While doing some quick and dirty searching on Lexis-Nexis in an attempt to get a sense of the growth of interest in cyberwar and cyberterror over time, I came across an interesting quote from futurist Alvin Toffler of Future Shock and The Third Wave fame:
Cyberterrorism. This concept sees criminals of all types from mobsters to outlaw governments tapping into American computers, possibly bringing the country’s entire economy to a standstill.
“We will see information terrorism,” he says while lunching near his home here. “They won’t need to blow up the World Trade Center. Instead, they’ll feed signals into computers from Libya or Tehran or Pyongyang and shut down the whole banking system if they want to. We know a former senior intelligence official who says, Give me $1 million and 20 people and I will shut down America. I could close down all the automated teller machines, the Federal Reserve, Wall Street and most hospital and business computer sys-tems.’ ”  (Emphasis added)
Well, actually…in retrospect we now know that “they” did, in fact, blow up the World Trade Center. Though the stock market came to a halt for a short period of time as a result, that act did not lead to a complete, long-term collapse of the banking system and economy. Thus far, a computer attack has not been able to inflict the kind of damage to the economy or banking system that the physical attacks of 9/11 or the graft and greed in the housing market in the early 2000s have been able to inflict.
Thus, while it is absolutely important to take cybersecurity seriously–recent revelations about GhostNet and Chinese theft of top secret information related to the F-35 fighter are evidence enough–we should also recognize that the apocalyptic kinds of scenarios outlined by Toffler have been around for a decade and a half without anything close to them having taken place.
If we want to take cybersecurity seriously, then my concerns are twofold. The framing of cybersecurity in terms of “war,” “terrorism,” and “attacks” and cyberspace as a new “domain of warfare” might lead us
- To miss the true nature of the “cyber threat” as it has manifested itself thus far–i.e. as a new “domain” of signals intelligence more so than a domain of war like land, air, or sea; and
- To increase the chance that a “cyber attack” that is really an act of espionage might precipitate the use of physical military force.
Now, if a “cyber attack” were perpetuated that actually led to massive disruption, damage, or destruction of critical infrastructure, especially if that attack led to the loss of life or physical destruction of property, then it should be considered an act of war. But the point is that I (at least) have not seen evidence yet of anything that would justify the use of physical military force in response. Thus, our planning should be based on the actual threat that has been observed thus far–which, again, I think has mainly been in the realm of espionage–rather than based on the repetition of apocalyptic visions.
- Thomas D. Elias, Ã¢â‚¬Å“TOFFLER: COMPUTER ATTACKS WAVE OF FUTURE,Ã¢â‚¬Â South Bend Tribune (Indiana), January 2, 1994, http://www.lexisnexis.com/us/lnacademic/frame.do?tokenKey=rsh-20.871493.1690363054&target=results_listview_resultsNav&reloadEntirePage=true&rand=1240682342867&returnToKey=20_T6408374573&parent=docview.