The last few weeks have seen an increasing number of articles in the media about the dangers of cyberwar. In part, this increase in the volume may be due to the current confirmation hearings in Congress for the new director of the Central Intelligence Agency and, in part, because of a recent major conference on cybersecurity, the S4, held in Miami. But the truth is that the danger is all too real, as is the perception that the United States is not prepared for what appears to be inevitable: a major cyberattack on American interests.
In fact, such attacks are going on every day. Last fall, two United States power-generating stations were targets of a computer virus that affected turbine operation and required temporary shutdowns. Recently, the New York Times ran a series of articles detailing how it had been the target of a sophisticated long-term attack designed to steal data from the company’s computers. The Times attributed the attack to China.
Just a few weeks ago, a new virus was discovered to be infecting more than 500,000 Macintosh computers, once thought to be virtually impervious to such attacks. This virus was designed to steal financial data from computers. Apparently, this virus is now spreading to PCs as well. It is incorrect to say that the United States may come under cyberattacks in the future. The future is already here.
As troubling as attacks on individual computers may be, attacks on computers that operate critical infrastructure are far more dangerous. Several years ago the U.S. government went to great lengths to suppress a scholarly paper that described how a cyberattack could bring down the American electrical grid. But this hardly has prevented such knowledge from spreading worldwide. Properly orchestrated attacks on American computers could bring electricity production to a halt. Similarly, attacks could wreak havoc with our transportation systems, water delivery systems, even traffic controls. There are very few critical infrastructure components that are not computer controlled and, therefore, at risk of cyberattack.
The good news is that the Pentagon has established a new “Cyber Command” and has recently indicated that it will substantially increase the size of this command. But the military alone cannot solve our national cybersecurity problems. Virtually all of our critical infrastructure, financial institutions and transportation systems are privately owned. Unless these private corporations act now to protect their property from cyberattack, our risk of some catastrophe even caused by a hostile country or individuals increases each day.