Saturday, November 19, 2011

And so it begins.

Gone are the days when hackers only attempt to steal critical information. Foreign hackers have stepped up their game: America has experienced its first true cyberattack on its domestic infrastructure.

It was only a matter of time before this happened. The world saw the potential of these attacks last year, when the Stuxnet virus/worm set a precedent by attacking Iranian nuclear infrastructure. At that time, questions were raised about U.S. preparedness for a similar attack. How would we respond? Well, it looks like we are now faced with that question.

I guess another way to start is by asking if an attempt by a hacker to physically destroy a water station, electricity station, or another system of critical infrastructure via a cyber attack any different than a terrorist attack on the same structure? In my opinion, it’s not different. Either form of attack is aimed to cripple the U.S.’ critical infrastructure.

In response to such an attack, the U.S. should pursue the perpetrator as a criminal. If caught, the person should be tried in a court of law and punished as seen fit. If this one truly originated from Russia, the U.S. government should work with the Russian government in order to apprehend the hacker. It should be treated as a criminal offense, not as an act of war.

Of course, this approach assumes the cooperation of the Russian government. In reality, the perpetrator could have been sponsored by the Russian government. That would open up a different can of worms. In that case, it is different from a terrorist attack: it could be considered an act of war.

When perpetrated by state actors, these attacks skirt a fine line between a form of covert operations and a full scale military attack. They provide some potential for plausible deniability, but that can be taken only so far. The stakes in these situations are high. When they target such structures as water plants, they are also targeting a nation’s civilian populations, if by association. Since states exist to defend the rights of their members, it would seem that there is a just cause for a reaction. Whether such attacks could escalate to full-fledged war is yet to be seen.

In the meantime, the U.S. needs to prepare its critical infrastructure for such attacks, as they are only going to increase in frequency and intensity. This time, they only caused a pump at a station in Springfield, Illinois to burn out. What happens if someone causes all the pumps in a New York City station to go haywire? Hackers are going to find new ways to circumvent U.S. cyber-safety systems. Perhaps installing backup systems that can temporarily control the safety features of key infrastructure installations, like a generator that provides electricity in a power outage. At least some sort of system that could prevent a complete disaster in the case of a successful attack.

No comments: