The shadowy world of cybercrime was exposed in the recent federal indictment of eight men accused of manipulating computer networks and ATMs to steal $45 million over seven months. The heist combined sophisticated hacking with street-level hustle. For all the wonders of the digital revolution, there is a turbulent and largely hidden underside of theft and disruption that grows by the day; the losses are often not counted in stacks of $20 bills but rather in millions of dollars of intellectual property stolen or compromised. Computer networks are vital to American capitalism and society but remain surprisingly vulnerable to hijack and hijinks.
Also worrisome is the threat of cyberattack on the nation’s infrastructure, such as electric grids or dams. The Department of Homeland Security has issued a 13-page alert about possible attacks on industrial control systems. According to a Washington Post story, the warning expressed concern that an assault could go “beyond intellectual property theft to include the use of cyber to disrupt … control processes.” The department did not identify the adversary, but there has been concern about Iran’s ability to carry out cyberattacks like the one that destroyed 30,000 computers at the state-owned Saudi oil company Aramco.
Why does this matter? One of the first digital weapons to target industrial control systems was Stuxnet, a computer worm reportedly invented by the United States and Israel to damage equipment in Iran used to enrich uranium that could be used in a bomb. If Stuxnet was successful, as sources have claimed, it caused Iran’s centrifuges to fail. As a method of slowing the march toward a nuclear weapon, Stuxnet was ingenious and preferable to a conventional bombing attack.
But in cyberspace, the United States is not the only powerful actor. Other states increasingly have the capability and the willingness to attack. A new arms race — a competition among adversaries — is heating up.
While secrecy is necessary for operations, basic questions should be openly debated: Who decides to wage cyberwar, when and why?
To protect what we hold dear, it is vital that the United States erect better defenses. Congress stalled in the last session over legislation that would improve cooperation between the private sector, which controls most of the networks, and the government, which could help defend those networks. An unreasonable business allergy to regulation was the main obstacle. The need for legislation is more urgent than ever.