This Threat to America’s Security is More Likely to Happen than Nuclear Weapons or Terrorism

The threat of nuclear war and terrorism is an existential threat to the security of the US and the world. These two threats have been bandied in the political arena for quite some time and are not likely to be eliminated anytime soon. For a nuclear war the probability of it occurring is higher for good reasons. First, starting a nuclear war involves logistical challenges and costly consequences. Any country that wants to start a nuclear war knows that they make themselves a target for retaliation with cataclysmic mayhem and loss of lives.

Because of the potential backlash from a nuclear war and terrorism, countries like China and Russia are discovering an easier weapons system that have minimal consequences compared to nuclear war or terrorism. This system does not require taking up arms or firing weapons of mass destruction like Intercontinental ballistic missiles. Rather it is a passive method where the theater of war is in cyber space.

Cyber-attack is not new as there have been several instances of the hacking of major companies including airlines, financial institutions, and other businesses. These incidents while they cause concern, have not moved the threat alert needle to a point to trigger panic and fear like terrorism threat does.

It may seem like a giant leap to think that a cyber-attack could supersede nuclear war or terrorism. However, disabling critical infrastructure systems with a cyber-attack can weaken a country and create vulnerability opportunities that could bring the country to its knees.  Americans got a preview of this potential in the 2016 presidential campaign where the Russians allegedly hacked the Democratic Congressional Campaign Committee (DCCC) in Washington and interfered with the presidential election.

If you consider a presidential election as a symbol of America’s democracy, then the interference of that election to influence its outcome certainly can be seen as a weakening of the foundation that America is built on. The ability to weaken the foundation means that the structure that supports the country – the economy – can also be weakened by cyber-attacks.

The cyber-attack threat to America can be visualized as an iceberg with the tip being the incidental hacking of businesses and the interference with the 2016 presidential election. The larger mass of the iceberg below the surface represents the major infrastructure systems that are cyber technology dependent because that’s where the vulnerability to cyber-attack is more likely to occur.

Four systems that fall in this category of vulnerability are the electric grid, military systems, financial institutions, and public transportation systems.

The electric grid – the US electric grid with its 200,000 plus miles of high-voltage cables is a complex network that allows the nation’s utility companies to transmit and distribute electrical power throughout the US and parts of Canada. The grid uses a network of substations and cables to distribute power for residential and commercial use. What controls the grid and allows it to transmit power is a highly computerized system that uses complex algorithms.

An easy way to understand the electric grid system is to analogize it to the human body. The body is the power plant that houses the various components that work together to produce electrical energy. Blood is the electric energy that is distributed by the heart through the veins (cables) to the various parts of the body.

What makes the electric grid a prime target for hacking by Russia, China, and other countries is that it is one of the primary hubs of the economy. The electric grid provides power that manufacturing companies use to run their plants and produce consumer products. While large manufacturing plants might have backup power systems to offset loss of power, the use of backup power for long periods would not be an economic viability.

The threat of a cyber-attack on the national grid is of course not a new problem as attempts have been made by hackers albeit without major power interruptions. The Wall Street Journal reported that,

Russian hackers already have breached much of the electric grid system. The hackers use the systems of major suppliers to utilities among the conclusions the government has drawn in the face of the information is that the electric grid could be substantially affected by the Russians.

It is worthwhile noting that the electric grid has been under constant attack from hackers. Despite the safeguards and features that make it hard to breach, it is not impossible to circumvent its firewalls and trigger major blackouts. In his testimony before Congress in 2014, the Director of National Security, Adm. Michael Rogers said,

China and “one or two” other countries have the ability to launch a cyber attack that could shut down the entire U.S. power grid and other critical infrastructure

And officials with the Council on foreign relations said,

Rapid digitization combined with low levels of investment in cybersecurity and the weak regulatory regime suggests that the U.S. power system is as vulnerable – if not more vulnerable – to a cyberattack as systems in other parts of the world.

