One worst-case scenario is a cyber Pearl Harbor. What are the odds?
Cyberattacks appear a good way to gain tactical advantage during the opening moments of any conflict. They surprise by their very nature -- otherwise there would already be a software patch in place. Further, individual attacks are so diverse that it is hard to predict what the next attack will look like or where it will occur.
Here are some candidates for a cyber "Battleship Row," the eight US battleships in port at Pearl Harbor on December 7, 1941: core routers, undersea cables, strategic communications, air defense, electricity nets, classified nets, financial nets, and the Windows operating system. A successful attack on any of these targets could have tangible military value and might even cause panic among the civilian population.
"A Day That Will Live in Infamy"
An aerial view of "Battleship Row" moorings at Pearl Harbor, which shows damage from the Japanese raid conducted three days earlier. (Source: Wikipedia)
As with Pearl Harbor, the most significant military threat could be that a successful attack would delay a counterattack. Japan did not expect to win World War II in Hawaii, but sought to forestall a US response until it could fortify a chain of defensive island positions analogous to the Maginot Line in Europe (neither strategy worked). In the same way, an aggressor today might use a cyberattack to help it capture real-world territory from which it could then play defense. So as a prelude to any major war in the future, we may see some kind of Cyber Pearl Harbor, developed in a secret, air-gapped training room before anyone gets to see it.
I think the better question for national security thinkers is whether the aggressor will be able to maintain momentum or keep the initiative. Similar to the real Pearl Harbor attack, early successes may prove illusory, and there is even less of a chance they will be decisive. Japan only managed to sink four of eight US battleships, and all three US aircraft carriers survived unscathed (they were not in port at the time). Furthermore, two of the sunk battleships, USS California and USS West Virginia, were raised, rebuilt, and put back into service. And it is easier to reboot and reinstall a computer than an aircraft carrier.
In cyberwar, the gap between perception and reality is still very high. Cyberattacks do not generally cause physical damage or human casualties. They are likely to be effective only when used by a side with traditional military firepower, or they invite a kinetic response that the attacker will regret.
By analogy, hackers are closer to pirates than infantry. Hackers can cause havoc with hit-and-run tactics, but they are at a disadvantage in a set-piece battle. Finally, in cyberwar, everyone is vulnerable to retaliation. Even Japan was caught flat-footed by the Doolittle Raid on Tokyo, which came a mere four months after Pearl Harbor.
Even in the Internet era, stable governments with strong allies and access to natural resources will still win future wars, and that should generate some level of cyberattack deterrence in the mind of a potential aggressor.
And once a cyberattack is planned, I guess it can be launched any time. No need to worry about the logistics of where your hardware is, supplies lines, etc.
I agree. With computer hacking, timing is critical. In military time, let's say for air defense, the attacking planes have to be ready to go, if not in the air already. But with a power blackout, mid-winter would suffice, and exacerbate the problem many times over.
Right, and I think we could safely anticipate casualties, and indeed fatalities, in the case of something like a national black-out lasting a week or more. Maybe not thousands, but there would be deaths. Quite a lot if it coincided with extreme weather (and we do get plenty of extreme weather these days).
I remember large power outages before mobile phones, and mostly people just stood around waiting for the power to be restored. Some might deal with immediate emergencies, but almost nobody had any way to contribute toward eventual recovery. In a successful cyber attack, most peoples' communications would be out -- no usable mobile phones. And we have had no experience with power outages over large areas lasting for months or more.
Hiroshima could never have recovered on its own -- and probably not New Orleans after Katrina, either. In both cases there was an outside to go to, and where aid could be organized and come from. A cyber attack could affect huge areas, greatly reducing the presence of an outside. And we now have hairtrigger just-in-time inventory systems, and about two days' worth of groceries and other necessities in the stores (which would sell out instantly, if they were even open).
It is appalling that the U.S. tolerates the cyber insecurities it has -- such as hundreds of bugs in every operating system (judged by the pace of fixes), and millions of malware bots in our computers at all times, awaiting criminal commands.
