Last October was National Cybersecurity Awareness Month, which ironically came on the heels of a vast Internet breach in September – although few probably know about either event and perhaps even fewer care. The attack was launched through what has been estimated to be nearly a million infected security cameras and video recorders, which disabled individual and corporate databases blocking their access to the Internet, and ultimately knocking them offline. This massive assault has reinvigorated the debate among policy makers and security experts, who see this infiltration as a haunting demonstration of the flaws and susceptibility of our everyday Internet devices to security breaches. Brian Krebs, a U.S. security expert, was hacked in the September raid, and defines the overarching concerns: “We need to address this as a clear and present threat not just to censorship but to critical infrastructure.”
We have all watched in horror over the course of one or two news cycles as major corporations and government agencies have been hacked and had personal information compromised. These newsworthy attacks are usually attributed to state players, which makes the September 2016 breach particularly stunning in that it targeted the Internet by using simple devices typically found in our homes and offices, and according to James Clapper, the Director of National Intelligence, was “likely” the work of a non-state actor. Some experts believe that “this is the tip of the iceberg” as gadgets and devices, as commonplace as our thermostats, televisions, smart phones and tablets, can be turned into cyberweapons and utilized to coordinate a massive attack that could leave our nation completely debilitated and vulnerable.
Cybersecurity is by no means a new threat to national security. There are those who have been warning international security experts and policymakers for many years now about the risk of cyberwarfare. In his June 2013 article, The New Triad, Admiral James Stavridis, former Supreme Allied Commander Europe and current dean of the Fletcher School of Law and Diplomacy, forecasted this threat and called for a realignment of our national security and the creation of a “New Triad” that includes special forces operations, unmanned vehicles, and a cybercapabilities component. While the full scope of the cyber threat was just dawning at that time, Stavridis anticipated the imminent danger. He prescribed the establishment and long-term investment in a cyberforce that has the offensive potential “to operate with devasting effect.” With crystal-clear foresight, Stavridis recognized that the evolving nature of war will require that the New Triad be “ready for the inevitable and frequent calls for fire.”
Recently, Admiral Stavridis, along with Dave Weinstein, wrote another piece for Foreign Policy, The Internet of Things Is a Cyberwar Nightmare. It focused on the concerns raised by the September attack and the role of non-state players and the ever-shrinking threshold over which cyberwarriors must pass in order to wage these attacks. Typically, state actors, who are guided by political objectives, conduct these massive acts of cyberinvasion. However, September’s incident plainly demonstrates how susceptible and exposed the United States and the global community-at-large are to invasions from both state and non-state players alike. Cyber defense is critical as the players shift and the fronts on which they can attack continue to grow and expand. Malware can hijack our everyday devices and turn them into an army-of-sorts to be used against us. Therefore, it is our collective responsibility to understand the magnitude of this risk and protect against it.
The new, and often obscured, face of our enemy, who utilizes technology to operate covertly and attack without warning, mandates that the United States move forward aggressively to establish an unparalleled cyber tier of our military. This will require collaboration across all branches with cooperation from both the private and public sector. As the most recent disruption to the Internet clearly shows, the risks are very real and the consequences extremely grave. Cybersecurity should be at the forefront of public awareness and our national security conversation. It is a concern about which we should all care – not because we might be inconvenienced and unable to shop online, but because one day these cyberattacks could topple our nation – all at the command of a keyboard.