When it comes to America’s attitude toward cyber threats, all three are in play: churning, swirling whirlpools gathering the collective power to sweep U.S. cyber defense capabilities over the edge to the rocks below.
As reported here in July, Wall Street failed a day long test of its resilience to cyberattacks, forcing trading exchanges to close six hours into the exercise.
Now America’s electric power system faces its turn. On November 13th, an exercise dubbed Grid Ex II will test the security of the American power grid with a day-long series of simulated cyberattacks.
If the results are similar to the Grid Ex I exercise conducted in 2011, the electric grid will show vulnerabilities that can shut down power to major portions of the U.S.
In other words, our power grid will most likely prove again to be just as defenseless against cyberattack as is Wall Street.
Municipalities & Citizens Unconvinced
In spite of proof of such risks, my work with local governments shows both an attitude of indifference to cyber threats and a lack of interest in involving first responders and local organizations in cyber emergency preparedness.
I have been told that cyber threats are “science fiction.” This is in spite of the fact that nations across the globe are in the midst of constant cyber operations against one another. And our sea is not safe either. In just one segment of our economy, the United States has been the recipient of more than 300 concerted cyberattacks targeted at bringing down parts of our commercial banking system since September 2012, many of them successful.
With America’s power generators potentially defenseless, local governments indifferent, and our population looking away in disbelief, our only current hope for protection is preventing attacks before they occur.
A Fortress of Security is Diminished
I was recently involved in a briefing by the NSA’s former Inspector General, who made two points clear: (a) the NSA is doing everything in its power to legally follow the rules set for its actions, and (b) NSA’s surveillance programs have proven to be successful in preventing cyber and other attacks against the United States.
But matters are no longer quite so clean. Recent Edward Snowden leaks have severely compromised not only the NSA’s intelligence gathering capabilities but those of our allies as well. Sir Iain Lobban, head of GCHQ, Britain’s communications intelligence service, called Snowden’s leaks a “gift to the terrorists,” with the resulting media coverage making “the job we [in intelligence] have far, far harder for years to come.”
Not only do our enemies now have a vastly expanded understanding of how to circumvent NSA methods, but Snowden’s revelations have also stirred political debate in the halls of Congress about curtailing such programs. Any such curtailment will only further aid those who would harm the U.S.
A Safety Net in Shreds
The NSA safety net that has provided security for Americans while the rest of the country gets its defense capabilities, indifference, and disbelief in order is now being systematically torn asunder in the storm.
The geopolitical forces causing this weakening of American cyber defense capabilities are solidly in place and pushing us toward the edge. We can only hope that counterbalancing currents will emerge to save the ship before the major cyberattack we all fear storms ashore.