This spring, the term "cyber war" turns 20. In his seminal 1993 paper "Cyberwar is Coming!" master military strategist John Arquilla envisioned an entirely new kind of battle.
That vision was articulated again, but as reality, in President Obama's State of the Union Address last week. The president's call for a more serious approach to the growing threat of full spectrum cyber war, or "cybergeddon," came just a week before Mandiant, an American cyber security firm, released a 60-page report detailing a Chinese military unit in Shanghai that poses serious threats to United States infrastructure. The silver lining here is that the report bolsters the president's intiative, which begins today, a crucial steps in the right direction for our union, as the state of things in the realm of cyber security are daily showing signs of collapse in the face of relentless foreign attacks against traditional war-time targets like utilities, newspapers, banks, and essential government agencies.
The battlefield is everywhere: personal computers, bank accounts, 401Ks and cash management accounts, drinking water, gasoline pipelines, electrical plants and dams. As news of major breaches roll in like waves on a storm-eroded beach, the likelihood increases that the next war we fight will be waged on computers aimed at crippling the systems that keep the wheels of government and daily life turning.
"There's a strong likelihood that the next Pearl Harbor that we confront could very well be a cyber attack," said Leon Panetta, the Secretary of Defense and former director of the CIA.
Are we prepared? How can we plan for, and survive, a Pearl Harbor-style attack on everyday life? There are two answers: one for the nation and one for America and one for Americans.
The first answer is that our lawmakers need to quit screwing around and do a better job.
Last week, Bloomberg Business Week catalogued the depth and breadth of the problem with breaches that originate in China while driving home the underlying fact that individual incidents "don't convey the unrelenting nature of the attacks. It's not a matter of isolated incidents; it's a continuous invasion." The Washington Post reported that China was the main aggressor -- targeting "energy, finance, information technology, aerospace and automotives" using malware and other techniques -- with a goal of "economic gain." However, the Chinese government ain't the only Barbarian at the Gate. Al Qaeda has demonstrated over and over their desire to eviscerate the American way of life. We have a multitude of enemies, and increasingly we are vulnerable to them.
The day after President Obama's address, the Cyber Intelligence Sharing and Protection Act (CISPA) began its second journey through the House. The problematic bill died last year in the Senate for lack of John Arquilla's vision. I expressed concerns about CISPA the first time around, specifically regarding privacy safeguards. Privacy advocates don't think it has enough, because CISPA demands the flow of information going both ways: government to private sector and vice versa. That two-way traffic pattern was notably missing in Obama's vision this time around (he advocated only for government sharing with the private sector), which may help pave the way for CISPA; provided, lawmakers act on the president's cue. We can only hope that with a few intelligent tweaks CISPA can become law soon.
While, the creation of uniform security standards for computer systems that run the nation's critical infrastructure is a no brainer, the answer to the question "Are we prepared" is, for the time being, a resounding "Not exactly."
A worst-case scenario would feature a cornucopia of catastrophe such as shutting down major sections of the power grid, erasing millions of bank accounts, manipulating or hijacking tens of millions of identities, and/or disrupting transportation systems throughout the land. Simply put - systems failure.
- Print It AND Store It. If a hacker brings down your bank's website, or the entire electrical grid, you need the paper documents to prove what's rightfully yours. Regularly print out your checking, savings and credit card account transaction information and a recent credit report. Keep scans or equivalent documents on a password-protected encrypted thumb drive. This stuff may well come in handy when power is restored.
- Birth certificates
- Social Security cards
- Insurance policies (car, home, life)
- Property valuations
- Ownership deeds to property, car title, mortgage, etc.
- Information on savings, checking, credit card and investment accounts
- Contact information for creditors and any company that sends you a bill.
- Military records
- Marriage and divorce papers