Rick Perry, Herman Cain, and Newt Gingrich rounded up Tuesday’s GOP debate on CNN by mentioning cyberattacks as one of the foremost national security threats to the U.S. today. Although cyber war is an emerging security problem for the U.S., it is not one of the top three security threats, as Gingrich stated.
The threat of cyberattacks is overblown, and the U.S. has other more problematic (and less “sexy”) issues to deal with.
Gingrich noted how unprepared the U.S. was to deal with the crime, while Perry specifically highlighted China’s People’s Liberation Army (PLA) involvement as a major issue. Cain drew on his background as a former ballistic analyst and computer scientist, noting that cyberattacks were “a national security area we do need to be concerned about.”
These concerns are overblown, because the U.S. faces deeper existential threats to its national security like the ever-looming economic crisis, energy security, or even traditional weapons of mass destruction, just to name a few.
Cyber war, cyber terrorism, and cyberattacks have so far been almost synonymous. But what the candidates should be concerned about is cyberterrorism, or attacks on critical components of national infrastructure. The discovery of the “Stuxnet” virus in a Iranian nuclear facility in Nantanz was alarming because of the potential damage it could have unleashed. Stuxnet also infected over 60,000 computers, going as far as Malaysia, Australia, and Germany. The difficulty of tracing the source of the attack and apportioning blame also makes the attacks impossible to police.
However, fears of cyberattacks have been exaggerated. There have so far been no documented cases of cyberterrorism on U.S. public facilities, transport systems, nuclear power plants, power grids, or other key components of national infrastructure. The reported cyberattacks are aimed at stealing company secrets and intellectual property. Though they were reportedly launched from China and Russia, the motivation is primarily to acquire business and technology information. These reports, moreover, remain accusations, and other U.S. companies have also been accused of cyber espionage in the attacks. Perry’s accusations against China will remain groundless unless culpability can be proven. The candidates’ fear of cyberattacks by hostile states is difficult to prove, and it is equally likely that what is happening is an online manifestation of old-fashioned corporate espionage than a new face of war.
The Stuxnet virus itself was also quickly disarmed, and neither al Qaeda nor other terrorist organizations have tried to launch a serious cyberattack. Until now, the Internet has mainly served as a medium for communication for them, not of war. And employees of critical infrastructure are well-versed in dealing with failures of their systems, having had to deal with problems caused by natural disasters. They have back-up plans in place, and the subsequent impact of cyberattacks is limited.
The US Institute for Peace noted that the media have discovered that cyberterrorism makes for “eye-catching, dramatic copy” and that “an entire industry has emerged to grapple with the threat of cyberterrorism” such that combating it has become not only a highly politicized but economically rewarding growth industry. The report also notes that: “The mass media frequently fail to distinguish between hacking and cyberterroism and exaggerate the threat of the latter by reasoning from false analogies."
The threat of cyberattacks is real, but it is not as pressing as the candidates would like you to think. The issue makes for great headlines, but the nation faces greater threats to its security than cyberattacks, and it is important to prioritize the threats and assess the threat for the actual damage it has caused so far, rather than the hype surrounding it.
Photo Credit: Wikimedia Commons