The electric grid is not vulnerable cyber-attack alone but also to Acts of God. Most of the components that are part of the grid – cables, transformers, and poles – are links in the system that can be damaged or destroyed by tornadoes, hurricanes, and earthquakes. This is true for places where these components are above ground. In Florida where I live, hurricanes have caused blackouts that sometimes run into one to two weeks because of the lines or transformers blowing up.

A cyber-attack following a blackout from an Act of God would more than likely bring down the entire grid because this is when the system would be more vulnerable from the redistribution of electricity and shedding of load. Without doubt, this combination would be devastating to the US economy. Loss of power in large cities lasting over two weeks would trigger a chain reaction of disruption to the daily routine of people, shutting down manufacturing plants, and shutting down a significant number of businesses.

The military – the Navy, Army, and Marine all use complex computerized systems for navigation, surveillance, and combat purposes. The Rand Corporation states that, “the Air Force weapons system today are heavily reliant on complex software and high interconnectivity to perform their missions.”

The Pentagon which is the hub of the military systems is the core from where these computer systems are controlled and provide operational management of the various military units.

During the 9/11 attack, the Pentagon was one of the targets of the terrorist. They knew that by destroying the Pentagon that would greatly reduce the ability of the military to conduct their operations in countries where the US is engaged in military conflicts.

In a 2014 article titled, “Congress: U.S. Military Highly Vulnerable to Cyber Attacks,” Bill Gertz wrote,

Congress wants the Pentagon to spend more than $200 million to identify holes in U.S. weapons and communications software that could allow foreign militaries to disrupt or defeat advanced arms in cyber attacks.

Although it appears that Congress has appropriated money to make the military computer systems robust, a Department of Defense report (DoD) noted the following,

DoD should expect cyber attacks to be part of all conflicts in the future, and DoD should not expect adversaries to play by U.S. versions of the rules (e.g., should expect that they will use surrogates for exploitation and offensive operations, share IP with local industries for economic gains, etc.).

It will take years for the department to build an effective response to this cyber threat to include elements of deterrence, mission assurance and offensive cyber capabilities.

It is clear then that the military authorities are well aware of the vulnerabilities of the military systems and impact that a cyber-attack could cause.

You can imagine if the military computer systems were compromised by hackers, the damage it would pose to military operations that safeguard the security of the nation. At the least it would embolden terrorists and emboldened rebels who are engaged in the Middle East, Afghanistan, and elsewhere.

Public transportation systems – these include mass transportation like subway systems in large cities and commercial airlines. These systems are also dependent on sophisticated computerized systems that controls their various mechanical and electrical functions.

The subway systems or most transit systems in large cities like New York which transport thousands, if they were unable to perform their services because their computer systems were hacked would plunge the nation into chaos. People would be unable to get to work and businesses would be greatly incapacitated.

Financial institutions – It’s not just a presidential election, the electric grid, the military systems, and the public transportation that the Russians are trying to hack into.

Wall Street and commercial banks because they use computer systems are also targets for hackers. Wall Street especially which is the nerve center for the economy if its system was compromised by hackers certainly have a devastating effect on the stock market.

Conclusion ̶ if cyber-attacks like the one the Russians deployed to interfere with the 2016 presidential election can subvert the democratic process of elections in the US, then it is not unreasonable to think that cyber-attack will be the new weapon that Russia and other countries use against the US to achieve their goals.

Considering that the Republican controlled congress has been indifferent to hacking of the DCCC, that the president has not condemned Russia’s egregious behavior, Americans should be alarmed that the threat from cyber-attacks is not being taken seriously. Even more alarming is that Pres. Trump recently eliminated the position cyber security coordinator at the White House in May.

Americans need to demand that the president and Congress take the threat of cyber-attacks seriously and implement concrete measures to deter such attacks. The lack of defensive measures means that it will only be a matter of time before a major cyber-attack event occurs.

Leave a Reply

Your email address will not be published. Required fields are marked *