What if a cyber Pearl Harbor never happens? Are we safe?
You hear a lot of talk about how the United States is at great risk of a cyber Pearl Harbor, an attack that could shut down communications, financial and transportation systems.
On the other hand, the attack could suddenly shut down a nuclear power plant, damaging it to the point where radioactive materials are released, killing untold numbers of people.
These sorts of scenarios that people describe sound Armageddon-like.
That was the topic of a panel at Raymond James 12th annual Government Services & Technology Summit on Tuesday.
I missed the very beginning of the panel, which featured Zal Asmi of CACI International, John Rizzo of Steptoe & Johnson LLP, and Ron Gula, Tenable Network Security.
They touched on the Pearl Harbor danger, as well as cyber warfare, which is sometimes a misnomer; cyber attacks that are criminal, espionage or even terroristic in nature, aren’t necessarily acts of war.
That might be a bit of semantic game, but it got me thinking; what if that big, devastating cyber attack -- the one people are always dreaming up and fearing -- never comes? Are we safe?
Of course not; however, I think we should stop talking about a Pearl Harbor. It's not that we shouldn't use a war analogy, especially since we are already engaged in battles and skirmishes all over the cyber domain. It's just that we should tone it down.
The Pearl Harbor analogy also might be doing a disservice to advocates of a strong cyber posture because, if nothing on that scale ever happens over time, the warnings may lose their credibility. It's like the classic "boy who cried wolf."
One thing was clear from today’s panel: that the threat is evolving rapidly. There is this concept of “rational” attacks by competitor nations who might be trying to gather intelligence or steal intellectual property.
However, as rogue nations such as North Korea and Iran gain more cyber capabilities, and as terrorist groups acquire the same, we’ll see the rise of “irrational” attacks, which will be harder to predict and guard against.
And, as technology evolves, so does the risk. Currently, the main targets are desktop operating systems, but the risk will change as more computing shifts to the cloud and mobile devices.
While Congress was unable to pass a cybersecurity bill, President Obama is expected to issue an executive order that will likely mandate that the intelligence agencies share information with the private sector, particularly owners of critical infrastructure, when an attack occurs.
There may be some privacy concerns with that, but the panelist voiced support for the sharing of this kind of information.
Posted by Nick Wakeman on Jan 08, 2013 at 9:50 AM