CYBERWAR REPRESENTS EXISTENTIAL THREAT TO US
By Chriss W. Street
4 December 2014, 5:41 AM PDT
Nineteenth century military genius Carl von Clausewitz coined the phrase: “War is a mere continuation of politics by other means.” In his day, the number of wars was limited by the time and expense to organize large armies and then march across borders to inflict pain.
War was much more expensive in the twentieth century, but the number of conflicts expanded because planes and missiles cut the time it took to inflict pain. Proliferating technologies make it now possible for any nation to acquire cyber tools at minimal cost to instantly inflict pain on any other nation. Clausewitz would expect the number of cyber wars to grow exponentially in the twenty-first century.
The advent of cyber war represents a new “high bar risk” as the U.S. faces-off against a deadly trifecta of cutting-edge digital technologies, advanced military weapons, and the ability to disrupt critical infrastructure. With this type of war built around digital technology, America’s enemies will focus on turning our own technology against us.
The first year of the twenty-first century will be remembered for 19 illegal aliens who trained at a Florida school to use U.S. commercial airliners as improvised explosive devices. The 9/11 terrorists slaughtered more Americans than died at Pearl Harbor. With the U.S. government politically forced to declare war on much of the Middle East, the financial cost from the attacks and subsequent military response is over $3.3 trillion.
Former National Coordinator for Security, Infrastructure Protection, and Counter-terrorism for the United States, Richard A. Clarke, defined “cyber warfare” as “actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption.” When confronted with the statistic that less than 0.0025% of revenue at the average U.S. corporation was being spent on information technology security, Clarke warned: “If you spend more on coffee than on IT security, then you will be hacked. What’s more, you deserve to be hacked.”
Edward Snowden’s revelations concerning the militarized activities of the NSA highlight cyber warfare’s danger to the U.S. corporate sector. Military power in the cyber domain is projected through the civilian computer networks of U.S. tech giants such as Google, Facebook, Verizon, and Apple. The cooperation or conscription of private U.S. networks for cyber warfare attacks or defenses creates an extreme liability for these firms. U.S. tech companies are top targets for suspicion and potential retaliation by enemy states.
The main proliferator of cyber warfare capabilities to potential enemies of the United States is the boom in attendance by international students at U.S. colleges. The State Department’s 2014 Open Doors Report on International Educational Exchange reported the number of international students studying at U.S. colleges grew since 2000 by 72% to 886,052. About 23% of international students worldwide now study in the U.S.
Over 315,000 or 35% of international college students in the U.S. are enrolled in science, technology, engineering, and mathematics (STEM). This compares to about 3.1 million or28% of American-born college students with STEM majors. But unlike international students that overwhelmingly graduate in their major, 48% of American-born students drop STEM majors before graduation.
Forbes reported Chinese cyber crooks are stealing secrets from leading U.S. weapons systems manufacturers; Iran has invaded the operations of leading American banks to plant malicious viruses that could cause a debilitating financial crisis; and Russian hackers are breaking into the networks of U.S. oil and gas companies to gain access to their industrial control systems.
Yet, 276,000 Chinese, 4,500 Russians, and 8,700 Iranians are legally enrolled as international students at U.S. colleges. Some of these students will eventually return home armed with cyber weapons-of-mass-destruction they can deploy against America.
Clausewitz stressed three centuries ago that great military commanders are prepared to respond to incomplete, dubious, and often completely erroneous information coupled with high levels of fear, doubt, and excitement that he termed the “fog of war.”
Low cost cyber warfare tools allow adversaries of the United States to inflict pain and instantly create the fog of war by attacking American computer networks. Since no nation on earth currently has the equipment and financial resources to win a conventional military war against America, cyber war will be the primary existential threat to the peace and security of the United States in the twenty-first century.
Chriss Street suggests that if you are interested in U.S. infrastructure, please click on Hoover Dam Low Water Could Double SoCal Water Prices.
Forget dirty bombs and cyber war. Here are 3 threats that should truly terrify you.
Robert Beckhusen and Matthew Gault
December 3, 2014
The world — it seems — is on the verge of collapse. Wars rage in Africa and the Middle East. The Ebola virus spreads across West Africa. Edward Snowden, Chinese hackers, and Anonymous make a mockery of national cyber security. Religious fanatics are trying to get their hands on nuclear and chemical weapons.
Americans are afraid. And who can blame us? Spend too long with any of the major news outlets and the future can look pretty bleak.
But many of things Americans fear the most more or less are fantasies. That doesn’t stop us from spending time, effort, and billions upon billions of dollars trying to defend ourselves. Meanwhile, we often ignore the real threats — the technology, people and phenomena that actually can hurt us.
What are Americans getting wrong about national security? From nuclear terrorism to the much-ballyhooed “cyber 9/11,” here’s where we think our priorities are wrong. And while we’re at it, we’ll mention what we think you really should be afraid of.
Don’t worry about “cyber 9/11”
Read about cyber warfare in the media or in statements from Pentagon officials, and you’d be left with the impression that an army of hackers is on the verge of wiping out the U.S.
