Monday, May 4, 2015
EMP and Cyber: Twin Threats but Not Twin Risks
In the case of cyber, Defense secretary Ash Carter's April 22nd release of the "DOD CYBER STRATEGY" for 2015 outlines the DoD priorities and responsibilities to the American homeland in the case of cyber conflict.
The stated strategy makes clear that the DoD's primary duty is to defend its own networks, with the objective of keeping its communications necessary for warfare operations intact.
Protection of critical U.S. infrastructure, ninety percent of which is operated by the private sector, receives secondary importance and little detail in the report, which states: "The majority of [private sector] intrusions can be stopped through cybersecurity investments that companies can and must make themselves."
In other words, in case of a crippling national cyber attack, the private sector must plan on fending for itself.
The threats posed by an EMP attack were well chronicled in a Wall Street Journal opinion piece on May 1st by Amb. Henry Cooper, former director of the Strategic Defense Initiative and Peter Pry, executive director of the EMP Task Force on National and Homeland Security.
The article describes that "An EMP attack, most likely from the detonation of a nuclear weapon in space, would destroy unprotected military and private sector electronics nationwide, blacking out the electric grid for months or years."
The authors point out that such an event would cause widespread death from hunger, disease and social disruption that by some estimates could reach ninety percent of the U.S. population.
Society would crash to a halt. No highways filled with speeding automobiles; no jet trails arching across the morning sky; no brightly-lit skyscrapers, just dark, towering hulks of glass and steel.
In examining this threat, it is important to keep in mind that desire does not equal capability. North Korea or Iran, for example, may have the desire to inflict widespread damage to the U.S., but neither reportedly holds the missile or miniaturized nuclear weapons capability to conduct such an attack.
Nor does capability equal action. U.S.satellites would know the source of any nuclear-caused EMP attack on the United States. Retribution would be expected to be harsh and immediate, likely critically injuring or destroying the assailant.
In contrast, cyber attacks present a different and arguably even more dangerous level of risk.
Due to inherent attribution difficulties, 'false flag' attack capabilities, increasingly-procurable cyber weapons and an inherently larger universe of potential assailants, mounting a counterattack on the true offending party can be a tricky and imprecise exercise. Counterattacking the wrong party would only amplify and worsen an already dangerous global conflict.
EMP and cyber threats are potentially so damaging that both should be treated with the utmost urgency. But it could be argued that cyber threats present the greatest immediate risk.
Looking ahead, one can hope that a cyber-era deterrent like that between the U.S. and Russia during the Cold War will help avoid the consequences either threat.