Initially, one might not assume cyber attacks could be equated to weapons of mass destruction, but a massive computer generated attack has the potential for enormous destruction. Though the attack may lack massive casualties or visible damage resulting from a missile or bomb, there can be extensive damage concerning stolen intelligence or intellectual property, loss of millions of dollars, or a major blow to the economy. The internet exists as an autonomous international tool where no entity has the ability to exert significant control over it.
For this reason, much concern has arisen regarding the safety of critical United States infrastructure and its vulnerability to a cyber attack. Everyday operations are increasingly managed through computer systems and other technology. A malicious code or virus inserted into our power grid system could be devastating and halt the economy as the nation struggles to get systems back online.
Over the past decade, several global powers have realized the potential for covert cyber attacks to achieve security goals. There are reports that the United States is not innocent of these attacks. U.S. and Israeli culpability is suggested in the Stuxnet and Flame cyber attacks whose operations appear to have hindered the ability of Iran’s Natanz facility to enrich fissile material.
In response to these attacks, Iran’s military apparently created a ”cybercorps” last year to launch their own cyber-campaigns. Now it is assumed Iran is to blame for the August 15th “Shamoon” computer virus that struck Aramco, a state oil company located in Saudi Arabia. As one of Iran’s main rival oil companies, Aramco has gained more business due to the debilitating sanctions placed on Iran’s oil industry as of late. The attack affected more than 300,000 computers and took the company nearly two weeks to recover. New York Times stated that it “is regarded as among the most destructive acts of computer sabotage on a company to date.”
Other countries are also implicated in cyber attacks that cause sabotage. The Office of the National Counterintelligence Executive indicated last November that China and Russia are involved with sophisticated and effective methods in cyber espionage and have caused damage to federal and private entities. In 2010, Google and several other companies were attacked, possibly by China, in an effort to obtain private information.
Despite the many public acknowledgments by senior officials of the challenges involved in this new kind of warfare, the United States has still not assigned its cyber-security initiatives to one agency. The Department of Defense (DOD) has pursued several efforts, most recently focusing on deterrence. A speech given by Defense Secretary Leon Panetta on October 11th suggested that a simultaneous cyber-physical attack “could be a cyber Pearl Harbor; an attack that would cause physical destruction and the loss of life,” and pushed the Pentagon as the potential government leader on the issue. Even so, attempts to organize the federal government don’t begin to deal with the fact that much of the cyber threat lies within the private sector and the millions of U.S. citizens it serves. Attribution also poses a problem, where perpetrators are not only nation-states, but private citizens too.
In order to gain some semblance of control in the increasingly ‘wild west’ nature of the internet, worldwide cooperative security arrangements for dealing with cyber attacks need to be established. Currently, DOD has adopted a defensive strategy for dealing with the problem and the Department of Homeland Security has undertaken some initiatives for protecting the homeland, but little has been accomplished to coordinate federal strategy with private industry. The majority of vulnerable infrastructure exists within the private sector and has few protective mechanisms.
(Continued at the link below)
Given the high risk of cyber attacks, it’s apparent the U.S. needs a cooperative cyber security strategy sooner rather than later. A recent GAO report on existing vulnerabilities of the electric grid found that there is insufficient security built within systems as well as a lack of coordinated approach between federal and private sector. With cooperation among these entities, a more comprehensive and effective plan can be drawn up and implemented. Unfortunately, the Cybersecurity Act of 2012 which would have enacted such procedures was shot down in Congress on August 2nd.
A cooperative security arrangement between federal, private and even international entities will improve the ability for protecting critical infrastructure and private information. The White House, federal agencies, and private companies have publicly spoken about the threats of cyber-attack, but now need to follow through with promises to make our networks more secure.