Why the threat of cyber-warfare is being exaggerated

In an assessment of the dangers posed by cyber-warfare and while noting that the threats posed by cyber-warfare and cyber-espionage are repeatedly being conflated, Seymour Hersh points out that the interests of the National Security Agency and those of hackers coincide: both want communications networks that remain open to interception. But John Arquilla, who has taught since 1993 at the U.S. Naval Postgraduate School in Monterey, argues that privacy and security are complimentary. “We would all be far better off if virtually all civil, commercial, governmental, and military internet and web traffic were strongly encrypted,” he writes in his book, Worst Enemies.

At the same time, cyber-warfare fearmongers like Richard Clarke describe apocalyptic scenarios in which America could be crippled by China, though China’s motives for engaging in such an attack would be hard to fathom.

Within a quarter of an hour, 157 major metropolitan areas have been thrown into knots by a nationwide power blackout hitting during rush hour. Poison gas clouds are wafting toward Wilmington and Houston. Refineries are burning up oil supplies in several cities. Subways have crashed in New York, Oakland, Washington, and Los Angeles. . . . Aircraft are literally falling out of the sky as a result of midair collisions across the country. . . . Several thousand Americans have already died.

Hersh quotes James Lewis, a senior fellow at the Center for Strategic and International Studies, who points out that China is massively invested in the maintenance — not destruction — of America’s economic health: “Current Chinese officials have told me that we’re not going to attack Wall Street, because we basically own it” — a reference to China’s holdings of nearly a trillion dollars in American securities — “and a cyber-war attack would do as much economic harm to us as to you.”

[President Obama’s coordinator for cyber security] Howard Schmidt doesn’t like the term “cyber war.” “The key point is that cyber war benefits no one,” Schmidt told me in an interview at the Old Executive Office Building. “We need to focus on that fact. When people tell me that these guys or this government is going to take down the U.S. military with information warfare I say that, if you look at the history of conflicts, there’s always been the goal of intercepting the communications of combatants — whether it’s cutting down telephone poles or intercepting Morse-code signalling. We have people now who have found that warning about ‘cyber war’ has become an unlikely career path” — an obvious reference to McConnell and Clarke. “All of a sudden, they have become experts, and they get a lot of attention. ‘War’ is a big word, and the media is responsible for pushing this, too. Economic espionage on the Internet has been mischaracterized by people as cyber war.”

Schmidt served in Vietnam, worked as a police officer for several years on a SWAT team in Arizona, and then specialized in computer-related crimes at the F.B.I. and in the Air Force’s investigative division. In 1997, he joined Microsoft, where he became chief of security, leaving after the 9/11 attacks to serve in the Bush Administration as a special adviser for cyber security. When Obama hired him, he was working as the head of security for eBay. When I asked him about the ongoing military-civilian dispute, Schmidt said, “The middle way is not to give too much authority to one group or another and to make sure that we share information with each other.”

Schmidt continued, “We have to protect our infrastructure and our way of life, for sure. We do have vulnerabilities, and we do talk about worst-case scenarios” with the Pentagon and the Department of Homeland Security. “You don’t see a looming war and just wait for it to come.” But, at the same time, “we have to keep our shipping lanes open, to continue to do commerce, and to freely use the Internet.”

How should the power grid be protected? It does remain far too easy for a sophisticated hacker to break into American networks. In 2008, the computers of both the Obama and the McCain campaigns were hacked. Suspicion fell on Chinese hackers. People routinely open e-mails with infected attachments, allowing hackers to “enslave” their computers. Such machines, known as zombies, can be linked to create a “botnet,” which can flood and effectively shut down a major system. Hackers are also capable of penetrating a major server, like Gmail. Guesses about the cost of cyber crime vary widely, but one survey, cited by President Obama in a speech in May, 2009, put the price at more than eight billion dollars in 2007 and 2008 combined. Obama added, referring to corporate cyber espionage, “It’s been estimated that last year alone cyber criminals stole intellectual property from businesses worldwide worth up to one trillion dollars.”

One solution is mandated encryption: the government would compel both corporations and individuals to install the most up-to-date protection tools. This option, in some form, has broad support in the technology community and among privacy advocates. In contrast, military and intelligence eavesdroppers have resisted nationwide encryption since 1976, when the Diffie-Hellman key exchange (an encryption tool co-developed by Whitfield Diffie) was invented, for the most obvious of reasons: it would hinder their ability to intercept signals. In this sense, the N.S.A.’s interests align with those of the hackers.

Facebooktwittermail

2 thoughts on “Why the threat of cyber-warfare is being exaggerated

  1. Norman

    I’m not sure where the author is coming from? Are you stating that everyone should have encryption, or remain unencrypted? The present stance of the U.S.Government & the various agency’s of same, want a backdoor in any & all online traffic. So, if I read this right, then there is two camps in play here, one who believes strongly in security for all, the other who wants the ability to snoop on everybody in the so called name of security. So which is it? As for Richard Clark being a fearmonger, I believe that he was a Security head for the Government before the Bush got rid of him. Granted that Clark has written a fiction novel, but that doesn’t make him a fearmonger. Sounds like the author here is striving for his being credible by downgrading another. Ambiguity is not the way to sell a story to the public if it’s stated goal is fact.

  2. Christopher Hoare

    I’d suggest there are two different scenarios muddled together here. The Cyber War in place of military action – as in Stuxnet vs Bushehr reactors which seems inconclusive — and Cyber actions during military action which could be decisive.
    With a combination of ASATs and cyber action an enemy with hostile plans in progress could demolish the fragile web of Pentagon communications that provide real time U.S. photographic intelligence (PHOTINT), electro-optical (EO), synthetic aperture radar (SAR), and electronic intelligence (ELINT) satellites that operate in low-earth orbit (LEO). The transmission of control signals to UAVs also travels via satellite signals. The US military would be reduced to the techniques prevalent during the Korean War. While there are apparently plans to hastily launch simpler satellites to fill the gaps, these would likely be a target for cyber attacks.
    While no one currently has the technology to meet the US ‘video-game’ war materiel in open warfare — there are many states that could land a knockout punch while those war toys are sitting idle.

Comments are closed.