CyberSecurity: Preventing The Next 9/11

By / 9.13.2010

I remember the feeling I had when first visiting Pearl Harbor, and again years later when flying into Manhattan just after September 11, 2001. There’s an eerie quietness about the ships buried underwater, and I still see the faces of people I met in the World Trade Center.

We were warned about those attacks. We may not have known the exact details, but in retrospect, we could have done more – much more – to prevent them. Today, we face a similar threat in cyberspace.
While we don’t know the exact details, we know something is coming, and the devastation could be far more deadly.

A cyber attack – by terrorists or a state – could look like sudden power outages, scrambled data in financial systems, air traffic accidents, water contamination, and mass media propaganda about all of the above. All of this can be done on computers from halfway across the globe. We’ve already seen examples of it – tests, so to speak – in other countries and within smaller networks. In 2008, Russian hackers took down Georgian government websites in an effort to throw off the administration during turf conflicts. Hundreds of Lithuanian servers went down earlier in the year in a Distributed Denial of Service (DDOS) attack also by Russian hackers flexing their muscles in protest of the law banning public display of Soviet era artifacts. According to U.S. government sources, other countries have seen attacks on their power grids.

The nightmare scenario could involve air strikes with no warning systems enabled, missiles arriving from unknown origins. Dirty bombs could get through port security as logic bombs crush the remaining networks. Meanwhile, with financial systems crippled and damaged infrastructure, panic would ensue and local governments would be ill-equipped to deal with so many simultaneous problems. We could find ourselves with multiple major cities suffering from Katrina-like aftermaths – massive numbers of homeless, injured, without power or resources, while looters take to the streets.

Though no terrorist organization is yet known to have this capacity, most experts say we have less than five years before the first major cyber attack on U.S. soil. In a recent meeting with Senator Kirsten Gillibrand , she told a group of bloggers she thought five years would be a generous timeline. We know hacker cells operating in Russia and China already have the skills and the tools necessary, as do some in the Middle East. Terrorists may be next.

Over the past year, the Obama administration and the Pentagon have begun to take the issue more seriously, appointing a new White House Cyber Security Advisor and establishing the U.S. Cyber Command. While this marks a dramatic improvement, it is far from enough. We know logic bombs have already been placed into critical networks but what we don’t know is: when will they explode? And who put them there?

Fortunately, some members of Congress are working to address the situation. Both S. 1438, Fostering a Global Response to Cyber Attacks Act (Gillibrand) and S. 3193, International Cyberspace and Cybersecurity Coordination Act of 2010 (Kerry) address the international coordination necessary to seek and obstruct attackers. This is an important step in both preventing attacks and bringing the perpetrators to justice, although another more aggressive strategy of pre-emptive reactions to attacker stands on shaky legal ground.

We also must ready our military Cyber Command. Captain Daryl Hancock of the U.S. Fleet CYBERCOM (U.S. Navy 10th Fleet) spoke about their progress at the International Conference on Cyber Security recently, emphasizing they will be operational on schedule for next month. Still, we need more resources to manage future threats. H.R. 4061, The Cybersecurity Enhancement Act of 2010 (Lipinsky) and S. 773, The Cybersecurity Act of 2009 (Rockefeller & Snowe), attempt to address this, but training thousands of people to act as first responders to cyber attacks that could come in a variety of forms takes time and resources.

Since the Internet resides on a network of nodes owned and operated by a wide range of entities, our security rests in the hands of many people. Developing a nationwide attitude of awareness and preparation will reduce the likelihood that a large-scale cyber attack will have lasting consequences like the disasters of the past. We have the opportunity now to reduce the possible destruction that could result from these attacks. It’s in our hands, and in the hands of those who represent us.

Photo credit: The Egglepant