Stuxnet, China, and the Need for Increased Cybersecurity in the US
Podcast: Play in new window | Download
Subscribe: Apple Podcasts | RSS
The recent Stuxnet cyber attack on the controversial Iranian nuclear facility has shed light on the efficacy of cyber warfare. Even though the facility was not destroyed, progress at the facility slowed and the Iranians admitted that they had suffered an attack. Most believe this was the work of the Israeli military, but the stealthy abilities of cyber attackers mean the public may never know.
It should come as no surprise that the United States is dependent on computer technologies for virtually every vital aspect of daily life, from water and electricity to cell phones and traffic lights. At the same time, most Americans also acknowledge that their online activity can be hacked and that viruses are a threat that they should address. As such, we install virus software on our computers and assume that this will protect us.
What most do not assume is that a war between the United States and other countries is taking place in cyber space. Unfortunately, it appears that the United States is vastly unprepared to defend itself against the growing threat of cyber attacks. While most Americans think that installing anti-virus software on their computers will prevent all web-based threats they will encounter, many experts say they are mistaken. In addition to the fact that anyone’s computer can become part of a botnet attack in which hundreds or thousands of computers are controlled remotely and direct an attack without a user knowing, the greatest threats to security are the attacks on the computer systems that seamlessly run the most important aspects of our lives. A virus on one’s home computer is an annoyance for its user, but a computer hacker or government who successfully attacks the New York Stock Exchange or the FAA’s computer systems, or like Stuxnet takes over industrial controls, can and will lead to widespread devastation if left unaddressed.
While the United States possesses a formidable offensive cyber warfare capability, its previous defensive capabilities have been ineffective against cyber attacks on the Pentagon, the Secret Service, and the Department of Homeland Security websites. Even though these breaches have not led to physical harm to American citizens, the potential for devastation remains if we do not take action to address them. Government contractors with sensitive national security information have also been the focus of attacks resulting in enormous amounts of data theft that must be addressed. This was evident when officials discovered that terabytes of information regarding the F-35 fighter jet had been downloaded from defense contractor computers. It is alleged that the source of the attack was China, a country who stands as a formidable challenger to US policy and interests abroad.
The Department of Homeland Security has recently been tasked with defending the networks of the federal government. It is in the process of developing a program called “Einstein III” that it hopes will provide a greater level of protection from the 15 year old hacker and the sophisticated Chinese and Russian attacks. Problematically, much of the networks that Americans depend on are run by private companies who do not appear to have embraced serious cybersecurity measures nor are they subject to regulation by the government. As such, their computer networks remain vulnerable to attack by foreign governments and will likely become the focus during future conflicts. These vulnerabilities have the potential to devastate the United States by turning off the electricity, disrupting oil and gas pipelines, and perhaps even taking over FAA computer systems, to name a few.
The Department of Homeland Security already has the authority to defend “.gov” websites but a new bill making its way through Congress would give the Department of Homeland Security regulatory authority over private assets deemed critical. Critics have been quick to note privacy concerns and also assert that such regulation will stifle innovation and weaken the system. But if private companies who have control over assets that are critical to the daily functioning of our society are unwilling to effectively secure their networks, then other measures must be taken. Even if the proposed legislation does not become law, hopefully it will shed light on the vulnerabilities of the system and the potential for disaster. As Senator Susan Collins (R-Maine) stated, “We cannot afford to wait for a ‘cyber 9/11’ before our government finally realizes the importance of protecting our digital resources, limiting our vulnerabilities and mitigating the consequences of penetrations of our networks.”
See also: http://www.abanet.org/natsecurity/multimedia/WS_30282.mp3
