within six months, this country was on the offensive. Most of the ships sunk on December 7 were raised and rejoined the Fleet. The Arsenal of Democracy swung into high gear.

Given how unprepared we are, a serious cyber attack may look more like Armageddon than Pearl Harbor. Prospective adversaries, including Iran and North Korea in addition to Russia and China, are reported to be assiduously working to penetrate the control systems for our critical infrastructure. Were they able to bring down our power grid, for example, the results would be catastrophic.

It is vital that the United States develop the doctrine, operational concepts and capabilities to deter such attacks and, as necessary, defend the nation. This is as important, perhaps even more so, than deterring a nuclear strike on the homeland or defending against another 9/11.

Dr. Daniel Goure, is a Vice President at the Lexington Institute. 

This article originally appeared on the Early Warning Blog, a publication of the Lexington Institute

Related Topics: Cyber

No comments: