Monday, November 16, 2015

Paris Attacks Tighten US Cyber Options

James McFarlin

The drums of war are sounding closer.

The barbaric ISIS Paris attacks of November 13th, preceded by the bombings in Lebanon and take down of the Russian airliner over Egypt on top of more than 770 reported ISIS terrorist attacks from 2013 to the present are the latest acts aimed at destabilizing and ultimately destroying Western civilization.

More attacks are coming. A US security official remarked today that Paris was certainly "not the only action in the ISIS pipeline." In confirmation of that belief, a video released by Islamic State threatens attacks against Germany, London, Washington DC and other US cities,

America faces threats from 'lone wolf' Islamic extremists and - coming soon - threats from attackers arriving in the waves of Syrian refugees scheduled to hit the nation's shores.

But such threats are dwarfed by the potential damage and massive loss of life from cyberattacks against US power and other critical national infrastructure targets.

There is a growing consensus that ISIS cyber threats to the US are increasing and becoming more immediate. Admiral Michael Rogers, director of the National Security Agency and US Cyber Command, believes such attacks are "much more a matter of 'when' rather than 'if'' during his time in command."

ISIS has been widely recognized for its social media prowess in recruiting, radicalization, training and fundraising. But those actions are just the beginning. John Cohen, a former counter-terrorism coordinator at the Department of Homeland Security, believes that "It is only a matter of time until we start seeing ISIS-type organizations using cyber warfare techniques in a more expanded way."

And with America's near-total dependence on computer networks, it has much more at risk than many other nations, and certainly more than extremist groups, which have little to lose.

What is the US to do to deter such actions? Based on the success of cyberattacks throughout the breadth of America's institutions, from banks and retailers to defense contractors and government agencies, it is evident that existing cyber defense capabilities are not adequately effective.

In a sign of recognition that defensive measures must be supplanted or supported by more aggressive tactics, the US has recently accelerated its move toward increasing its offensive cyber weapons capabilities.

But more than a battle of technologies, cyber defenses are evolving into a battle of wills. With the exception of its Stuxnet computer virus targeting Iran's nuclear program, the US has been reluctant to deploy offensive cyber weapons, citing the possibility of such actions triggering counterattacks.

During such indecision, the risks mount. And for America's future, they are huge. Let's hope it does not take a cyber-9/11 attack to trigger America's resolve to deploy offensive cyber weapons to prevent what can be a major calamity.