On July 9th, the FBI shut down the servers of the DNSChanger Network. While many attempts were made by the FBI and ISPs to inform people how to check their computers for infection, it was conservatively estimated that around 250,000 people would lose the ability to connect to the internet when the servers were finally shut down. While this virus mostly affected everyday businesses and people, the threat of cyber attacks on companies and our national governments that could potentially compromise national security appear to be occurring with increasing frequency.
Cybersecurity has certainly been a priority of the Obama administration; President Obama himself stated that cybersecurity is “one of the most serious economic and national security threats our nation faces.” While the U.S. government has been proactive in securing its own networks, there appears to be a gap in the level of security between the government and many of the companies that are government contractors and keep government secrets. A senior military official said concerning cyber attacks that “attackers of U.S. Government and private sector Internet networks are looking to inflict permanent damage, not just render them inoperable.”
General Keith Alexander, who is the U.S. Cyber Command Chief for the NSA, recently was quoted as saying, “Statistically the number of attacks is growing . . . What I am concerned about is when these [attacks] transition from disruptive to destructive attacks . . . the probability for a crisis is mounting.” The idea that the U.S. could potentially be crippled by a cyber attack is nothing new. Officials have been warning about cyber threats for the past decade or more, and while potentially the two biggest known threats to emerge in the past few months and years (Flame and Stuxnet) appeared to target nations other than the U.S., that does not mean that the next threat will not be directed at the U.S. or U.S. interests. Defense Secretary Leon Panetta and other senior intelligence officials have pointed out that cybersecurity at the moment falls behind terrorism and WMDs in topping the list of national security concerns.
Perhaps this lack of attention to the increasing threat comes from the fact that cyber attacks do not have any specific form, and many times, the perpetrators remain relatively anonymous. Cyber attacks can be launched by governments, groups, or individuals, and the potential victims are varied and numerous. While an attack on the “power grid” could have devastating effects, attacks on millions of individuals’ personal computers might be just as disruptive, given the large amount of banking, purchasing, and labor that is done on the internet today. The National Security Council, under the direction of the president, has put together a “10 point plan” of actions for the near term that includes appointing a cybersecuity policy official, launching a national awareness campaign, and building a cybersecurity-based identity management vision and strategy for the nation. While work is being done, the rate of this work is frighteningly slow, and there is still much work to be done.
Cybersecurity may not top the list of national security threats at the moment, but there is certainly reason to increase the speed of our preparation now. Coordination of cyber security between the public and private sectors, while already occurring, should be increased. Congress should work quickly to craft and pass better cyber security legislation, while maintaining the privacy of Americans; Defense contractors should be brought up to date with the latest security measures employed by the government and have policies in place for dealing with cyber attacks and espionage. The U.S. is better equipped and more capable that any other country in the world to address this threat, and while we are making progress, we should be pushing to close the door on the threat before a major attacks occurs, and not decide that the issue is important after the fact. While there are some who claim that the threat is being blown out of proportion, the uncovering of the Flame virus a few months ago and this virus’s ability to gather sensitive information and extensive spying capabilities serve as a warning of what may even now be lurking on the hard drives of computers around the world.
While the U.S. may be the most technologically advanced nation in the world, we are not the only nation with computers or skilled programmers. The sheer number of computers and systems that rely on the internet in this country should be more than enough motivation for the U.S. to prepare as a nation to deter and respond to cyber attacks today and not tomorrow. Already cyber attacks have cost the U.S. business billions of dollars, which amount would likely be dwarfed by a successful attack on the power grid, or other major infrastructure. The time of action is now, given that the time to prepare is disappearing at the same speed that technology is changing.