The Japanese nuclear crisis, though still unfolding, may, in a way, already be yesterday’s news. For a peek at tomorrow’s, review the testimony of General Keith Alexander, head of U.S. Cyber Command.
The way to look at this story is to link in your mind the Stuxnet revelations about the reportedly U.S. and Israeli-led cyber attacks on the Iranian nuclear enrichment facility at Natanz and the calamities at the Fukushima power facilities over the past week. While seemingly unconnected, the stories together speak to the before and after of what cyber conflict may look like. Enemies will be able to target one another’s critical infrastructure as was done by the U.S. and Israeli team (likely working with British and German assistance) targeting the Iranian program and burrowing into their operating systems, they will seek to produce malfunctions that bring economies to their knees, put societies in the dark, or undercut national defenses.
Those infrastructures might well be nuclear power systems and the results could be akin to what we are seeing in Japan.
Notice the constant shifting between what “may” or “might” be the case and confident statements about what “will” be the case. In neither case is there much in the way of evidence presented to support the claims being made. The irony, of course, is that Rothkopf’s blog purports to tell us “how the world is really run.” In one way, he does give us that insight: It is often run by individuals such as himself who have a hard time distinguishing between what might happen and what will happen, what might happen and what is happening, between what they can imagine and what is possible and/or probable.
Recently, we have seen significant market glitches worldwide that could easily have been caused by interventions rather than just malfunctions. A couple years back I participated in a scenario at Davos in which just such a manipulation of market data was simulated and the conclusion was it wouldn’t take much to undermine confidence in the markets and perhaps even force traders to move to paper trading or other venues until it was restored. It wouldn’t even have to be a real cyber intrusion — just the perception that one might have happened.
We see the same pattern repeated: A tendency to focus on empirical examples because they seem to confirm hypothetical scenarios instead of focusing on reality. In this case, Rothkopf participated in a hypothetical scenario that primed him to see/worry about technological manipulation of global markets. So he focuses on several recent examples her. But focusing on such small examples and hypothetical future scenarios at a time when global markets are suffering from real downturns and manipulations having nothing to do with cyberwar but with mismanagement and good old fashioned greed is a case of missing the forrest for the (hypothetical) trees.
What makes the nuclear threat so unsettling to many is that it is invisible. It shares this with the cyber threat.
Yes, at some level both exhibit a tendency of modern Western societies, perhaps all humans, to fear the unknown and the unseen. But we should not forget the materiality of both nuclear crises and cyberattacks. And in this case, there is no comparison. We see destroyed buildings at Fukushima. Soon we are likely to see the diseased or destroyed bodies of those working to contain the disaster. There is no comparison at a material level to what has been achieved as yet by any cyberattack, not even stuxnet.
While there is still ongoing debate about the exact definition of cyber warfare there is a growing consensus that the threats posed by both state-sponsored and non-state actors to power grids, telecom systems, water supplies, transport systems and computer networks are reaching critical levels.
Actually, no there is not a consensus that critical infrastructures are the main object under threat. Our own ongoing analysis of key cybersecurity-related statements and policy documents (approaching 100 at this point) indicates that the consensus is that the cyber threat is primarily about loss of information, either state secrets or private intellectual property. There is no consensus on a definition of cyberwar, nor on who it is that is supposedly threatening us. And what consensus does seem to exist about what is being threatened tends toward the “informational” and economic and away from the “infrastructural” and physical/kinetic.
This is the deeply unsettling situation effectively framed by General Alexander in his testimony and rather than having been obscured by this week’s news it should only have been amplified by it.
The idea that the very real, tragic events of Japan that have killed, injured, or displaced tens of thousands of people, followed by one of the worst nuclear accidents in history, should have “amplified” Congressional testimony of a U.S. bureaucrat shilling for more money to respond to hypothetical threats is ridiculous and offensive. What’s more, a recent OECD report indicates that even if the kinds of cyber-doom scenarios offered by cyberwar proponents were actually possible, it is still unlikely that they could have the kinds of impacts that we have seen in Japan, the ripples of which will likely have global effects.
Posted from Diigo. The rest of my favorite links are here.