Here’s just one example. Last month, 10 formers members of the 9/11 Commission warned that a coordinated cyber attack could rival the 9/11 attacks in damage.
“One lesson of the 9/11 story is that, as a nation, Americans did not awaken to the gravity of the terrorist threat until it was too late,” the ex-commissioners wrote. “We must not repeat that mistake in the cyber realm.”
While cyber war is very much real, it’s tricky to untangle the actual threats from the ones we tend to exaggerate.
For one, it’s not easy building a cyber weapon that can cause serious industrial damage. Like the Stuxnet virus that tore through Iran’s nuclear centrifuges, these weapons are the purview of the richest nation-states.
Stuxnet’s creators didn’t just build a worm — they built a replica of the Iranian nuclear site targeted in the attack. That’s not something any hacker could do. The overwhelming majority of cyber attacks are small-scale shenanigans that include countries, but also their ad-hoc cyber militias and organized crime groups.
This misperception helps fuel the Pentagon’s over-reliance on “cyber offense,” as Peter W. Singer noted in his book Cyber security and Cyber war: What Everyone Needs to Know.
If cyber war is massively destructive, the logic goes, then there’s little we can do to defend against it. Meanwhile, hackers are able to steal billions of dollars’ worth of military blueprints, trade secrets and other forms of intellectual property every year.
It’s not that we shouldn’t be afraid of cyber attacks. But we’re afraid of the wrong kind. Al Qaeda launching cyber-9/11? Not so much. But Russian and Chinese hackers looking for technical data on a secret drone project? Or how about the inner negotiating strategies for Fortune 500 companies?
— Robert Beckhusen
Worry about cybercrime, instead
The U.S. — and the rest of the world, for that matter — aren’t ready to deal with cybercrime.
On Aug. 6, The New York Times reported on a group of Russian hackers stealing billions of passwords and other personal information. In February, a security firm discovered more than 300 million stolen credit cards on a black market Website. Hackers stole millions of Target credit card numbers in December.
In April, the security firm Codenomicon discovered the Heartbleed vulnerability and made it public. The faulty SSL code ran for two years before experts found it. Internet companies fixed the problem. The public panicked anyway and changed millions if not billions of passwords.
The public always panics and changes passwords. What else are we supposed to do?
Cybercrime has gotten a lot worse over the past few years. The most recent report from the Bureau of Justice Statistics reported that 16.6 million Americans were victims of identity theft in 2012. They reported a loss of $24.7 billion. That’s $10 billion more than the next highest form of property crime.
And that’s just identity theft. It doesn’t take into account all the other forms of cybercrime such as bank fraud. It’s also just a report on cybercrime that victims have discovered. Often, targets of attacks don’t detect the violation for months or years, if at all.
Worse, cybercrime is often stateless. Hackers operate across borders. It’s hard for Washington to justify entering a sovereign nation to round up computer criminals. And when it does pursue foreign cybercriminals, it risks upsetting diplomatic relations.
In July, the Justice Department arrested a Russian hacker in Guam. The Kremlin wasn’t happy about it. Russia — the source of an overwhelming amount of U.S. cybercrime — doesn’t typically prosecute hackers so long as they target computer systems outside of Russia.
Cybercrime is a growing threat and an international problem. It requires an international solution. But at the moment, the public and the its servants largely are reactionary.
We change our passwords when we hear about the next breach. The Justice Department chases down whichever perpetrators it can, but that barely makes a dent in the rampant cybercrime.
— Matthew Gault
Don’t worry about dirty bombs
Nuclear and chemical weapons are favorite bugaboos of television writers. 24 and Homeland pit their heroes against madmen wielding Weapons of Mass Destruction — to name just two.
But those are just stories. We overstate the real threat that WMDs pose. An analysis of a recent news story conducted by the Combating Terrorism Center at West Point helps explain why.
In June, the Islamic State of Iraq and Syria militant group seized uranium from the University of Mosul in Iraq. Later, ISIS took over an old chemical weapons factory in Al Muthanna. It seemed like an army of zealots now could assemble its own WMDs.
This was not the case.
WMDs are complicated and fragile. Nuclear and chemical weapons require a degree of scientific acumen that some roving militant group such as ISIS doesn’t possess.
In the Iraq cases, the age of the captured materials also degraded their capability. Ditto the reliability of the containers. If ISIS wanted to turn the raw materials into something deadly, they’d need to transport them to a more stable and secure location.
It’s doubtful the materials would survive the trip with their lethality intact.
Even if a bunch of militants managed to build a dirty bomb out of the uranium or thorium, the effects would be nothing like the catastrophic destruction and widespread sickness that screenwriters and fear-mongers claim. Uranium and thorium are inert and relatively stable. You have to ingest or inhale to cause any real radioactive damage.
They’re also heavy. Any bomb containing the materials would do the most damage in its initial blast. Attempts to turn to the radioactive matter into a cloud would be ineffective. The material would litter the ground harmlessly before more than only a few victims inhaled the material.
In short, the weapons are too complicated and the resources too scarce and unstable. The chances are small of a terrorist organization acquiring the materials to carry out such an attack. Even when they do acquire the materials, they don’t know what to do with them.
