Today we’re heading into another war, if we’re not already there, which has largely gone unmentioned by the candidates, although it has been a subject of growing alarm at the Pentagon and elsewhere. This, of course, is the cyber war which arguably escalated from brushfire status to real conflagration with the U.S. and Israeli Stuxnet attacks on the Iranian nuclear program in 2010.
Now, according to The New York Times, the Iranians have ramped up their capabilities to where they’re regarded in security circles as a much greater near-term threat than any other potential adversary. This assessment emerged following a series of attacks over the summer, including one that erased data on three quarters of the computers at the Saudi oil giant Aramco.
The Times also reported that, subsequent to the Aramco incident, there was a similar attack on Qatari’s natural gas company RasGas. Closer to home, several attacks were said to have taken America’s largest banks offline from time to time, and there were also disruptions to online banking at Capital One and BB&T websites. All of this was believed by intelligence officials quoted in the Times to be the work of Iran’s military cyber unit.
This summer Defense Secretary Leon Penetta, in a speech highlighting the urgency of the cyber warfare issue, described the Aramco attack as “a significant escalation of the cyber threat.” He didn’t name Iran, but he made clear there are now credible, near-term risks to our utility, transportation, financial and defense infrastructures that must be addressed.
But, in Washington, the usual partisan gridlock has left the Cyber Security Act, the leading legislative attempt to address this issue, in limbo, even after it was watered down to where private sector actions originally mandated by the bill are now merely recommendations. In other words, legislation widely viewed in security circles as too weak to be effective is deemed too draconian by opponents, including the U.S. Chamber of Congress and its Congressional allies.
Meanwhile, the one sign of bipartisanship on the issue was the House Intelligence Committee’s report declaring two Chinese telecom firms, Huawei and ZTE, to be cyber security threats, notwithstanding lack of any evidence to that effect. Beating up on two Chinese firms with no record as cyber threats is apparently far easier politically than taking action to deal with the real threat.
In an attempt to muster voluntary industry engagement in government efforts to strengthen defenses, the Defense Department’s Advanced Research Projects Agency this month convened a conference entertaining contractors’ technology proposals for “understanding, planning and managing cyber warfare” as part of Darpa’s Plan X cyber warfare research project. But while some expert observers characterize this public initiative as a turning point in the nation’s preparations for cyber warfare, the fact is the pace and scale of activity is woefully behind the escalating scale of the threat.
Which is why we broach the topic here. A major attack, even if not directly aimed at the services provided by the telecommunications industry and the Internet companies that rely on broadband networks, has the potential to have a crippling impact on the economy at large and, by extension, on the wellbeing of all network-reliant entities. Given the role of networks in the spread of such attacks it would make sense for the telecom and Internet sectors to take a leading role in demanding that Congress and private industry act with much greater urgency than we’ve seen so far.
Were the major players in telecom and the Internet to come together in some type of ad hoc alliance on this topic, maybe the confusion and obfuscation preventing action could be derailed. Simply waiting for the government to do something on its own initiative is to invite disaster.