'Cyber Pearl Harbor': Could future cyberattack really be that devastating?

Cyberattacks on critical infrastructure like the power grid ‘could be a cyber Pearl Harbor,’ Defense Secretary Leon Panetta warned in October. Some others say the concept is overblown.

On the 71st anniversary of "a date which will live in infamy," the United States faces the possibility of an updated digital version of that threat – a "cyber Pearl Harbor."

That's according to Defense Secretary Leon Panetta, who in an October speech warned of a "cyber Pearl Harbor" threat and the need to bolster America's cyberdefenses. Also, in the 2010 book “Cyber War,” former White House counterterrorism adviser Richard A. Clarke warns of an "electronic Pearl Harbor."

Cyberattacks on US critical infrastructure like the water supply or power grid "could be a cyber Pearl Harbor – an attack that would cause physical destruction and the loss of life," Secretary Panetta argued in his speech. "In fact, it would paralyze and shock the nation and create a new, profound sense of vulnerability."

As an imagistic catchphrase, "cyber Pearl Harbor" is an emotionally evocative term for Americans. The Japanese surprise attack on Dec. 7, 1941, killed 2,402 and damaged or sank 18 ships including five battleships, effectively burning its memory into the national psyche.

But could there really be anything in the digital realm as horrific or stunning to the US as the Pearl Harbor bombing today? Or is using that charged phrase just saber rattling to build up defense budgets, as many experts and non-experts contend?

"I do think it's a genuine concern," says Stewart Baker, a lawyer and former senior official at the National Security Agency and the Department of Homeland Security. "I'd love to think it's overstated, but that view is supported more by wishful thinking than by analysis. If you judge adversaries by capabilities rather than intent, there's no doubt that anyone with a really strong cyberespionage capability can cause something that will feel like a cyber Pearl Harbor."

Some others aren't so sure that the world is full of big adversaries with substantial cyberespionage capabilities. In an article in Foreign Policy magazine headlined "Panetta's wrong about a cyber 'Pearl Harbor,' " John Arquilla says it's the "wrong metaphor."

"There is no "Battleship Row" in cyberspace," writes the professor of defense analysis at the Naval Postgraduate School in Monterey, Calif. "Pearl Harbor was a true ‘single point of failure.’ Nothing like this exists in cyberspace."

The logic behind creating the Internet, he says, was to ensure continued communications even after a nuclear war. Resilience is a key idea that shaped the structure of cyberspace, he says. Still, he's not entirely sanguine:

"Our armed services, increasingly dependent upon their connectivity, can be virtually crippled in the field by disruptive attacks on the infrastructure upon which they depend – but which are not even government-owned," he writes.

Still others say the whole concept is overblown.

"Digital Pearl Harbor is just a funding term, a way to get money for military and cybersecurity budgets," says John Robb, a former Air Force pilot who served in Special Operations Forces and is author of "Brave New War" about new modes of warfare. "It has no real relevance because we still live in a world dominated by nuclear weapons."

There are also those who say the cyber threat is quite real, but they don't much like the “cyber Pearl Harbor” term.

"When people started talking about a cyber Pearl Harbor, the general rule is to wildly overestimate the ability of hackers to turn America into a Stone Age economy," says James Lewis, a cybersecurity expert with the Center for Strategic and International Studies in Washington. "It's hard to think of any scenario in which you could kill a lot of people in a cyberattack. So that part of the analogy doesn't make sense."

But the other part of the analogy – the sneaky part – does make sense, he says.

"It's not hard to imagine a surprise cyberattack for which we are unprepared, which I think is why some people continue to use the phrase," he says. "With Pearl Harbor, there was plenty of warning it was coming – and military commanders didn't do much. If we were in a tense situation with China today, it might make the analogy more credible. They might try to launch a surprise cyberattack."

Even so, he says, it "would be nice if the phrase went away, but it seems to be stuck."

A few years ago, a cybersecurity group that Mr. Lewis meets with held a contest with a free pizza dinner for anyone who could think of a better term. "Digital Dunkirk" and a few other alternatives were offered, but none won much support.

"If some nation takes down the US power grid, that will certainly disrupt Americans' lives, but it might also galvanize action – which would be the same strategic blunder made by the Japanese," Lewis says. "I don't know. Maybe we'll have to revive the [naming] contest."

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to 'Cyber Pearl Harbor': Could future cyberattack really be that devastating?
Read this article in
QR Code to Subscription page
Start your subscription today