'Cyberterror' and Chinese hackers

How scared should we be?

From Wikimedia Commons under GNU Free Documentation License
All our base are belong to them?

Find someone who works on security, find an alarmist.

Whether it's the IT guys where you work pestering you to change your password every couple of weeks, to a general briefing from Congress on "emerging" threats (that will require big new spending to counter, of course), people who are paid to worry about danger always overestimate on the downside. 

And fair enough. When the worst happens, the outraged cry goes up: "Why didn't you see this coming and prevent it?!" (frequently from the same people who were cutting budgets on security, e.g. Benghazi). It's generally a good idea to have your security people losing sleep at night over insecurity.

But the discussion in the US of the security of government computers can be exasperating in its hyperbole, even when it's dealing with real threats. Consider Defense Secretary Leon Panetta last month. In an Oct. 11 speech on "cybersecurity" (the charmingly archaic "cyber" seems to live on only in government discourse about modern information technology), he seemed to suggest that a computer virus or infiltration of government computers by a hostile foreign power could kill thousands of Americans.

"Before Sept. 11, 2001, the warning signs were there. We weren't organized. We weren't ready and we suffered terribly for that lack of attention. We cannot let that happen again. This is a pre-9/11 moment," Panetta said. "The greater danger facing us in cyberspace goes beyond crime and it goes beyond harassment. A cyber attack perpetrated by nation states (or) violent extremists groups could be as destructive as the terrorist attack on 9/11. Such a destructive cyber-terrorist attack could virtually paralyze the nation."

The Sept. 11, 2001 attacks on New York and Washington claimed nearly 3,000 lives. That led the US into two wars that claimed thousands more American lives and those of tens of thousands of Afghans and Iraqis. As far as I'm aware, the current cumulative death toll from "cyberattacks" globally is zero.

This isn't to downplay the real Internet security arms race. Do the Chinese, or the Russians, want to use computer viruses and other forms of electronic snooping to steal US secrets? Obviously. Can computer viruses be used as weapons, to perhaps infiltrate the control systems of missiles or electric grids? You only have to look at the Stuxnet virus that successfully targeted Iran's nuclear enrichment program to see the reality of that.

Clearly a lot of brain power is going in to malicious software, from governments to gangsters. And of course, there's lots of gray area, with all of the data-mining programs that now run in the background of our Internet use, compiling databases of personal information to better target everything from pitches to buy new cars to campaigns for politicians. Or efforts to game online advertising (this story today claims that automated Internet use – bots – jumped to 36 percent of all Internet traffic from 6 percent last year, mostly due to scams to victimize online advertisers).

Another story that caught my eye today on this comes from Bloomberg, which got a peek of a draft of an annual Internet security report for Congress.

"China is 'the most threatening actor in cyberspace' as its intelligence agencies and hackers use increasingly sophisticated techniques to gain access to U.S. military computers and defense contractors," Bloomberg summarizes.

One statistic in that story is highly suggestive of Chinese interest in exploiting the Internet, though I'd bet a lot of the activity is commercial fraud mixed in among Peoples Liberation Army efforts. Apparently, statistics from the company Cloudfire show that on an average day, 15 percent of Internet activity is malicious – viruses, attempted hacks, malware, and so on. Yet on a major Chinese holiday last year malicious traffic plummeted to 6.5 percent of the total.
Suggestive, to be sure.

But so far, computer code doesn't kill. Certainly not directly. On my personal fear scale, I rate "cyberterrorism" a "meh."

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.