More Threatening Than Underwear Bombers

Here’s a chilling story (“In Digital Combat, U.S. Finds No Easy Deterrent”) about the U.S.’s vulnerability “to a sophisticated cyberattack aimed at paralyzing the nation’s power grids, its communications systems or its financial networks.”   The –Pentagon war game, modeled on recent attacks on Google and other companies, left its participants “dispirit[ed]–

The enemy had all the advantages: stealth, anonymity and unpredictability. No one could pinpoint the country from which the attack came, so there was no effective way to deter further damage by threatening retaliation. What’s more, the military commanders noted that they even lacked the legal authority to respond — especially because it was never clear if the attack was an act of vandalism, an attempt at commercial theft or a state-sponsored effort to cripple the United States, perhaps as a prelude to a conventional war.

Among many sobering post-game realizations was this:  a cyberattack could target private institutions and “cripple a country . . . without ever taking aim at a government installation or a military network.”  A participating deputy defense secretary compared the current Internet security measures protecting major institutions to the Maginot Line:

A fortress mentality will not work in cyber . . . We cannot retreat behind a Maginot Line of firewalls. We must also keep maneuvering. If we stand still for a minute, our adversaries will overtake us.

Lest you think the underwear bomber reference gratuitous, it’s prompted by Bruce Schneier’s criticism of airport security theatre in the wake of the attempted Christmas Day attack:

[T]he proposed fixes focus on the details of the plot rather than the broad threat . . . The problem with all these measures is that they’re only effective if we guess the plot correctly. Defending against a particular tactic or target makes sense if tactics and targets are few. But there are hundreds of tactics and millions of targets, so all these measures will do is force the terrorists to make a minor modification to their plot.

As I said, it’s chilling.

One thought on “More Threatening Than Underwear Bombers”

  1. This cyberattack threat sounds similar to the plot from Live Free or Die Hard (2007). If you haven't seen it, the terrorists plot a "firesale" where a cyberattack would destroy the utilities, economy and transportation across the entire country. They hack into systems to shut down transportation, turn off water and electricity and erase all the financial data nationwide. As the quotes above and the movie imply, it would apparently be difficult to prevent, stop or discover the origin of such an attack. We can only hope we will be fortunate enough to have a real John McClain arrive in time to save us the old fashioned way like in the film.

Leave a Reply

Your email address will not be published. Required fields are marked *