Some unsettling news this morning about how America would fare in a potential future cyberattack.
According to reports this morning, an attack similar to the one that ground 1,200 websites to a temporary halt last week could happen again — or worse — and the U.S. would more or less be powerless to stop it.
The identity of the botnet hackers remains unknown — though the federal Department of Homeland Security does not believe it was the work of a nation-state.
And while that sounds like it is comforting, it also indicates that private hacker groups beholden only to themselves have the technological ability to knock down favored sections of the internet — and that, in fact, similar capacity can be had by anyone willing to pay $1,000 for a bot army.
Nations and high level hackers can actually do much, much worse, according to the experts — and counter-hacking and physical deterrence are of limited use.
“Fundamentally cyber is no different than air, sea or land,” says Adm. Stavridis, now the dean of the Fletcher School of Law and Diplomacy at Tufts University. “It’s a place. And we’re going to have national-security concerns there.”
Stavridis believes the U.S. needs a cyber-force and a head of cybersecurity able to respond to attacks on the U.S. government and military as well as U.S. citizens, infrastructure or companies.
Law enforcement will also soon have broader domestic authority to hack into computers that are suspected to be involved in cyberattacks (or other crimes). Changes to an obscure provision called Rule 41 of the Federal Rules of Criminal Procedure will go into effect as of December 1. That change will give judges the authority to issue a warrant to block or disable any computer — be it a private company’s web server or a smart TV in your living room.
However, ramping up cybersecurity is not without controversy itself — a bipartisan group of lawmakers wrote to Attorney General Loretta Lynch to express concern about the change to Rule 41, and there is a possibility that the rule change could be blocked in the next several weeks.
Other proposed solutions have been suggestions by security experts like Dave Aitel, (chief executive of cybersecurity firm Immunity Inc. and a technical adviser to the U.S. Department of Commerce), who say lawmakers could consider authorizing victims to “hack back” at attackers. That solution does have the minor issue of requiring changes to international laws so that private company hack backs are not interpreted as acts of war by foreign powers.
Less colorful suggestions involve putting requirements on wireless devices to make botnet attacks less possible.
Whatever is done, the experts agree it has to be done quickly, since the vast majority consider a “cyber-9/11” inevitable.
What a cyber 9/11 might look like is anyone’s guess. Experts are mainly concerned about industrial-control systems, many designed decades ago and later connected to the internet.