Let's wake up before the likely disasters, not after.
I think that a digital attack on the United States' critical infrastructure assets would cause major problems in the event of some kind of conflict. We are a very advanced country with a powerful military, but we rely quite heavily on an outdated electrical system and a inefficient digital backbone that is screaming for more bandwidth. I am concerned that it might not take much to cripple our economy and weaken us for a military attack.
I think it's politically reckless to make a "cyber" analogy to Pearl Harbor or 9/11 or any other "real" attack that caused the deaths of thousands of actual people.
Perhaps a better analogy at this point would be a reference to some fictional cyber-disaster? Like saying we should prepare for a cyber-armageddon...
@mhhfive, isnt it possible to make it operable again by re-installing the Operating system because I have never heard of any case where the system was totally made inoperable.
It depends on the attack. For example, Stuxnet specifically targeted hardware in a way that destroyed the hardware itself. Re-installing an operating system won't help if malware has caused critical hardware components to overheat/melt or otherwise be physically destroyed.
CPUs are regulated by software, and it's possibe that corrupted software could tell CPUs to run at dangerously high temperatures... or tell hard drives to spin too fast... or somehow get lithium batteries to explode and catch fire.... turning your computer on/off three times and re-installing the OS is not going to help much if your laptop is a smoldering lump of metal and plastic.
I'm not sure it's such a bad analogy, especially since the attack was unexpected and unprepared for. Of course, people might assume that a cyberattack wouldn't result in 2,000 fatalities. But I'm not sure we really know that: it depends what kind of cyberattack it is.
All, I have received a few emails saying that comparing cyber attacks to Pearl Harbor is always a bad idea. I agree that it may seem too dramatic for a good analogy. What do you think? Does it wind up doing more harm than good? What is a better analogy?
Good point. I think a determined effort by hackers could probably keep specific, even important computers offline for quite a while. And then there is scale - conficker now comprises over 10 million bots.
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
National security thinkers are still debating whether a"“Digital Pearl Harbor" is possible. But in the ongoing revolution in Syria, the cyber battleground is already strewn with interesting proofs-of-concept.
My blog, The Art of Cyberwar, posted on Internet Evolution this past January, described 10 revolutionary aspects of conflict in cyberspace. Based on the feedback I received, I've decided to revisit each of the 10 aspects with a new view based on what I've learned from many comments. Here is my list:
The establishment of the US Cyber Command in 2010 confirmed that cyberspace is a new domain of warfare. The computer is not only a target but also a weapon. Therefore, national security thinkers must find a way to incorporate cyberattacks and defense into military doctrine as soon as possible.
World leaders fear that cyber-terrorism and cyber-warfare may pose a real threat to national security. In the future, unknown hackers might target everything from electricity to elections.
Big-data and analytics tools enable marketers to understand customers as individuals, identifying unmet needs and addressing each customer as a "segment of one," says John Kennedy, VP corporate marketing, IBM.
New York's Metropolitan Transit Authority is conducting a pilot test of digital kiosks to guide subway users to where they want to go more efficiently and at lower cost.
The whole Amazon.reader debate is a double-stupid. It's stupid to think that there's any e-book buyer who doesn't know Amazon's URL, and it was stupider to let ICANN launch the whole free-form TLD initiative to start with.
While NFC's original goal was to enhance mobile commerce applications, it is finding its way into a number of other uses, which is creating both opportunity as well as challenges for IT departments.
Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
Edmunds separates customers into segments based on the info it collects on its site and from partners, and uses that to push out custom content, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
The IBM Smarter Commerce Global Summit in Monaco kicked into high gear today, and we've already begun to see news emerging from that lovely city-state by the sea.
Expert Integrated Systems: Changing the Experience & Economics of IT In this e-book, we take an in-depth look at these expert integrated systems -- what they are, how they work, and how they have the potential to help CIOs achieve dramatic savings while restoring IT's role as business innovator. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?
To save this item to your list of favorite Internet Evolution content so you can find it later in your Profile page, click the "Save It" button next to the item.
Email This
