Do we need to take cyberattacks more seriously?
- By Alessandra N. RamAlessandra N. Ram is a researcher at Foreign Policy.
Thomas Rid’s warning against cyberwar hype (“Think Again: Cyberwar,” March/April 2012) would be more useful if it were not also a contribution to the jousting match between those who claim we’re fighting one already (Rid’s right; we’re not) and those who say there’s nothing to worry about (he’s wrong; there is).
We’re in a period between war and peace when even supposedly secret communications are vulnerable and nasty cyberoperations are becoming the norm. What confuses matters is that we use “attack” to refer to everything from a network probe to a penetration to steal information to a penetration to destroy or degrade a system or the information on it. Even real attacks do not amount to acts of war unless they have physical results.
Rid’s dismissal of supply-chain operations is also troublesome. He pooh-poohs accounts of the 1982 Soviet pipeline explosion because the KGB denied it (duh!) and the CIA declined to confirm it (double duh!). Every large corporation I deal with is concerned about supply-chain security — not just the Pentagon, which has already suffered system degradations. This isn’t just a threat from commercial counterfeiting. Supply-chain attacks are a bread-and-butter technique of foreign intelligence services.
Rid is similarly cavalier when arguing that cyberattacks on infrastructure are now more difficult to execute because “[s]ensitive systems generally have built-in redundancy and safety systems.” If only this were true of our electric grid! As the North American Electric Reliability Corp. reported in 2010, supposed efficiency improvements “have allowed some inherent physical redundancy within the system to be reduced.”
I don’t know a single front-line cyberoperator who agrees with his assessment that offensive tactics do not have an inherent advantage over defensive measures in the present state of technology. We are being penetrated, and our infrastructure is vulnerable.
Author, America the Vulnerable: Inside the New Threat Matrix of Digital Espionage, Crime, and Warfare
Thomas Rid replies:
The consulting outfit Digital Bond recently demonstrated that industrial control systems — specifically, certain components of so-called SCADA systems — run software that does not prioritize security. These field devices control all sorts of stuff that moves around, from trains to oil to elevators. Worse, many such systems are exposing their open flank through the Internet.
So Joel Brenner is right: Yes, we’re very vulnerable. Yes, plenty of actors out there have malicious intent. Yes, we’re being penetrated. And yes, we should do something about these problems — urgently. But harping on about wholesale cyberwar is counterproductive. Discussing WikiLeaks, commercial espionage, financial fraud, and the most potent intelligence operations in the same breath displays a lack of much-needed nuance. Only the thin top end of that range of threats is really scary. “Supply-chain attacks,” Brenner insists, “are a bread-and-butter technique of foreign intelligence services.”
Why, then, have we not seen a more serious attack against SCADA systems? Stuxnet has been the most spectacular attack to date. Even that mean worm, however, in the larger scheme of things, neither halted nor significantly dented Iran’s nuclear program. No serious treatment of cyberwar can dodge this question any longer. Only scaremongers can.
My colleague at King’s College London, Peter McBurney, and I have tried to answer this question. Developing and deploying a destructive cyberweapon requires significant resources, intelligence, and time. And the more destructive the design of such a weapon, the smaller the number of targets, the smaller the risk of collateral damage, and, ultimately, the smaller the political utility of cyberweapons.
John Arquilla earned his degrees in international relations from Rosary College (BA 1975) and Stanford University (MA 1989, PhD 1991). He has been teaching in the special operations program at the United States Naval Postgraduate School since 1993. He also serves as chairman of the Defense Analysis department.
Dr. Arquilla’s teaching interests revolve around the history of irregular warfare, terrorism, and the implications of the information age for society and security.
His books include: Dubious Battles: Aggression, Defeat and the International System (1992); From Troy to Entebbe: Special Operations in Ancient & Modern Times (1996), which was a featured alternate of the Military Book Club; In Athena’s Camp (1997); Networks and Netwars: The Future of Terror, Crime and Militancy (2001), named a notable book of the year by the American Library Association; The Reagan Imprint: Ideas in American Foreign Policy from the Collapse of Communism to the War on Terror (2006); Worst Enemy: The Reluctant Transformation of the American Military (2008), which is about defense reform; Insurgents, Raiders, and Bandits: How Masters of Irregular Warfare Have Shaped Our World (2011); and Afghan Endgames: Strategy and Policy Choices for America’s Longest War (2012).
Dr. Arquilla is also the author of more than one hundred articles dealing with a wide range of topics in military and security affairs. His work has appeared in the leading academic journals and in general publications like The New York Times, Forbes, Foreign Policy Magazine, The Atlantic Monthly, Wired and The New Republic. He is best known for his concept of “netwar” (i.e., the distinct manner in which those organized into networks fight). His vision of “swarm tactics” was selected by The New York Times as one of the “big ideas” of 2001; and in recent years Foreign Policy Magazine has listed him among the world’s “top 100 thinkers.”
In terms of policy experience, Dr. Arquilla worked as a consultant to General Norman Schwarzkopf during Operation Desert Storm, as part of a group of RAND analysts assigned to him. During the Kosovo War, he assisted deputy secretary of defense John Hamre on a range of issues in international information strategy. Since the onset of the war on terror, Dr. Arquilla has focused on assisting special operations forces and other units on practical “field problems.” Most recently, he worked for the White House as a member of a small, nonpartisan team of outsiders asked to articulate new directions for American defense policy.| Rational Security |