CISPA Isn't a Real Threat But Cyberattacks Are

We have yet to establish security standards to prevent large-scale cyberattacks on the nation’s critical infrastructure.

Computer screen showing the start of a URL
By + More

The ordeal of your friend, mugged in a foreign capital and without the means to get home, has become something of a joke. Untold thousands, maybe millions, of nice people were conned this way before the world got wise to the fact that the friend who has popped up in your email is actually someone who has hacked into your account and found your address. Your real friends, too, are likely to get a similar email, and maybe, not having heard the joke before, are sending off dollars to help out.

In early cybermayhem, primitive hacking attacks like this were ostensibly pleas from fake Nigerian princes whose fortunes were in danger in some civil commotion; you'd be paid a percentage if you'd kindly store the fortune in your own bank account (details, please) for a few weeks. And then, there are the fake "Microsoft" technicians proliferating today who want to fix your machine.

The explosive evolution of cyberspace, reflected in the rapid growth of email, the web, twitter and e-commerce, is of a magnitude never anticipated. The growth has been an immense boon to human progress, one of the greatest technological revolutions in recorded history. So what's a little hacking to worry about? Well, the menace of hacking is now of such a scale and of such stealth that it could threaten entire civilizations. The identity and location of cybergangsters – individual, groups and states – are easy to hide because of the physical architecture and software protocols, which permit the relatively easy use of aliases and proxies. Further, the barriers to entry to cyberspace melt away with the spread of low-cost Internet-enabled devices that combine voice communications, web access, and still and video photographic capabilities. These multiply the wealth of opportunities for commercial enterprise, for the delivery of public goods and services, and for citizens to participate – but also for theft on a global scale, complex to defend against and to deter.

[See a collection of political cartoons on defense spending.]

The critical question now is how to safeguard information stored inside computers and prevent hackers from creating confusion, panic and irrationality among the civilian target population through information warfare. Hackers who infiltrate a computer system and gain administrator-level access have enormous power within that system. Indeed, in hacker-slang, they "own it." Many sophisticated and well-organized groups operating out of safe-harbor countries target specific institutions for purposes of industrial espionage and the theft of intellectual property of great value. Cyberwarriors can create and operate malware such as the stuxnet worm. We are said to have used a worm to delay Iran's progress to the nuclear bomb, and bravo to that.

Last year, a number of financial institutions in the U.S. came under attack, including sites belonging to our major banks, as well as Middle East oil and gas companies. Now Iran is in the process of building defensive and offensive cyberspace capabilities, both to attack various targets in retaliation for sanctions that have been imposed against it and to repel cyberattacks directed at it. Beyond these attacks, we are faced with the theft of scientific innovation and other intellectual property – acts that have already cost billions of dollars and damaged our economy.

[Read the U.S. News Debate: Should There Be an International Treaty on Cyberwarfare?]

Currently, there are thousands upon thousands of cyberattacks every day, with many of those attacks taking place on critical infrastructure networks. Our Department of Defense has been hacked. Israel experiences about 1,000 cyberattacks per minute, every day, all day, and not just from hacker groups but also from states, organized crime and terrorists, according to leading authorities. Last year, a computer virus wiped out crucial business data from more than 30,000 computers at the Saudi Arabian oil company (Aramco) and equally damaged the systems of RasGas in Qatar, because the standard defensive systems proved insufficient against these anonymous but focused attacks. Just think: A successful attack not only defeats our defense systems but also could disrupt power generation and literally put the lights out across America. The failure of communications would paralyze not only banks but also hospitals, making it impossible for first-responders to save lives.