In today's increasingly interconnected world, a person with a laptop computer can sit at a coffee shop in London and trade stocks listed on the New York Stock Exchange, transfer funds from a bank account in Zurich to an account in Tokyo, chat on an Internet phone call with a friend in Estonia, check in on his child's daycare center through a live video feed, upload a video clip of his brother's stand-up comedy performance onto You Tube, and place a bet with an online casino in Costa Rica. Such are the conveniences of today's communications technology.
But if that same person were more maliciously inclined, he might hack into the stock exchange and alter share price information to send a target company into a downward spiral, use a stolen identity to pilfer funds from a victim's savings account, use a pseudonymous email address and encryption technology to send secret information to his spy handler, or upload to a jihadi website a video of Osama Bin Laden calling for a new wave of attacks against the United States. The only constraints on his capacity to do harm are his level of technological sophistication, the defenses put in place by his intended targets, and governments' capabilities to learn about his activities and stop them.
A New Weapon
A decade ago, when the World Wide Web was still in its infancy, the scenarios just posited would have been derided as alarmist. If it was a person from the information technology industry speaking, he would have been accused of scaring people into buying new security tools. If it was a policy wonk, he would have been accused of not understanding the robust and resilient nature of Internet technology. And if it was a government official, he would have been accused of searching for a new mission--or new reasons for government funding--in the post-Cold War world.
Today skepticism about the cyber threat is more difficult to find. Government agencies, companies, and individuals are all too aware of the harm that computer viruses and hackers can cause. The problem now is not so much recognizing vulnerability to computer-based threats as understanding just what those threats are and what should be done to stop them. One year the main concern seems to be teenage hackers defacing websites or breaking into computer networks for the thrill of causing a disruption; the next year the primary concern is fast-spreading viruses that shut down corporate networks for a few hours or even days; and the next it is international criminal groups stealing and selling credit card and social security numbers.
While the public face of the cyber threat changes frequently, there is an abiding spectrum of threats that is far broader, and far more dangerous, than is typically appreciated. While citizens today are fearful of identity theft and the US government is focused on preventing a full-scale civil war in Iraq and avoiding another Hurricane Katrina catastrophe, the United States' current and potential adversaries--whether radical Islamic terrorists, Iran, or China--are looking for the weaknesses in the US information infrastructure and mapping out where and how they would mount a cyber attack.
Re-learning the Lessons of September 11
The terrorist attacks of September 11, 2001, demonstrated all too clearly the vulnerability of the United States to foreign attack. Once comfortable with its physical distance from the ancient quarrels that plague the rest of the world, the United States became aware that its relatively open borders, democratic liberties, and modern technology could be turned against it to devastating effect. Since September 11, the US government has focused on measures to prevent similar attacks--strengthening airport security, hardening cockpit doors, and putting air marshals on commercial flights.
Far less attention has been devoted to other forms of attack, some of which could be even more destructive than the September 11 attacks. …