A digital 9/11 might be under way already

The impact of the 2001 terrorist attacks has been nearly universal, affecting everything from individual lives to global politics in ways that will be recounted, examined and analyzed everywhere as we approach the 10th anniversary of the attacks.

In terms of IT, its impact can be summed up in three words: security, security and security.

In the past decade, IT systems have become more integral than ever to military and homeland security operations. The Defense Department has moved steadily toward integrated, networked operations, reaching from command centers to networked warfighters on the battlefield. Homeland security efforts — whether related to borders, travel, shipping or cross-jurisdictional data sharing — run on information systems. And security underpins every aspect of them.

Related coverage:

Alleged hack of jihadi site may be 9/11 retaliation

And then there is the increasingly urgent matter of cyber defense.

Certainly, cybersecurity has been a concern for as long as there’s been a World Wide Web, and it would be at the top of any IT worry list if the attacks hadn’t happened. But in the past decade, work and personal business has moved increasingly online, shadowing a boom in interactive websites, social media platforms and mobile communications. And aside from spam, cyber theft and other criminal activities that would be with us regardless, the threat of terrorism, espionage and attacks on critical infrastructure has expanded online.

You need only look at some recent, high-profile attacks to see how the landscape has changed. The Stuxnet worm, for one, is an example of a finely tuned, targeted attack that can inflict damage on an industrial system, such as a nuclear facility in Iran. The suspicion that the United States and/or Israel was behind Stuxnet has not been confirmed, but regardless of who was behind it, the existence of such a sophisticated piece of malware means that something similar could be used against U.S. systems.

Other recent attacks on government agencies and contractors have taken a targeted, spear-phishing approach to gaining entry to networks before making off with sensitive information. Many of the attacks display the marks of international espionage. China is frequently a suspect, and recently discovered evidence and a video from inside China make a pretty compelling case against that country. But there’s no reason to think that China is the only country with designs on U.S. networks.

As the anniversary of Sept. 11 approaches, the question will likely be raised of whether a digital 9/11, formerly known as a digital Pearl Harbor, will be the next big strike.

It would be hard to say definitively that a large-scale cyberattack on the U.S. infrastructure is impossible. But considering what experts estimate of the time, effort and expense that went into Stuxnet  — which, despite spreading around the world, affected only uranium-processing centrifuges that run on Siemens software — such an attack would be a huge undertaking with a high risk of failure.

Perhaps it’s more likely that a digital state of war won’t happen with a bang but instead be more like what we’re seeing right now: stealthy, targeted attacks that try to stay under the radar, take information and plant malware —and never, ever stop.

Sept. 11 will be a day to remember those who died in the horrific attacks of 10 years ago and honor all those who have given their service and their lives since. It’s also a chance to renew the ongoing battle against terrorism, even though, in the cyber world, the face of the enemy isn't the same.

For government IT, that means bolstering cybersecurity efforts, continuing the recent campaign to recruit and train a skilled cybersecurity workforce, and developing a cyber defense that never, ever stops.

About the Author

Kevin McCaney is a former editor of Defense Systems and GCN.

inside gcn

  • When cybersecurity capabilities are paid for, but untapped

Reader Comments

Thu, Sep 8, 2011 CJ

The "one grain of sand at a time" concept of cyber-attacks is pretty valid - except that it may just be to ensure the dijk is weak when the when the cyber-tsunami hits. A "natural" or unintended event could collapse a poorly engineered net just as easily as a deliberate attack. One strategy -very economical- is simply to ensure that when the wolves attack the herd, I'm not the slowest beast.

Thu, Sep 8, 2011 GermanyWatch

With Siemens' history of corruption, leaking info to Iran, and potentail for Espionage, its not surprising they supply Iran with the tools for their nuclear ambitions. The Brit Defence Contractor BAE just announced they are using Siemens to design their new Trident Nuclear Submarines. This is a seriously ignorant decision.

Thu, Sep 8, 2011

And where is Apple's hardware manufactured? At least for now some hardware and software can be bought outside of this communist monopoly. People need to be asking why state sponsored factories are making this equipment and software so cheap. If we don't, then someday soon Big Brother will be watching all of us.

Wed, Sep 7, 2011

If GCN really reported how bad IT service is.......

Wed, Sep 7, 2011 steve baltimore

FWIW, concerns with Cybersecurity predate the Web, as I know first hand from conducting security audits for a major defense contractor and manufacturer back in 1985-1987.

Show All Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group