Last week, three events should have sounded deafening alarms and issued unmistakable warnings about the vulnerabilities facing mankind. And a fourth was further frosting on this rather explosive cake. None did and complacency still reigns.
In India in the midst of an especially long, hot summer, power outages deprived more than half a billion people of electricity for an extended period.
Halfway around the world in New Jersey, a flawed algorithm in a trading program of a financial services company, Knight Capital, precipitated a near meltdown on New York stock exchanges akin to the “flash crash” of two years ago.
And, over American skies, several airliners nearly collided due to air controller mishaps.
Suppose for argument sake, each of these situations arose not from human or systemic error but from a premeditated cyberattack against vital infrastructure. Would our responses have been different? And would the U.S. Senate in its wisdom pass legislation to address the vulnerabilities inherent in America’s power grid to acts of nature or man?
We understand that hackers and cyberattack could take down power grids and financial networks. The Stuxtnet virus that infected Iranian nuclear centrifuge controllers causing them to fail is old news. What is not is that the Stuxtnet virus is on the Internet and accessible to anyone with the skills and interest in examining it.
Most national power grids are obsolete and given excessive hot weather (another reality few politicians dare to confront), are operating to maximum capacity. Deprive electricity for some period of time — and June’s derecho did that for several millions of Americans in the U.S. Northeast — and society can be brought to its knees.
As a footnote, nearly 30 years ago, one of Washington’s major think tanks released a study showing just how vulnerable America’s electrical grid was to some form of collapse.
Equally, crippling the financial markets or rerouting flight plans to disrupt air travel is no longer the storyline for a thriller novel or action movie. And cyber isn’t the only area that should excite concern and action regarding infrastructure. That an 82-year-old nun, aided by two elderly men, could breach the defenses of the Oak Ridge national lab that produces weapons grade uranium, is a bit more than a prank.
Even in a presidential election year, something can be done.
Regarding cyber, despite all the attention and studies that show how vulnerable infrastructure is, as well as the creation of a U.S. Department of Defense Cyber Command, we have no strategic framework or overarching political basis for dealing with this threat.
Indeed, if any of the events noted above had been the result of a cyberattack, we have no rules to determine if this should be considered an act of war; a crime; a prank; or what actions or responses should be taken on local, state or national levels. Further, it is possible that locating the source of such an attack might prove difficult or so time consuming to make a meaningful response impossible.
Cyber isn’t unique in complexity or potential threat. Sixty-seven years ago this month, the nuclear age erupted over Hiroshima and Nagasaki. After those bombings and seven years later the advent of thermonuclear weapons that truly could have destroyed society, a theory and framework of nuclear deterrence and arms control evolved. Fortunately, this framework succeeded and the Cold War never turned hot.
So too, international financial and monetary systems have evolved over centuries. Money and cyber share many common traits: both are ubiquitous; society is dependent on them to function; and thieves and charlatans prey upon stealing, embezzling or conning these assets from unsuspecting people.
Whatever approach to developing a framework for cyber is chosen, this is a most urgent priority. Both the best minds of the public and private sector must be brought to bear quickly to address not just cyber but infrastructure as well. This is a Sputnik moment for those who recall the Soviet breakthrough in space.
Second, the United States desperately needs to address its failing and failed infrastructure especially its national power grid. The way to do this is to establish a national infrastructure bank, capitalized at least to $1 trillion with low-interest loans guaranteed by future user fees and put off budget.
Finally, some major politician or well-known and highly respected figure must have the courage to make this the centerpiece of his or her agenda. We have seen this before with civil rights and other third-rail political issues such as Social Security reforms 30 years ago.
Otherwise, disaster will strike us — an October 1929-like meltdown caused by cyberattack and with far more devastating effects than the wars that followed Pearl Harbor on December 7th and September 11th nearly 60 years later.
Harlan Ullman is Senior Advisor at the Atlantic Council and Chairman of the Killowen Group that advises leaders of government and business, and a frequent advisor to NATO. This article was syndicated by UPI. Photo Credit: Getty Images