— Matthew Gault
Worry about wars in megacities, instead
The 21st century has seen the rise of megacities — truly massive, unbroken urban environments whose populations exceed the entire headcounts of some small countries.
These include the New York-Boston-Washington corridor, Beijing, and Germany’s Rhine-Ruhr region. But the growth of megacities in poor countries — cities like Lagos, Dhaka, and Mumbai — creates the conditions the Pentagon believes will draw the U.S. into a future war.
“It is inevitable that at some point the Army will be asked to operate in a megacity and currently the Army is ill-prepared to do so,” the Army’s Megacities Concept Team warned in a June report.
The Army defines megacities as urban areas with population greater than 20 million, and estimates there will be 37 such cities around the world by 2025, with most of them in developing countries. Where populations go, so does conflict.
That’s particularly the case when there are too many people sharing too few resources — and the police and the army more or less give up on being able to manage them.
“As people flock into the cities you get this donut-shaped ring of outside territory dominated by non-state armed groups,” David Kilcullen, a military theorist who studies megacities, told Small Wars Journal last year. “And these groups can actually lock the city down. They have a choke-hold on the key resources that the city requires in order to survive.”
But how do you fight a war in such an environment? The Army has no idea. The U.S. fought in Baghdad for nearly a decade, a city one-quarter the size of the smallest megacities. If it doesn’t start learning now, it’ll cost lives later.
— Robert Beckhusen
Don’t worry about foreign terrorism
9/11 scarred America. It arguably was the single most effective terror attack in history. It also was an anomaly — a plot carried out with astounding luck by a small group of fanatics. After the attack, the U.S. quickly ramped up counter-terrorism spending to a whopping $75 billion dollars a year.
All that money seems to have purchased a lot of security. Incidents of foreign terrorism targeting Americans are down. Way down. But according to the Heritage Foundation’s figures, incidents of terrorist activity had dwindled to historic lows prior to 9/11.
The number of incidents spiked after the Twin Towers fell, but lately have fallen to the same low level we saw in the years leading up to 9/11. Foreign terror attacks on the United States and its citizens were far more frequent decades ago. The most dangerous five-year period was 1987 to 1991. There were 635 attacks.
Terrorism is scary. The attacks seems to come from nowhere. The damage is horrifying. The deaths seem senseless. The perpetrators are willing to die for an ideology most people do not understand.
But in truth, terrorist attacks aren’t very likely — and the U.S. has gotten good at stopping plots in their early stages. It also helps that most would-be-terrorists usually aren’t very bright.
In 2007, a group of six men — all born overseas — conspired to assault Fort Dix in New Jersey. The FBI got wind of their plan when the group asked a retail store to make a DVD of their jihadi training exercises.
Umar Farouk Abdulmutallab attempted to detonate a bomb in his underwear on a Northwest Airlines flight back in 2009. He succeeded in lighting his crotch on fire.
Authorities in New York busted up a terrorist plot aimed at blowing up the Kennedy International Airport. It was apparent from taped conversations of the leader that the group was more interested in airport as a symbol than as infrastructure.
“To hit John F. Kennedy, wow. They love John F. Kennedy. Like, he’s the man,” Russell Defreitas said. “If you hit that, the whole country will be in mourning. It’s like you can kill the man twice.”
If authorities hadn’t foiled the plot, then the plotters’ ignorance of various security measures at the airport would have. It’s hard to kill Kennedy twice.
— Matthew Gault
Worry about domestic terrorism, instead
We live in fear of foreign terrorism. But while there are terror group that no doubt wish to strike at the homeland, the number of attacks are a statistical blip compared to attacks by domestic extremists.
You can just look at what law enforcement worries about the most. The Department of Homeland Security recently surveyed several hundred police officers, asking them what they perceived to be the biggest terror threat.
The report, released in July, did not rank jihadi threats as the most grave. These ranked second, and didn’t distinguish between foreign and domestic radicals.
Instead, law enforcement worried most about so-called “sovereign citizens.”
These are loosely-affiliated radicals who reject most laws at federal, state and local levels. Individuals belonging to the sovereign citizen movement likewise are responsible for a spate of cop killings in recent years.
In June, a sovereign citizen illegally encamped on federally-owned land shot a California Highway Patrol officer and a ranger with the Bureau of Land Management. These stories are common, if dispersed. Most violent encounters with sovereign citizens never circulate outside the local news.
The DHS report also cites militia groups, racist skinheads, neo-Nazis and both animal rights and environmentalist extremists as ranking highly among law enforcement’s fears. But efforts to counter jihadi groups still receive the bulk of our resources.
Daryl Johnson — an ex-DHS analyst who authored a report on a rise in domestic right-wing extremist groups — lost his job at the agency after criticism DHS unfairly singled out conservatives. Following the uproar, DHS cut staff focused on domestic terrorism.
But Johnson insists it’s not about unfairly picking on the right. “Domestic right-wing extremists trumped all other forms of ideologically-motivated violence in the U.S. for number of deaths during this time period [post-9/11],” he told the Senate Judiciary Committee in 2012.
— Robert Beckhusen