Cyber Attack - Imminent Danger #7
By Don Koenig 2012
Possible cause - One or more of several nations that have a well trained force of computer hackers decides to try to knock out the infrastructure of the United States using cyber attacks on computerized infrastructure systems.
U.S. Vulnerability - I started this Imminent danger series in 2006. At that time the cyber threat was not at the level where it was an imminent danger to the United States superpower status. However, since that time we have become much more dependent on the Internet while the cyber warfare abilities of enemy nations have also greatly increased. Therefore, it is time to add this threat as one of the Imminent Dangers that threaten America's existence as a superpower.Most of our 18 major infrastructure systems are mostly civilian owned and interconnected through the Internet. These systems are woefully lacking in adequate computer security and redundancy. A determined enemy could bring down much of U.S. infrastructure through attacks that could not only crash the infrastructure systems but also cause massive damage to infrastructure equipment itself - equipment like generators and computerized control systems that would take a long time to replace. Systems like our electrical grid might even take so long to bring back up, that civil collapse would occur in the United States.
According to top people in the computer security field, any on-line system can be hacked. On-line systems can be taken over by an enemy and programed to do things that will destroy vital equipment. Even off-line systems are vulnerable to sleeper agents with access to the computer drives. The Stuxnet worm that crippled centrifuges in Iran and delayed the Iranian nuclear program by at least a year is a prime example. When a system is breached with a sophisticated worm like Stuxnet, about the only thing that is going to work in a reasonable amount of time is replacing the infected equipment. What happened in Iran is only a taste of what can be accomplished by a sophisticated determined hostile enemy using cyber warfare.
If a sophisticated worm like Stuxnet was discovered on our own vital systems, we would not have the spare equipment to take the infected equipment off-line for an indefinite period to keep the vital infrastructures operating. The worm could be transferred by the Internet from one infrastructure to another. We indeed, have already found backdoor exploits into our vital computer systems. One worm is named "DuKu" and it seems designed to do the groundwork for a future cyber attack against industrial control systems. Frankly, we do not know if there are sleeper programs on our systems already that are just waiting to be activated. Viruses are usually found after they are activated. Until they go active and are discovered, they can disguise themselves and remain undetected.
Effects - A well planned cyber attack could have nearly the same effects on our infrastructure systems as an EMP attack. Certain people in high defense department positions have said this is the imminent national security danger that keeps them up nights. That is because they know that our civilian systems are very vulnerable. They also do not know the extent of the expertise of our enemies, although they know it is quite formidable. They do know, that several nations have an army of people training in cyber warfare, and that they are trying to exploit our systems vulnerabilities so that they can take us down whenever such an order is given. Further, those in charge of our national security do not know the extent of the reaction of the American people if Americans suddenly lost one or more modern infrastructures for an extended period. It is not unreasonable to expect panic and widespread breakdown in law and order.
The likelihood of a disabling cyber attack by 2025 A.D.
The likelihood of a cyber attack by 2025 of such an extent that it would cripple enough of the nation to bring about a civil breakdown approaches 10 on a scale of 1 to 10 if nothing is done within the next couple of years to get our civilian infrastructure systems much more secure. It is not a question of if there will be an attack, the question is when there be an attack and how much damage it will do.The danger is still about 5 on a scale of 1 to 10 if enhanced security efforts are made. That is because computer security is really an oxymoron, there are no totally secure computer systems. They can all be hacked. What we really need are more localized infrastructure systems but that is not likely to happen because this would be less productive. The bottom-line still rules in corporate America.
Cyber security experts have flat out said that a cyber attack is imminent. One high profile expert said that he expects an attack on our infrastructure will occur within two years (he said that in early 2012), and he was very pessimistic about the outcome of such an attack.
What can the United States do to limit its vulnerability to cyber attackCyber security needs to be one of the top national defense issues. Action needs to be taken to hire more experts to exclusively work on cyber defense. Another way to help achieve cyber security is to offer substantial monetary rewards to hackers that find weakness in our infrastructure systems. Of course, these hackers will first have to be willing to be licensed to probe our vital infrastructure systems. The U.S. has some of the most capable computer hackers in the world. Enticing these people to do something productive with their skills seems quite appropriate. They need to continually probe our infrastructure systems like we are the enemy, and identify and report cyber security vulnerabilities.
Operators of our infrastructure systems should be required to fix identified security problems and they should also be required to provide a certain amount of redundancy in their systems. Most Americans do not want to give government more control over private enterprise, but when it comes to our computer controlled interconnected infrastructures that our nation depends on and survives on, I see no other reasonable solution. Cyber security is a matter of national defense.