I’ve just finished reading an article by Mark Clayton in the Christian Science Monitor entitled, Stuxnet malware is ‘weapon’ out to destroy … Iran’s Bushehr nuclear plant? In the article, Mr. Clayton says that cyber security experts have identified a sophisticated “cyber worm” designed to attack and destroy a physical, real-world target, like a factory or nuclear power plant.
The worm named Stuxnet, was discovered in June and has been closely followed since. One expert believes that Stuxnet may be responsible for the attack on Iran’s Bushehr nuclear power plant. I wrote an article back in February entitled, Cyber-Terrorism vs. Cyber-Warfare: Defending The United Networks of America which predicts this … perhaps it’s time for a quick re-read. So here it is:
Seven-year-old, Mark Fielding looked up from his computer. He was very annoyed. “Mommmm!” He yelled in a way that was sure to get her attention. “The Internet is down again.” It was the last thing she heard before the lights went off. Mark turned on his iPod touch and opened a blank Safari window to use as a flashlight. He found his mother by the front door. She was looking out on a darkened landscape. Neither of them had any idea just how dark it truly was.
Ten minutes earlier, a remarkably powerful computer virus had destroyed six of America’s most important data centers. Five minutes earlier, a different piece of code killed every caching server on the three biggest CDN’s. At Zero Hour, the attack culminated in the computer-controlled destruction of the entire power grid in North America. It would take days to fix, months to fully repair and the cost would be measured in Trillions, not Billions.
America’s days as an economic super-power had ended. All the financial data at the IRS was destroyed, six of America’s major financial institutions could not access their records. No one could find a digitized medical record in any database with proper metadata (the data that describes data). With our data destroyed … our economy ceased to be. The breakdown of social services was immediate and devastating. The doing of life would never be the same. America, as we knew it, was gone.
Who did this? The Chinese? The Russians? Religious Extremists? No. It was a small group of unaffiliated, highly motivated computer hackers. Who did they work for? Anyone. Who paid them? No one. Why did they do it? Because they could. What was their punishment? Sadly, they were never found.
What an emotionally unsatisfying way to end a great science fiction story. No enemy? No villain? No narrative? Try selling it to Hollywood. What bad writing!
Perhaps, but this is not science fiction, this is a very real probable future for The United Networks of America. Which is were we all live right now!
Most people interface with The United Networks of America through the world wide web. However, you can also gain access through your wireless phone or over the public Internet. You may think of the Net as Google, Yahoo, eBay, Amazon or CNN.com, but there are literally millions of private, local area and wide area networks that all have access points on Al Gore’s information superhighway. These networks contain all of the information that describes us. I called it Metamerica in an article I wrote last year. Metadata is data that describes other data, and Metamerica is the information that describes us.
If you need a good way to think about metadata and data, consider this. What use are the data on your iPod without a directory to tell you what songs the data represents. Let’s say you have 10,000 songs on your iPod, without the directory of songs (the metadata) the data (your music files) are practically useless. In the information age, America without Metamerica would also be practically useless. Where is Metamerica? It is in the data centers at Google, the IRS, our banks and financial institutions, medical facilities, business networks and even on our home computers. And, for all practical purposes it is unprotected and unprotectable.
This fact alone should be enough to scare any thinking person. But I have not yet begun to describe the hard part of the problems we are facing.
What is a war? The dictionary says it’s an “armed conflict between nations.” The dictionary does not say what they have to be armed with. What is terrorism? What is a crime?
In the Information Age, what is a country? What is a state? What is a nation? What is a tribe? What is a community of interest? What is an enemy? Where do they live? Do they need to be people? What are weapons? What are military targets? What are civilian targets?
The US Defense Department’s Quadrennial Defense Review, published this week, highlighted the rising threat posed by cyber-warfare on space-based surveillance and communications systems. “On any given day, there are as many as 7 million DoD (Department of Defense) computers and telecommunications tools in use in 88 countries using thousands of war-fighting and support applications. The number of potential vulnerabilities, therefore, is staggering.” the review said.
“Moreover, the speed of cyber attacks and the anonymity of cyberspace greatly favor the offence. This advantage is growing as hacker tools become cheaper and easier to employ by adversaries whose skills are growing in sophistication.”
Defensive measures have already begun. Last June the Pentagon created US Cyber Command. But … how will we know when we are being attacked by a country, an enemy, a terrorist, a criminal, a mob, a gang, an individual? When would the military know it was supposed to get into the fight? CIA? NSA? FBI? Google Security? A consortium of concerned citizens with anti-virus software on steroids? How can you tell an invasion from a teen-age prank?
William Lynn, US deputy defense secretary, described the cyber challenge as unprecedented. “Once the province of nations, the ability to destroy via cyber now also rests in the hands of small groups and individuals: from terrorist groups to organized crime, hackers to industrial spies to foreign intelligence services … This is not some future threat. The cyber threat is here today, it is here now,” Lynn said.
I spend a fair amount of my time counseling my clients on how to deal with the fact that 2010 is the middle of the analog to digital transition. Today, we have analog leaders and digital citizens. Analog commanders and digital soldiers. If the pen is mightier than the sword, the “digital pen” is mightier than a million ball points! Forget the threat of cyber-attacks for a second and think about how an enemy might use the power of social networking and the ability to instantly publish any type of message globally to their advantage.
It’s time to rethink the public Internet, computer networks and the infrastructure of our digital world. The currency of information is as important and valuable to our economic sovereignty as tangible stores of value. Bits of gold dust or bits of information … in the super-digital age, they deserve equal protection.