Are We Really Inching Toward Cybarmageddon?

With the release of President Barack Obama's report on cybersecurity last Friday, it seems apt to ponder a question posed by Wired.com's Threat Level blog: "Is the hacking threat to national security overblown?"

That question was asked by Threat Level Editor Kevin Poulsen at a recent panel discussion of cybersecurity experts during the Computers, Freedom and Privacy Conference 2009 in Washington, D.C., yesterday.

Here's a summary of their answers:

♦ Amit Yoran, a former Bush Administration cybersecurity czar, said the answer is yes, pointing to the crippling cyberattacks on Estonia, attacks on government contractor Booze Allen Hamilton, and the recent cyberexploit against defense contractor networks holding information on the Joint Strike Fighter. Notably, Yoran argued a “Cyber 9-11 has happened over the last 10 years, but it’s happened slowly so we don’t see it.”

♦ Dr. Herb Lin, a cyberattack expert at the National Research Council, said the threat from cyberattacks are very real but believes not enough attention is given to cyberespionage by the media because cyberterrorism and cyberwar receive more Web traffuc and sell more papers. Lin believes the U.S. needs the ability to effectively unleash cyberattacks against adversaries to deter and dissuade cyberspies and other cyberadversaries. "[W]e don’t consider spies inside the United States to be an attack on the United States," he said, adding "“Passive defenses alone are not sufficient. You have to impose costs on an attacker and maybe the only way to do that is a cyberattack yourself. The good guys have always had some sort of offense too.”

♦ Poulsen, however, believes the threat is highly exaggerated and criticized calling cyberexploits and cyberattacks national security threats because then the attack information gets classified. “If we can’t publicly share info that the attackers already have — since it’s about them — then we are doing far more harm than good,” Poulsen said, because it denies IT security professionals the ability to learn from the attacks and counter them in the future.

♦ Security rockstar and blogger Bruce Schneier says the threat is real, but he seemed to agree with Poulsen that it can get overblown at times. Threats such as natural disasters and bad programming codes are still bigger threats to U.S. national security, he said.

Photo by solidariat/Flickr