We are reaching an exciting but dangerous phase of technology adoption where our dependence is virtually complete.
From mobile to social computing, from telecommunications to transportation, from industrial systems to electronic health records, from banking to eCommerce, from homeland security to national defense–we are dependent on technology.
But while technology proliferates everywhere, so do the risks.
Bloomberg BusinessWeek (16 May 2003) in an article called “The City That Runs On Sensors” talks about how initiatives like IBM’s smart-cities is bringing sensors and technology to everything running our towns–“Smart [city] innovation is improving our economic fabric and the quality of our life.”
The flip side is an editorial in today’s Wall Street Journal by former CIA director James Woolsey and Peter Pry who served on the congressional EMP commission warning how “A single nuke exploded above America could cause a national blackout for months” or years (stated later in article)
They write that “detonating a nuclear weapon high above any part of the U.S. mainland would generate a catastrophic electromagnetic pulse” (EMP)–and that this “would collapse the electric grid and other infrastructure that depends on it.”
This would be a national blackout of epic proportions that would impact all areas for 21st century sustainment of 311 million lives. Think for yourself–what would you be able to do and not do without the computers and telecommunications that you use every day?
Woolsey and Pry call for a preemptive surgical strike, for example, to prevent North Korean development of an ICMB capable of inflicting a nuclear EMP strike, but you can imagine other nations that pose a similar threat.
While be beef up our Cyber Corps and attempt to strengthen our tools, methods, and configurations, this is just the tip of the iceberg when it comes to securing cyberspace.
Cybersecurity is more than just protecting us from malware infiltration and exfiltration–because the whole IT system that our society is built on can be wiped out not by cyber attack alone, but rather by collapsing the very electronic infrastructure that we rely on with a pulse of electromagnetic radiation that will fry the very circuits that run our devices.
While we build firewalls and put up intrusion detection and prevention guards and establish a court system of antivirus and spamware to put away violators and so on, how shall we prepare for a pulse attack that can incapacitate the electronics underpinnings–security and all?
“Star Wars” missile defense, preemptive action, and hardening of critical infrastructure are all security options–it costs money to keep the IT lights on, but better to pay now, then pay catastrophically bigger later. 😉
!This video is of an incredible opening statement by Rep. Michael McCaul (R-TX), Subcommittee Chairman on Oversight, Investigations, and Management on the topic–Cybersecurity Threats to the United States.Some of the highlights from his statement:- America’s computers are under attack and every American is at risk.
– The attacks are real, stealthy, persistent, and can devastate our nation.
– Cyber attacks occur at the speed of light, are global, can come from anywhere, and can penetrate our traditional defenses.
– In the event of a major cyber attack, what could we expect? Department off Defense networks collapsing, oil refinery fires, lethal clouds of gas from chemical plants, the financial systems collapsing with no idea of who owns what, pipeliness of natural gas exploding, trains and subways derailed, a nationwide blackout. This is not science fiction scenarios. (Adapted from Richard Clark, former Senior Advisor of Cyber Security)
– It is not a matter of if, but whena Cyber Pearl Harbor will occur. We have been fortunate [so far]. (Adapted from General Keith Alexander, Director of the NSA).
I believe we must address these threats and our vulnerabilities in at least five main ways:
1) Increase research and developmentfor new tools and techniques–both defensive and offensive–for fighting cyberwar.
2) Establish a regulatory frameworkwith meaningful incentives and disincentives to significantly tighten cybersecurity across our critical infrastructure.
3) Create a cybersecurity corpsof highly trained and experienced personnel with expertise in both the strategic and operational aspects of cybersecurity.
4) Prepare nationwide contingency plansfor the fallout of a cyberwar, if and when it should occur.
5) Create a clear policyfor preventing cyberattacks by taking preemptive action when their is a known threat as well as for responding with devastating force when attacks do occur.
With cyberwar, just as in conventional war, there is no way to guarantee we will not be attacked, but we must prepare with the same commitment and zeal–because the consequences can be just, if not more, deadly.
andyblumenthal 