Warnings about U.S. critical infrastructure’s vulnerabilities to a catastrophic cyber attack – a cyber “Pearl Harbor” or “9/11” – began more than 25 years ago. But they have become more insistent and frequent over the past decade.
Former Defense Secretary Leon Panetta warned in a 2012 speech of both a “cyber Pearl Harbor” and a “pre-9/11 moment.”
They have also expanded from within the security industry to the mass media. It was almost a decade ago, in 2007, that the Idaho National Laboratory demonstrated that a cyber attack could destroy an enormous diesel power generator – an event featured in a 2009 segment on the CBS news magazine “60 Minutes.”
Late last year, retired “Nightline” anchor Ted Koppel warned in his book "Lights Out" of possible catastrophe – thousands of deaths – if the U.S. grid is ever taken down by a major cyber attack.
And just this month, the FBI and Department of Homeland Security (DHS) launched a national campaign to warn U.S. utilities and the public about the danger from cyber attacks like the one last December that took down part of Ukraine’s power grid.
The worst-case scenario, according to some experts and officials, is that major portions of the grid could go down for months, or even a year.
Yet, nothing close to that has happened yet – the damage over the past decade from natural disasters like hurricanes, tornadoes and earthquakes has been much more significant than any cyber events.
All of which raise the obvious question: Why? If a hostile nation state like Iran could deal the “Great Satan” a crippling blow, why wouldn’t it?
There are several theories to explain it. One is that even countries like Iran or a rogue state like North Korea would not want to take down the U.S. economy because it would have a drastic negative effect on the world economy.
“The same interdependencies that exist in the global economy could have unintended global consequences, were any nation to suffer widespread disruption to foundational systems,” said Anthony Di Bello, director of strategic partnerships for Guidance Software.
Anthony Di Bello, director, strategic partnerships, Guidance Software
Another is that hostile nation states are more interested in espionage than an attack, in the hope that knowledge of U.S. infrastructure systems will give them some leverage in foreign policy disputes, or prevent a country like the U.S. from ever attacking them with conventional weapons.
Yet another is that if other countries are inside U.S. systems, the U.S. must be inside of theirs, which creates the equivalent of a cyber “balance of terror” – the U.S. could do as much or more damage to them in response to an attack.
Sign up for Computerworld eNewsletters.