Chertoff discussed the possiblity of responding to a cyber attack with kinetic response, such as utilizing Special Forces to go and take down the server conducting the attack.
Chertoff also discussed the possibility of a cyber attack turning into a conventional war.
“Look a cyber attack would have real effects. If a cyber attack on our air system caused airliners, for example, to crash, there would be real loss of life. And it would be every bit as serious as somebody putting a bomb on an airliner. So it would be very easy to see how cyber warfare could leak into the physical realm and vice versa,” he said.
We marched into Baghdad on flimsy evidence and we might be about to make the same mistake in cyberspace.
Over the past few weeks, there has been a steady drumbeat of alarmist rhetoric about potential threats online. At a Senate Armed Services Committee hearing this month, chairman Carl Levin said that “cyberweapons and cyberattacks potentially can be devastating, approaching weapons of mass destruction in their effects.”
Yet none of the prognosticators of disaster presents any evidence to sustain their claims.
But so far, these types of events tend to be more of a nuisance than a catastrophe. The biggest result is that websites are down for a few hours or days.
This shows that security should be a serious concern for any network operator. It does not show, however, that these attacks can lead – much less have ever led – to the types of doomsday scenarios that politicians imagine. There is no evidence that these attacks have ever cost any lives or that any type of critical infrastructure has ever been compromised: No blackouts, no dams bursting, no panic in the streets.
The cyberalarmist rhetoric conflates the various threats we might face into one big ball of fear, uncertainty, and doubt.
Cyberwar, cyberespionage, cyberterrorism, cybercrime – these are all disparate threats. Some are more real than others, and they each have different causes, motivations, manifestations, and implications. As a result, there will probably be different appropriate responses for each.
Unfortunately, the popular discussion largely clumps them into the vague and essentially meaningless “cyberthreat” category.
Before we can effectively address any of these amorphous “cyberthreats,” we must first identify what, specifically, these threats are and to what extent the federal government plays a role in defending against them.
The war metaphor may be useful rhetoric, but it is a poor analogy to the dispersed and different threats that both public and private information technology systems face.
The greater the threat is perceived to be – and the less clearly it is defined – the better it is for defense contractors
Anyone concerned about net neutrality or civil liberties – in particular online privacy and anonymity – should take notice. Before the country is swept by fear and we react too quickly to the “gathering threat” of cyberattacks, we should pause to calmly consider the risks involved and the alternatives available to us.