TCS Daily

Threats of Mass Disruption

By Newt Gingrich - April 1, 2001 12:00 AM

A cyber Pearl Harbor is not a question of if, but when.

After three years of studying the United States' security needs in the coming quarter century, the Commission on National Security/21st Century reached some alarming conclusions -- particularly in regard to the Internet-borne weapons and attacks of mass disruption.

The 14-member bipartisan commission, chartered by former President Clinton and myself, unanimously agreed that the United States faces new and serious cyber-space-based threats. Our adversaries are becoming more sophisticated in developing new methods for disrupting our normal progression--socially and economically. From breaking down communications systems to initiating electrical blackouts to infiltrating and disrupting our financial systems, there are a number of major disruptions that could unravel our economy, diminish our quality of life and generally destabilize the nation.

In some cases, such as an attack on the national air traffic control systems, these disruptions could result in widespread damage to property and infrastructure, and serious loss of life. Imagine the chaos if a terrorist group hijacked the communications channels between O'Hare International Airport and the planes flying in the busy Midwest corridor. Airline safety could be seriously compromised if air traffic computers were hijacked by by cyberterrorists.

Our commission concluded that the threat of cyberattacks is compounded by the relative ease of hacking. By comparison, developing nuclear weapons is a massively complex and expensive undertaking that few nations can afford. A similarly significant investment is required for the development of chemical and biological weapons. Conversely, one relatively smart hacker can cause a major economic disruption, potentially bringing some nations and markets to their knees. Look at the damage caused by the "Love Bug" virus creator--he caused billions of dollars in lost productivity and recovery costs by unleashing a single piece of malicious code.

The reality of small efforts leading to enormous consequences creates a new and previously inconceivable national defense problem. The threats now facing the United States are much broader in scope than we have ever faced in our history.

A lone fanatic, a criminal organization, a small terrorist group, a state-sponsored terrorist group or an aggressive foreign adversary could manipulate world markets or engage in high-tech blackmail. The diverse nature of these threats makes our traditional means of deterrence and response unworkable.

Deterrence works if there's an identifiable person, group or country that can be retaliated against for illegal and unacceptable behavior. However, if the opponent is a terrorist, a state-sponsored group, a criminal element or a lone individual, then conventional legal prosecutions, diplomatic sanctions, economic embargoes and military strikes are not entirely effective.

Additionally, there's a real danger that a powerful nation will believe it can create the cyberspace equivalent of a Pearl Harbor sneak attack. It's conceivable in the next 25 years that a sophisticated adversary (such as a small country with cyberwarfare resources) will decide that it can blackmail the United States into accepting its demands by paralyzing our communications and financial systems.

This is not science fiction. This is the natural consequence of the emerging technologies that have been, to date, making our lives and nation better. Our slowness in recognizing and responding to these security threats comes from three basic realities.

1. Preoccupation with conventional military threats. Our national defense systems are more focused on weapons of mass destruction than on intangible means of mass disruption. Our military officer corps isn't as sensitive to the threats emerging in cyberspace as it is to geopolitical tensions between nation states. The amount of energy and manpower being directed toward this problem is far less than that devoted to artillery, airpower, tanks or a dozen other traditional military priorities.

2. High-tech myopia. Those who know the most about the opportunities and challenges of cyberspace are unlikely to spend a lot of time worrying about national security. These people are so busy thinking about new technologies, business opportunities and jobs that they simply don't think about the potential perils they're creating. Silicon Valley and its comparable centers of intellectual capital around the country are areas in which national defense has had a relatively small role.

Part of the problem might be that the high-tech generation has no frame of reference for any serious threat to national security or sovereignty. The World War II generation, now twice removed from the present baby faces of corporate America, was confronted by Nazi Germany and Imperial Japan. Their children fought in Korea and Vietnam, in surrogate Cold War conflicts with the former Soviet Union and its satellite communist states. Both of these generations knew the world was a far more dangerous place than the idyllic world painted by Norman Rockwell.

Yet, for those who came of age in the late 1980s, the world seems safe and benign. The Soviet Union is gone. The United States stands alone as the world's only superpower. In this climate, it's very difficult to convince the best technology experts to divert their time and effort away from making money and advancing technologically to focus on what seem to them to be obscure and theoretical national security issues.

3. Lack of public-private cooperation. The government cannot solve this problem in the way it met the challenge of World War II and the Cold War.

In those crises, the federal government was the center of science and innovation (partially a byproduct of the military-industrial complex). The ability of bureaucracies to amass and organize resources created opportunities to counter the challenges presented by our adversaries. The potential crises of cyberspace-based attacks require entrepreneurial energy and creativity that overwhelmingly reside in the private sector. We, as a nation, need an entirely new public-private partnership to meet the challenges of cybersecurity.

We have never seen a cyberattack of national proportions resulting in mass disruption of our society and our lives, but such a scenario is not unprecedented. As early as 1904, British physicists theorized that nuclear weapons were scientifically plausible. In 1938 Germany, Otto Hahn and Fritz Strassman proved experimentally that nuclear fission was possible. By 1941, Albert Einstein, the most famous scientist of his day, wrote President Roosevelt to warn him that Germany might build an atomic bomb--and it would be wise if the United States tried to build one first.

Imagine a world in which Nazi Germany or Stalin's Soviet Union was first to harness the destructive power of the atom. Imagine a world in which freely elected leaders had less imagination and a greater reluctance to gamble on untested technology than their tyrannical adversaries. The result would have been horrible, and possibly fatal, to our freedom and way of life.

We owe it to our children and grandchildren, as well as our forefathers, to take information security seriously. We need to undertake the effort to make cyberspace more secure for our people, economy and our national interests. That is our duty, for our generation and our posterity, as we continue to evolve in the digital age.


TCS Daily Archives