Cyberattacks: Washington is hyping the threat to justify regulating the Internet
Networks have been under attack -- and successfully handled by operators -- as long as they’ve been around. Be wary of calls for more government supervision of the Internet.
We marched into Baghdad on flimsy evidence and we might be about to make the same mistake in cyberspace.Skip to next paragraph
Subscribe Today to the Monitor
Over the past few weeks, there has been a steady drumbeat of alarmist rhetoric about potential threats online. At a Senate Armed Services Committee hearing this month, chairman Carl Levin said that “cyberweapons and cyberattacks potentially can be devastating, approaching weapons of mass destruction in their effects.”
The increased consternation began with the suspected Chinese breach of Google’s servers earlier this year. Since then, press accounts, congressional pronouncements, and security industry talk have increasingly sown panic about an amorphous cyberthreat.
According to McConnell, now a vice president at Booz Allen Hamilton, “our power grids, air and ground transportation, telecommunications, and water-filtration systems are in jeopardy.” More recently, Sens. Jay Rockefeller (D) and Olympia Snowe (R) wrote about “sophisticated cyber adversaries” with the potential “to disrupt or disable vital information networks, which could cause catastrophic economic loss and social havoc.”
Yet none of the prognosticators of disaster presents any evidence to sustain their claims. They mention the Google breach, but that was an act of espionage that, while serious, did not lead to catastrophe.
There have been and continue to be many “cyberattacks” on government and private networks, from the Korea attacks to the denial-of-service attacks during the Georgia-Russia war. To be sure, these attacks are a serious concern and we should continue to study them.
But so far, these types of events tend to be more of a nuisance than a catastrophe. The biggest result is that websites are down for a few hours or days.
This shows that security should be a serious concern for any network operator. It does not show, however, that these attacks can lead – much less have ever led – to the types of doomsday scenarios that politicians imagine. There is no evidence that these attacks have ever cost any lives or that any type of critical infrastructure has ever been compromised: No blackouts, no dams bursting, no panic in the streets.
The cyberalarmist rhetoric conflates the various threats we might face into one big ball of fear, uncertainty, and doubt. This week for example, the director of the Central Intelligence Agency announced that a cyberattack could be the next Pearl Harbor.
Cyberwar, cyberespionage, cyberterrorism, cybercrime – these are all disparate threats. Some are more real than others, and they each have different causes, motivations, manifestations, and implications. As a result, there will probably be different appropriate responses for each.