Editorial: Cyberwar Defense
The shadowy world of cybercrime was exposed in the recent federal indictment of eight men accused of manipulating computer networks and ATMs to steal $45 million over seven months. The heist combined sophisticated hacking with street-level hustle. In New York City alone, thieves struck 2,904 cash machines over 10 hours on a single day in February.
For all the wonders of the digital revolution, there is a turbulent and largely hidden underside of theft and disruption that grows by the day; the losses are often not counted in stacks of $20 bills but rather in millions of dollars of intellectual property stolen or compromised. Computer networks are vital to American capitalism and society but remain surprisingly vulnerable to hijack and hijinks.
Also worrisome is the threat of cyberattack on the nation’s infrastructure, such as electric grids or dams. The Department of Homeland Security has issued a 13-page alert about possible attacks on industrial control systems. According to a report in The Washington Post by Ellen Nakashima, the warning expressed concern that an assault could go “beyond intellectual property theft to include the use of cyber to disrupt ... control processes.” The department did not identify the adversary, but there has been concern about Iran’s ability to carry out cyberattacks like the one that destroyed 30,000 computers at the state-owned Saudi oil company Aramco.
Why does this matter? One of the first digital weapons to target industrial control systems was Stuxnet, a computer worm reportedly invented by the United States and Israel to damage equipment in Iran used to enrich uranium that could be used in a bomb. If Stuxnet was successful, as sources have claimed, it caused Iran’s centrifuges to fail. As a method of slowing the march toward a nuclear weapon, Stuxnet was ingenious and preferable to a conventional bombing attack.
But in cyberspace, the United States is not the only powerful actor. Other states increasingly have the capability and the willingness to attack. A new arms race — a competition among adversaries —is heating up. The United States and other nations are building offensive cyber-armies. It is past time to debate this. So far, most of the U.S. offensive cyberprogram has been cloaked as an intelligence matter. While secrecy is necessary for operations, basic questions should be openly debated: Who decides to wage cyberwar, when and why?
To protect what we hold dear — from mobile apps to mutual funds — it is vital that the United States erect better defenses. Congress stalled in the last session over legislation that would improve cooperation between the private sector, which controls most of the networks, and the government, which could help defend those networks. An unreasonable business allergy to regulation was the main obstacle. The need for legislation is more urgent than ever.
The Washington Post