Could the U.S. Lose a Cyberwar?
Nearly two weeks ago Admiral Mike McConnell, the former U.S. Director of National Intelligence (DNI), testified about the preparedness of the U.S. in the event of a cyberware at a meeting of the U.S. Senate Commerce, Transportation and Technology Committee. He said that if the U.S. were to be attacked in a cyber war, the U.S. would lose. Admiral McConnell’s testimony created shock waves among members of this committee, who reportedly did not have a clue that the U.S. was so dismally prepared for cyberwarfare. Jim Lewis, who heads the government’s Commission on Cybersecurity, followed Admiral McConnell by saying that most of the U.S.’s critical computing infrastructure is within the commercial sector, but this sector is not doing enough to safeguard computing assets. According to Lewis, no improvements in cybersecurity practices within private industry are likely to occur unless regulations require these improvements.
I find it incredulous that members of the U.S. Senate were so naïve and uninformed about the U.S.’s current state of unpreparedness for cyberwarfare. Perhaps this is due to denial, the same kind of denial that caused U.S. government and military personnel in 1941 to dismiss the notion that Pearl Harbor was about to be attacked. Or perhaps those within the U.S. government who need to understand cyberwarfare-related risks the most are not devoting the time and effort needed to genuinely and thoroughly understand these risks, very possibly because of the need to fight other major brushfires (e.g, the economy and healthcare reform). Whatever the cause of the Senators’ ignorance, one thing is for sure—the U.S. is not very likely to achieve any advances in the information warfare arena unless those who lead our nation wake up to the problem and do something about it.
Sadly, almost immediately after his testimony was finished, Admiral McConnell fell under heavy criticism for his statements. Critics accused him of being a highly paid “fatcat” now that he has left the government and that he was in essence doing nothing more than grandstanding when he gave his Congressional testimony. How can his critics be correct when epoch incidents such as Titan Rain and Aurora, in both of which the U.S. had its proverbial cyberclock cleaned by state-sponsored cyberattackers, have occurred repeatedly and are highly likely to occur again in the future? Sadly, these attacks are likely to continue to be highly successful because of ineptitude and indifference both within the U.S. government and the U.S. private sector. Consider the following quote from:
“The attacks have also hit government and military institutions in the United States, where analysts said that the West had no effective response and that EU systems were especially vulnerable because most cyber security efforts were left to member states.” (See http://www.einnews.com/article.php?oid=bhzfsFHn34hHjQ&v=38375EnDmRv3c_YtUQQrSNBTWrjUdDQmU )
This article goes on to say that the number of cyberattacks against the U.S. Congress and other government agencies had risen dramatically to somewhere around 1.6 billion monthly, with China being one of the most prevalent sources of the attacks. According to the author of the article, the risk of unauthorized access to intelligence data has also grown to the point where the distribution of such data has been restricted substantially.
If you still don’t believe that the U.S. is poorly prepared to defend itself against and respond to cyberattacks, check out:
In short, U.S. government agencies stumbled their way badly through a recent cyberattack simulation exercise, once again demonstrating the government’s lack of ability to fend against and respond to massive cyberattacks.
My main point here is that although Admiral McConnell was correct in pointing out the U.S.’s unpreparedness in the event of a cyberwar, he was also dreadfully wrong in another major way—he treated the subject of information warfare as if it were something that could happen in the future. No, Admiral, a major international cyberwar has been occurring for years. The U.S. is not likely to lose—it is losing badly now! And even if the U.S. government and the commercial sector were to wake up to this fact and start making changes accordingly, it would take many years to reverse the long established trend of one defeat after another in the information warfare arena. Still, late would be so much better than never…