The Threat of Cyber Attack May Not Be Vivid, But It Is Real
Lyndon Johnson’s famous 1964 “Daisy” campaign ad depicts a little girl picking the petals of a daisy while a missile launch counts down. The screen zooms in to her, then to black, and then to the mushroom cloud of a nuclear explosion. President Johnson ominously warns, “These are the stakes!” Daisy aired only once, and though controversial, the ad made an impact because it tapped into the American public’s fear at the time: the threat of nuclear war.
Today, the threat of “cyber attacks” presents a different challenge, featuring often hard-to-conjure weaponry that can disrupt – and increasingly destruct – corporate, national, and personal security. Average Americans might be vexed by the complex language of “cyber security”, but nevertheless, it is important to understand, because it very well may affect their everyday lives.
Consider the recent cyber attack against Spamhaus, a spam-fighting organization, that took the form of a Distributed Denial of Service (DDoS) attack, in which the company’s servers were overloaded. A planned attack last year against a group of gas pipeline companies involved sophisticated “spear-phishing” techniques, targeting employees with malicious e-mail attachments.
But unlike the “Daisy” ad, threats like DDoS and spear-phishing don’t evoke the same kind of vivid mushroom cloud imagery, even if one web security company compared the Spamhaus attack to “a nuclear bomb”. Unfortunately, while the average person tends to think that there’s no possible way they can understand this huge “cyber problem”, the effects are starting to impact them directly, too. If you bank at Wells Fargo or Bank of America, your account could be blocked while attacks take them offline and cost the financial institutions millions of dollars. If you happen to shop at the St. Louis grocery store chain Schnuck’s, your credit card information may have been compromised after last month’s cyber attack. The cyber threat is equal-opportunity: it can affect top government and financial institutions—as well as your daily routine.
Cyber security is a priority on every level, but the solution starts on Capitol Hill, as Congress debates the Cyber Intelligence Sharing and Protection Act, or CISPA. Information sharing between the private sector and the government is crucial to creating a vivid national threat picture and protecting critical infrastructure. It is an essential step to take: having a framework of how to protect the country from cyber attacks at the national level will allow state and local leaders to deal with the threat more capably.
CISPA, though, needs to be bolstered with clear protections for personal privacy as well, namely removing personally identifiable information so that the government cannot access once-private information on you and your family.The cyber threat is not going away; in fact, it continues to rapidly evolve. Experts suggest that recent attacks have shown a scary degree of increasing severity. They note that there is increasingly a new type of attacker – state-sponsored ones, who use cyber attacks as a way to level the playing field. Worse, these state-sponsored hackers are good at covering their tracks, making it hard to decipher where the attack originated. In sum, cyber attacks are becoming wider in scope, better funded and are intended to wreak more havoc.
The growing sophistication of the cyber threat underscores the need to get this done urgently, but it also needs to be done carefully. A strategy that combines information sharing with personal privacy protections will make sure that its impact is in the right place: creating a vivid image of the threat while also ensuring that both our safety and liberties go on unimpeded.
Just as the threat of nuclear war riveted Americans in the 1960′s, the threat of cyber attacks should be given equal attention. What’s more, they should be dealt with in a balanced, cohesive manner by Congress, which has so far barely budged in addressing America’s cyber weaknesses. It may take more creativity to illustrate this threat, but it is just as essential that we understand it.
Jessie Daniels is a Truman Security Fellow.