This spring, the term “cyber war” turns 20. In his seminal 1993 paper “Cyberwar is Coming!” master military strategist John Arquilla envisioned an entirely new kind of battle.
That vision was articulated again, but as reality, in President Obama’s State of the Union Address last week. The president’s call for a more serious approach to the growing threat of full spectrum cyber war, or “cybergeddon,” came just a week before Mandiant, an American cyber security firm, released a 60-page report detailing a Chinese military unit in Shanghai that poses serious threats to United States infrastructure. The silver lining here is that the report bolsters the president’s intiative, which begins today, a crucial steps in the right direction for our union, as the state of things in the realm of cyber security are daily showing signs of collapse in the face of relentless foreign attacks against traditional war-time targets like utilities, newspapers, banks, and essential government agencies.
The battlefield is everywhere: personal computers, bank accounts, 401Ks and cash management accounts, drinking water, gasoline pipelines, electrical plants and dams. As news of major breaches roll in like waves on a storm-eroded beach, the likelihood increases that the next war we fight will be waged on computers aimed at crippling the systems that keep the wheels of government and daily life turning.
“There’s a strong likelihood that the next Pearl Harbor that we confront could very well be a cyber attack,” said Leon Panetta, the Secretary of Defense and former director of the CIA.
Are we prepared? How can we plan for, and survive, a Pearl Harbor-style attack on everyday life? There are two answers: one for the nation and one for America and one for Americans.
The first answer is that our lawmakers need to quit screwing around and do a better job.
Last week, Bloomberg Business Week catalogued the depth and breadth of the problem with breaches that originate in China while driving home the underlying fact that individual incidents “don’t convey the unrelenting nature of the attacks. It’s not a matter of isolated incidents; it’s a continuous invasion.” The Washington Post reported that China was the main aggressor — targeting “energy, finance, information technology, aerospace and automotives” using malware and other techniques — with a goal of “economic gain.” However, the Chinese government ain’t the only Barbarian at the Gate. Al Qaeda has demonstrated over and over their desire to eviscerate the American way of life. We have a multitude of enemies, and increasingly we are vulnerable to them.
The day after President Obama’s address, the Cyber Intelligence Sharing and Protection Act (CISPA) began its second journey through the House. The problematic bill died last year in the Senate for lack of John Arquilla’s vision. I expressed concerns about CISPA the first time around, specifically regarding privacy safeguards. Privacy advocates don’t think it has enough, because CISPA demands the flow of information going both ways: government to private sector and vice versa. That two-way traffic pattern was notably missing in Obama’s vision this time around (he advocated only for government sharing with the private sector), which may help pave the way for CISPA; provided, lawmakers act on the president’s cue. We can only hope that with a few intelligent tweaks CISPA can become law soon.
While, the creation of uniform security standards for computer systems that run the nation’s critical infrastructure is a no brainer, the answer to the question “Are we prepared” is, for the time being, a resounding “Not exactly.”
A worst-case scenario would feature a cornucopia of catastrophe such as shutting down major sections of the power grid, erasing millions of bank accounts, manipulating or hijacking tens of millions of identities, and/or disrupting transportation systems throughout the land. Simply put – systems failure.
So, while we wait for Congress to actually do something meaningful for our safety and welfare, here is a short list of things you can do to minimize the damage.
- Print It AND Store It. If a hacker brings down your bank’s website, or the entire electrical grid, you need the paper documents to prove what’s rightfully yours. Regularly print out your checking, savings and credit card account transaction information and a recent credit report. Keep scans or equivalent documents on a password-protected encrypted thumb drive. This stuff may well come in handy when power is restored.
- Get It Together (And Copy It). Gather personally identifiable documents, place them in sealed, waterproof plastic bags, and store them in more than one secure place like a safe at your house as well as another location you can access in an emergency. Again, password-protected, encrypted portable drives are critical. Documents to include:
- Birth certificates
- Social Security cards
- Insurance policies (car, home, life)
- Property valuations
- Ownership deeds to property, car title, mortgage, etc.
- Information on savings, checking, credit card and investment accounts
- Contact information for creditors and any company that sends you a bill.
- Military records
- Marriage and divorce papers
- Think Like A Prepper. I’m not saying that everyone should go out and buy a gas mask, survival ax and walkie-talkies. http://www.nytimes.com/interactive/2013/01/27/nyregion/preppers-bug-out-bag.html But having emergency basics including candles and matches is always a good idea. FEMA recommends http://www.fema.gov/pdf/library/f&web.pdf keeping enough food to last your family two weeks. A cache of cash is a good idea as well (ATM networks could go down as well).
- Work with Your Neighbors. If the cyber war crashes our electricity and transportation networks for more than a few days, doubtless serious chaos would ensue. Rather than stocking the basement full of food, guns and ammo, another option is to come together as a community. Together you can strategize ways to get the food and water you need, and protect the neighborhood from looters. (After all, even the best prepped prepper occasionally needs sleep.)
- Demand More from Government. It’s not controversial, complicated or partisan. A unified security standard for every nuclear power plant, drinking water plant and subway system is just common sense. The cyber-security law failed last year due to a combination of cynical obstructionism and correctible flaws in the legislation. Call, write, email and tweet your representatives in Washington. Urge them not to make the same mistake twice.
Originally posted in the Huffington Post.