The Foreign Service Journal, September 2011

S E P T E M B E R 2 0 1 1 / F O R E I G N S E R V I C E J O U R N A L 13 Assessing the Cyberwar Threat A flurry of high-profile hacking in- cidents this year against individual, commercial and governmental targets has renewed worldwide concern over Internet security and turned up the heat on already simmering tensions be- tween the U.S. and China over the al- leged origins of these cyberattacks. With many analysts couching their fears in terms of national defense, there is a growing debate as to whether or not such incidents constitute the opening stages of a sustained, calcu- lated cyberwar, and just how worried Americans should be about that pros- pect. The U.S. government considers it a serious threat, if the allocation of more than $500 million in the Pentagon’s Fiscal Year 2012 budget request to re- search new cybertechnologies is any indication. After recent attacks on the Google accounts of government em- ployees and major contractors like Lockheed Martin, the Defense De- partment announced that it was build- ing a “virtual firing range” in which to test cyberdefense technologies. TheNational Cyber Range, a closed, scaled-down replica of the Internet, is expected to launch in 2012. Still, Reuters reports that the gap between emergent threats and defensive capa- bilities continues to grow, as adver- saries and technologies proliferate faster than policy can adapt to them ( www.reuters.com ). However, escalation poses prob- lems of its own. In response to re- peated accusations that Beijing had originated cyberattacks against U.S. targets, the Chinese Liberation Army Daily retorted in June that it is China that is vulnerable to American attack: “The U.S. military is hastening to seize the commanding military heights on the Internet …We must accelerate In- ternet defense development and ac- celerate steps to make a strong Inter- net army.” This echoes sentiments expressed weeks earlier on the establishment of China’s own “cyber blue team” to pro- tect its armed forces’ Internet security ( http://eng.mod.gov.cn/ ). H enry Kissinger and former Ambassador to China Jon Huntsman Jr. have called for “cyberdétente” between the two coun- tries. Such a détente may prove elusive as rhetoric continues to run hot. Defense Secretary Leon Panetta warned at his June confirmation hearing that the “next Pearl Harbor we confront could very well be a cyberattack that cripples our power systems, our grid, our secu- rity systems, our financial systems, our governmental systems.” In the wake of heightened anxieties, Senators Susan Collins, R-Maine, Jo- seph Lieberman, I-Conn, and Tom Carper, D-Del., have reintroduced leg- islation they failed to pass last year: the Protecting Cyberspace as a National Asset Act. This legislation would give the Department of Homeland Security authority to partner with private in- dustry to identify and assess threats to our cyberinfrastructure, set cybersecu- rity priorities and improve defenses ( www.senate.gov ). Other analyses suggest that the threat is overblown. In the March edi- tion of Cybernotes, we reported that an Organization for Economic Coop- eration and Development report, “Re- ducing Systemic Cybersecurity Risk” ( www.oecd.org ), found that many in- cidents referred to as acts of cyberwar do not deserve the name. Bruce Schneier, author of Applied Cryptography and the chief security officer at British Telecommunications, concurs. For years he has maintained that appropriate responses to emer- gent threats will depend on correctly distinguishing cyberwar from cyber- C YBERNOTES W ithdrawal is what the enemy hopes to hear. Our goal is to make sure that the enemy doesn’t hear withdrawal and the Afghan people don’t hear withdrawal. — Senator Lindsey Graham, R-S.C., speaking about President Barack Obama’s troop withdrawal plan during a July 3 visit to Kabul ( http://m.theglobeandmail.com/ news ).