A digital 9/11 might be under way already
- By Kevin McCaney
- Sep 06, 2011
The impact of the 2001 terrorist attacks has been nearly universal, affecting everything from individual lives to global politics in ways that will be recounted, examined and analyzed everywhere as we approach the 10th anniversary of the attacks.
In terms of IT, its impact can be summed up in three words: security, security and security.
In the past decade, IT systems have become more integral than ever to military and homeland security operations. The Defense Department has moved steadily toward integrated, networked operations, reaching from command centers to networked warfighters on the battlefield. Homeland security efforts — whether related to borders, travel, shipping or cross-jurisdictional data sharing — run on information systems. And security underpins every aspect of them.
Alleged hack of jihadi site may be 9/11 retaliation
And then there is the increasingly urgent matter of cyber defense.
Certainly, cybersecurity has been a concern for as long as there’s been a World Wide Web, and it would be at the top of any IT worry list if the attacks hadn’t happened. But in the past decade, work and personal business has moved increasingly online, shadowing a boom in interactive websites, social media platforms and mobile communications. And aside from spam, cyber theft and other criminal activities that would be with us regardless, the threat of terrorism, espionage and attacks on critical infrastructure has expanded online.
You need only look at some recent, high-profile attacks to see how the landscape has changed. The Stuxnet worm, for one, is an example of a finely tuned, targeted attack that can inflict damage on an industrial system, such as a nuclear facility in Iran. The suspicion that the United States and/or Israel was behind Stuxnet has not been confirmed, but regardless of who was behind it, the existence of such a sophisticated piece of malware means that something similar could be used against U.S. systems.
Other recent attacks on government agencies and contractors have taken a targeted, spear-phishing approach to gaining entry to networks before making off with sensitive information. Many of the attacks display the marks of international espionage. China is frequently a suspect, and recently discovered evidence and a video from inside China make a pretty compelling case against that country. But there’s no reason to think that China is the only country with designs on U.S. networks.
As the anniversary of Sept. 11 approaches, the question will likely be raised of whether a digital 9/11, formerly known as a digital Pearl Harbor, will be the next big strike.
It would be hard to say definitively that a large-scale cyberattack on the U.S. infrastructure is impossible. But considering what experts estimate of the time, effort and expense that went into Stuxnet — which, despite spreading around the world, affected only uranium-processing centrifuges that run on Siemens software — such an attack would be a huge undertaking with a high risk of failure.
Perhaps it’s more likely that a digital state of war won’t happen with a bang but instead be more like what we’re seeing right now: stealthy, targeted attacks that try to stay under the radar, take information and plant malware —and never, ever stop.
Sept. 11 will be a day to remember those who died in the horrific attacks of 10 years ago and honor all those who have given their service and their lives since. It’s also a chance to renew the ongoing battle against terrorism, even though, in the cyber world, the face of the enemy isn't the same.
For government IT, that means bolstering cybersecurity efforts, continuing the recent campaign to recruit and train a skilled cybersecurity workforce, and developing a cyber defense that never, ever stops.
Kevin McCaney is a former editor of Defense Systems and GCN.