Last week, I attended a roundtable that included a few people who, in clear and compelling voices, warned the room about the size, reach, and potential for destruction that lurks in the dark web. Think of it as a shadow internet that may be rivaled only by Dante’s Inferno and a maximum security prison for the really bad stuff you’ll find inside. According to a study released in 2014, that includes child pornography, illegal drugs, and code that hackers can use to penetrate vulnerable networks.
As the 2016 presidential election heats up, now is the time to shine a light on these dangers. Just about every candidate talks about cyber-security, but simply playing defense won’t cut it.
As I explained to one of the dinner’s attendees, the race – and our nation’s leadership – needs a cyber-hawk.
If we thought about cyber-risk as we did a traditional military assessment, we’d have to acknowledge that a purely defensive posture won’t suffice.
Unlike traditional military threats, our enemies exist on or even inside our borders: That’s because the internet has no geography. For all intents and purposes, the bad guys live right next door, if not already inside the country. They need to know that bad things will happen to them if they attack.
We’re already not very good at addressing relatively small attacks: Neither the private nor public sectors are safe any more. Anthem had nearly 80 million accounts compromised. Hackers breached financial information of 40 million Target customers. The Federal Office of Personnel Management, the US Government’s HR department, had 21 million social security numbers and 1.1 million fingerprints stolen. If a terrorist had bombed his way to this much damage, he’d be public enemy #1 by now. Yet even when we catch cyber criminals, as this article shows, we don’t learn their names or see their faces. That’s a missed opportunity.
The potential damage from a major attack rivals that of the 9/11 attacks: While estimates vary, this one places the total cost of that attack at about $2 trillion. A crippling cyber assault on just the American power grid could cost $1 trillion.
Protecting our decentralized, fragmented networks does require a coordinated defense. It’s just not sufficient. We need offensive options that make these attackers think twice.
Candidates understandably are being asked to state their positions on all sorts of threats, including ISIS, a potential nuclear arms race in the Middle East, North Korea, an increasingly belligerent China and Russia, and even climate change. All these warrant a public debate and effective policy.
Imagine, though, how that debate would evolve if ISIS had already attacked targets inside America. Our urgency would change. We’d deploy counter-measures and, with any luck, start to neutralize the risk of future damage.
Thankfully, these threats haven’t hit the homeland yet. Cyber attacks, on the other hand, are real and happening now. Those who will shape and decide America’s response need to explain their strategy for repelling them and counter-attacking. I doubt that any candidate currently running understands the mechanics a defense would entail, much less could speak intelligently about what it would take to punch back.
Fixing this will require that campaigns hire advisers to their staffs with the same credibility and experience we’d expect from their foreign policy and economic teams. It will mean that they don’t wait for journalists to ask them what they think about the latest high profile attack. Instead, they’ll make their offensive and defensive policies a centerpiece of their campaigns.
I’m waiting for this election’s first true cyber-hawk to emerge. Who will it be?