This spring has seen an unprecedented number of events under the topic of cyber war. You may have missed it, but the House Intelligence Committee Chairman Mike Rogers (R-Mich.) said that the United States is unprepared for a cyberattack. Well, that is not new to most people who follow or are involved in cybersecurity. His follow-on assertion that a “catastrophic cyberattack” is expected within 12 to 24 months was new. But still, that was not the comment that raised the eyebrows of cybersecurity practitioners and political pundits. Chairman Roger’s stated, “We are today involved in a cyber war.”
Not if or when, cyber war is happening now
Some call his remarks fear mongering. Some dismissed these comments as a thinly veiled effort to gain support for cybersecurity legislation currently under consideration by Congress. Others point to Roger’s unique insights due to the classified information he has access to as chairman of the House Intelligence Committee. But there is more.
Now consider in a recent “This Week” interview with Defense Secretary Leon Panetta who stated that, “There’s no question that if a cyberattack crippled our power grid in this country, took down our financial systems, took down our government systems…that that would constitute an act of war.”
In addition, there’s the news leaking out about the Defense Advanced Research Projects Agency’s Plan X that funds initiatives within the private sector, universities and even computer-game companies that develop technologies to improve the Defense Department’s cyber warfare capabilities. We must also point out that in the face of a total defense budget reduction of more than $1 trillion over 10 years, Deputy Defense Secretary Ashton Carter said cybersecurity is another area where DOD will spend more in the future.
How real is the cyber threat and are we over reacting? Some seem to think so, but there are clear indicators to the contrary. Is this more than rhetoric? You better believe it is. One of the most dramatic increases in the cyber threat to the United States comes from Iran. Since the Stuxnet incident of 2009-2010, Iran has accelerated the development of advanced offensive and defensive cyber capabilities. Iran put in place a robust program including education, research and development, cyber intelligence collection, exercises to evaluate their cyber capabilities and response and a number of other initiatives that were created to give the rogue regime a world-class cyber capability.