Where Fukushima meets Stuxnet: The growing threat of cyber war
The Japanese nuclear crisis, though still unfolding, may, in a way, already be yesterday’s news. For a peek at tomorrow’s, review the testimony of General Keith Alexander, head of U.S. Cyber Command. Testifying before Congress this week and seeking support to pump up his agency budget, the general argued that all future conflicts would involve cyber warfare ...
The Japanese nuclear crisis, though still unfolding, may, in a way, already be yesterday’s news. For a peek at tomorrow’s, review the testimony of General Keith Alexander, head of U.S. Cyber Command. Testifying before Congress this week and seeking support to pump up his agency budget, the general argued that all future conflicts would involve cyber warfare tactics and that the U.S. was ill-equipped to defend itself against them.
Alexander said, "We are finding that we do not have the capacity to do everything we need to accomplish. To put it bluntly, we are very thin, and a crisis would quickly stress our cyber forces. … This is not a hypothetical danger."
The way to look at this story is to link in your mind the Stuxnet revelations about the reportedly U.S. and Israeli-led cyber attacks on the Iranian nuclear enrichment facility at Natanz and the calamities at the Fukushima power facilities over the past week. While seemingly unconnected, the stories together speak to the before and after of what cyber conflict may look like. Enemies will be able to target one another’s critical infrastructure as was done by the U.S. and Israeli team (likely working with British and German assistance) targeting the Iranian program and burrowing into their operating systems, they will seek to produce malfunctions that bring economies to their knees, put societies in the dark, or undercut national defenses.
Those infrastructures might well be nuclear power systems and the results could be akin to what we are seeing in Japan. (Although one power company executive yesterday joked to me that many plants in the U.S. would be safe because the technology they use is so old that software hardly plays any role in it at all. This hints at a bit of a blessing and a curse in the fractured U.S. power system: it’s decentralized which makes it hard to target overall but security is left to many power companies that lack the sophistication or resources to anticipate, prepare for or manage the growing threats.)
Importantly, not only does the apparent success of the Stuxnet worm demonstrate that such approaches are now in play but it may just be the tip of the iceberg. I remember over a decade ago speaking to one of the top U.S. cyber defenders who noted that even during the late 90s banks were losing millions and millions every year to cyber theft — only they didn’t want to report it because they felt it would spook customers. (Yes.) Recently, we have seen significant market glitches worldwide that could easily have been caused by interventions rather than just malfunctions. A couple years back I participated in a scenario at Davos in which just such a manipulation of market data was simulated and the conclusion was it wouldn’t take much to undermine confidence in the markets and perhaps even force traders to move to paper trading or other venues until it was restored. It wouldn’t even have to be a real cyber intrusion — just the perception that one might have happened.
What makes the nuclear threat so unsettling to many is that it is invisible. It shares this with the cyber threat. But the cyber attacks have other dimensions that suggest that General Alexander is not just trying to beef up his agency’s bank accounts with his description of how future warfare will always involve a cyber component. Not only are they invisible but it is hard to detect who has launched them, so hard, in fact, that one can imagine future tense international relationships in which opposing sides were constantly, quietly, engaging in an undeclared but damaging "non-war," something cooler than a Cold War because it is stripped of rhetoric and cloaked in deniability, but which might be much more damaging. While there is still ongoing debate about the exact definition of cyber warfare there is a growing consensus that the threats posed by both state-sponsored and non-state actors to power grids, telecom systems, water supplies, transport systems and computer networks are reaching critical levels.
This is the deeply unsettling situation effectively framed by General Alexander in his testimony and rather than having been obscured by this week’s news it should only have been amplified by it.