The National Journal recently ran an article on American cyberwar strategy. It’s full of a lot of gee-wizzary (the military infiltrated Iraqi cell phone networks!) and ominous threats (the bad guys will destroy our financial system computers, which will be like the recent crisis, except without the inconvenience of foreclosures!)
Cyberwarfare is sexy and scary. People know they use computers every day, and they understand that everything from refrigerators to cars has one.* It just makes sense that our society could be destroyed by malevolent hackers from Russia or China – or perhaps even by Al Qaeda, though I doubt most of the caves in the Preghal Mountains have wi-fi currently.
There are two reasons why cyberwarfare, while important, shouldn’t be keeping granny up at night.
The Internet is a constant battlefield. This is a good thing.
The difference between the world of cyberwarfare and kinetic warfare is that the Internet is a hot battlefield where combat is happening around the clock. As you’re reading this brilliantly-crafted post, your Internet connection has probably been probed by automated bots looking for weaknesses in your computer.
Hacking technology is rather democratic; anyone can find a security hole, and many people then can automate taking exploiting it and turning your computer into a zombie spreading the infection to others.
High-profile targets are as much a juicy treat for amateur hackers looking to claim a scalp as for nasty foreign governments; there are some truly brilliant people out there attempting to do so every day.
Governments are likely to be full of scarily brilliant-er people who are well-paid and perhaps even get nice benefits. So the PLA cyberwarfare squad is likely to be better than an angsty 20-yr old hacker, but if the latter gets to the hole first he wins, the company learns, and everyone else starts patching.
Rebooting is easier than rebuilding.
The most spectacularly successful hack that I can remember is that of the Brazilian power grid (if it was in fact true.) But remember that we have done that to ourselves, too.
As we all experience with galling regularity, computers crash and components fail. This is something that system operators prepare for and expect. A successful hack that knocks a computer offline – a worst case – is not fundamentally different from the hard drives going kablewy. Any sysadmin worth his birkenstocks better be prepared for that.
A couple thousand-pound bombs do the job a lot more completely.
This is not a clarion call for complacency. There are serious threats from hackers, but they aren’t apocolyptic Collapse of the Western World Followed By Zombie Invasion scenarios some would suggest.
I’ll talk more about that in a latter post.
Here’s the message of today’s story: If you don’t want the bad guys to win, keep your computer patched and behind a firewall, mmmmkay? But don’t panic. Until the machines get smart enough to turn on us.
* Of course, we’ve been able to control coffee pots for a while.