During the recent week, Charlie Rose (PBS) interviewed Peter Singer, author of a new book entitled Cybersecurity and Cyberwar: What Everyone Needs to Know. The book deals with infiltration, theft, and disruption via digital communications, particularly the internet. Although Singer didn’t mention it, an example was the penetration of Target stores last year, when hackers obtained names, personal information, and credit card data of millions of customers during holiday shopping.
Singer said nine new pieces of malware are found every second, that 98% of American military communications are over the internet, and that massive theft of intellectual property—from jet fighter designs to commercial negotiating strategies—are taken by China, by other states, and by some non-state groups. What we frame as an economic issue, they may regard as their own national security issue, enabling them to compete in world economics.
In Singer’s terms, it is popular to talk about a cyber 9/11, a cyber Pearl Harbor. But the more likely problem will be a large number of small attacks, successful because (like Target) we neglect cyber sanitation. The power grid does not employ the protections commonly used by the finance industry, which is motivated because it bears the loss for fraudulent use of your credit card. Singer says we should practice cyber sanitation at all levels, like covering your mouth during a sneeze, a social responsibility to your self and to all the others with whom you are connected. We ignore the hygiene model exemplified by public health.
Singer implies that cyber security depends on many actions at lower levels, not one action in Washington to forestall an unlikely single Trojan horse intended to devastate the entire country overnight. Such a creature is difficult to design.
I see cybersecurity as similar to other security issues. With jihadist terrorism, with hurricanes and the climate, with nuclear electricity and its nuclear wastes, our collective decisions are often based on simplistic fears that assign authority and responsibility, plus blame and liability, to a remote agency. We fail to recognize the collective complex character of the network.
With a big or a small attack, as with other big or small calamities, the outcome depends on how we react more than on what happened.
The next blog will examine why. Stay tuned.