On April 9, ACD/EWI held a briefing on CyberThreats and the Economy, which was hosted by George Mason University’s Law School.
These are preliminary notes from the meeting:
Threats to the U.S. economy have been a longstanding concern of the American Center for Democracy and led to the establishment of its Economic Warfare Institute.
Before 9/11 we had done extensive work identifying who and what funds terrorism against the U.S. and its allies, and what were the methods used to deliver the funds.
The 9/11 attacks on the World Trade Center and Osama bin Laden’s repeated calls to hit the U.S. economic interests at home and abroad refocused our efforts to look for indicators of such potential threats.
We have identified many, which at first glance are not associated with cyber. But since the world has become more digitalized, our state and nonstate adversaries have increasingly used the internet not only to secretly communicate with each other, but also to inconvenience, harass, and harm us.
Cyberespionage, including stealing manufacturing secrets, patents and other intellectual properties, identity theft, fraud of all sorts, and even market manipulations have become more and more prevalent.
Cyber has become the lifeblood that runs our communication, electric grid, transportation, aviation, banking, industry and commerce, our military apparatus, hospitals…everything. To increase security, we have been advised to store information in clouds, yet another set of computers. If one day the system goes down, the damage would be irreversible. We will be left in the dark–with no records to reconstruct and replace what we have lost.
The predominant attitudes in the U.S. do not consider preemptive measures as the best defense. They don’t even consider in-kind reaction, because cyber attacks have not yet left the streets littered with dead bodies, in a way a massive bombing or a detonation of a dirty bomb would.
It is clear to me that unless the U.S. upgrades its cybersecurity fast, and acknowledges massive cyber attacks as warfare and offense as the best defense, the cumulative affects of cyber attacks would soon undermine the public’s confidence in the government and destroy our economy.
Richard Perle, former Under Secretary of Defense, and a member of the ACD Board of Directors, presented the following questions:
“How can we deter acts of cyber aggression in peacetime and what should we be positioned to do in the event of a major cyber war, or a major cyber attack, launched in the midst of a conventional conflict?
“If recent press accounts are even half-truths, the United States government and its public and private institutions and businesses are the subject of continuous electronic intrusion, sometimes to steal valuable intellectual property–including secret data–and sometimes, perhaps more worrisome, to plant menacing software for subsequent destructive purposes.
“We know this is going on and, presumably, we have considerable knowledge of who is doing it. So what can–what should–we do about it?
“China is frequently identified in the press as one of the most egregious hackers, draining corporate data-bases and government agencies of valuable information–and worse.
“Would it make sense for us to approach the Chinese with the following proposition: We know what you are doing and we insist that it stop.
“If it doesn’t, you should understand that we can do to you what you are doing to us.
“We don’t think there is much to be gained by stealing your intellectual property (it’s mostly ours to begin with) but how would you feel about the publication of your intergovernmental communications made available to your own citizens? In any society governed as the Chinese govern theirs, the threat of disclosure could be a very powerful deterrent.
“As for the wartime scenario, I certainly hope that we are positioned to take the offense as well as erect defenses. Perhaps the panel could comment on this.
“Finally, I suspect that at some point we will begin to hear proposals for a treaty or treaties, or an international convention aimed at creating norms with respect to cross border intrusions of all sorts.
“I hope we will resist the temptation to hope that such an approach offers any substantial protection.
“What it is more likely to do is compromise sensitive information that we are sometimes able to keep secure, and invite the foxes into the chicken coop.
“The worst prospect of all would be a cyber version of the Non-Proliferation Treaty–a universal convention based on the premise that any country willing to sign up should have full access to advanced computer science from anywhere in the world. We’ve been down that path before.”
The speakers have addressed Perle’s questions and then some. Their spirited discussion and intriguing suggestions would be soon available on YouTube and on our website.
This is how The Washington Free Beacon covered the event:
By Adam Kredo
Washington Free Beacon
April 11, 2013
Chinese hackers “bombard” the Pentagon’s computer systems “by the millions each and every day” searching for a point of entry into the sensitive U.S. computing systems, according to officials speaking at an event on cybersecurity on Tuesday.
Former Attorney General Michael Mukasey and other high-level former U.S. officials warned during a discussion at The American Center for Democracy (ACD) that the U.S. government is woefully underprepared to combat and repel even the most benign type of cyber attack.
“The Chinese are continuing to engage in not only economic but propaganda warfare over the Internet,” Mukasey said at the event. Chinese hackers, many of them affiliated with the Communist government, routinely break into military computers and U.S. email accounts.
Former CIA director James Woolsey noted that a single relatively unsophisticated cyber attack could wreak widespread havoc on U.S. systems that are widely underprepared to handle such an assault.
“We have, to put it mildly, a very serious cyber security problem,” Woolsey said at the event.
The U.S. electric grid remains particularly vulnerable to a cyber attack, the primary weapon of choice for nations such as China, Russia, and Iran.
“We’ve not done a responsible job taking care of our infrastructure because no one’s in charge,” Woolsey said, decrying the Obama administration’s failure to implement concrete safeguard meant to deter such attacks. “We’ve got a lot of work to do.”
An electromagnetic pulse (EMP) attack, for instance, “could be absolutely devastating to all electronics,” including those used by U.S. security agencies such as the CIA, the NSA, and the military, Woolsey warned.
The Russians, the Israelis, and a slew of other governments have been “hardening” their cyber defenses against such an attack, but the United States has done nothing on this front, Woolsey said.
“It’s possible to create such a pulse with the detonation of a relatively simple nuclear weapon,” he explained. “It doesn’t have to be complicated … it just has to go off 50 miles” above the earth.
The threat is not hypothetical, Woolsey added.
“We have now a couple of people” such as North Korean dictator Kim Jong-un and Iranian President Mahmoud Ahmadinejad who “are quite capable of Hitler-like behavior.”
Chairman of the House Intelligence Committee Rep. Mike Rogers (R., Mich.), who promised President Obama would sign comprehensive cyber security legislation by the end of the year, was also in attendance.
Mukasey also decried the Obama administration’s failure to offer more than platitudes on the subject of cyber security.
“It’s also fair to say from a large, macro standpoint, we’re not much nearer to solving this problem of unauthorized entry into our computer systems than five years ago,” when the program first surfaced in a major way, Mukasey said.
The former attorney general criticized an Obama administration cyber security report issued in 2011. The report offered only platitudes, Mukasey said.
It’s “not the kind of thing that’s going to make either Ahmadinejad or our friend in North Korea lose any sleep,” he said.
The U.S. is “backing” itself “into a situation where the only strategy we’re wiling to adopt is a strategy of retaliation” on the cyber front.
Some of this is due to some Internet privacy advocates running “around in fright wigs conjuring up images of big brother,” Mukasey said.
Other experts warned that the U.S. financial system-and by turn the global financial system-could easily be disrupted by hackers in an attack that would cost banks and average Americans an untold amount of money.
“What keeps me up at night is the fragility of this financial system,” which could be easily brought down by malicious hackers, such as the Anonymous group, according to Christina Ray, senior managing director for market intelligence at Omnis, an intelligence community consultant.
An attack on the millions of electronic global trades that take place each day could “cause a cascade of massive losses and cause banks to lose money,” Ray said.
About $4 trillion is moved around each day via global networks.
This article appeared in the Washington Free Beacon on April 11.