« The Best of The Forev… | Home | Eye-Rack, Ee-Rack or … »

The Terrorism Will Be Digital

Let’s start with some honesty, I (Michael C) hate articles about cyber-warfare. I hate articles warning of the “next cyber attack” in the U.S. I hate articles warning about the dangers of terrorism in general, but more specifically, I hate articles warning that “cyber-terrorism” will cause the next 9/11.

Like this one or this one or this one or this one or this one. Search cyber and 9/11; that generates 26 million results. Just last night, 60 Minutes headlined their show with the Stuxnet virus. Conversely, I love articles dissecting the cyber threat, like Thomas Rid’s “Think Again: Cyberwar”. Until today, we have avoided dissecting the “cyber-war/warfare/terrorism” issue, instead settling for articles about our lack of hiring the right people to build our cyber defenses.
   
Still...and I cannot believe that I am about to write this...I think...I have finally been convinced...that the next 9/11 or Pearl Harbor will be...a cyber-attack.

Here’s why: though I think interested groups (politicians searching for funding, contractors also in search of funding, and media watchers in search of a good story) over-hype the threat of cyber-warfare, cyber-terrorism, and cyber-attacks, the US, for the most part, is still not prepared for it. More importantly, a cyber-attack would succeed for the same reason the terrorists succeeded on 9/11. September 11th didn’t become 9/11 because it involved planes, or because of the death toll, or even because Muslims attacked us. Forget the who, what, when, where and how.

9/11 was 9/11 because of the why. We weren’t ready for it. It was shocking. Throughout history, terrorism has shocked governments into action through surprising violence. In Munich in 1972, terrorists take members of the Israeli Olympic team hostage. Hostage situations become the go-to terror attack. As a result, from metropolitan police departments to the FBI to the Army, in every country, everyone fields a hostage rescue team. Hostage taking goes out of style.

Then come bombings. The World Trade center the first time, then the Federal building in Oklahoma City. Now most public buildings have subtle, but impenetrable anti-terrorism measures. More importantly, we beefed up security and aggressively targeted al Qaeda everywhere on the globe. Then terrorists hijacked planes and flew them into buildings. As a result, future passengers on a captured airliner would defend themselves against terrorists. Since 9/11, al Qaeda hasn’t launched a single coordinated terrorist attack in the U.S.; instead, we have lone wolves who can’t even light their own underwear on fire.

So, when experts discuss the threat of Al Qaeda, I shrug. The next 9/11 won’t come from a threat we already expect. Al Qaeda or an affiliate might still launch a terror attack in the U.S, but it won’t be on the scale of 9/11, and more importantly, it won’t shock anyone. However, if Al Qaeda hoarded away a dozen or so hackers in a compound and let them develop the world’s most dangerous computer virus...that might worry me.

As Mark Bowden--of Black Hawk Down fame--writes in Worm: The First Digital World War about the Conflicker virus, a truly coordinated and unexpected virus could do real harm. The Conflicker virus seems ten times more dangerous than any terror attack. Imagine the Stuxnet worm without any restraint hitting every (or just some) power plant in the U.S. or world. Even with the (seemingly) never ending news stories, most Americans would not expect this type of attack, so it would qualify as “surprising” and “shocking”. If you can’t get the book, this Fresh Air article is a good summary.

Worst yet, law enforcement ignores the dis-enfranchised people who could conceivably try to cause havoc with a cyber-attack. From the far political right to the far political left--libertarian to anarchist--I could see a group dedicated simply to overthrowing the system using a cyber-terror attack, and these Americans would likely have the cyber know-how. Despite some investigations into domestic terrorism, the Department of Homeland Security and the Federal Bureau of Investigation spend an overwhelming amount of time tracking suspected Muslim terrorists.

So two final thoughts. First, the government is not the best actor to stop cyber-terrorism. Bureaucracies move slowly, and intelligence agencies move slower than any of them. Moreover, politicians only care about Al Qaeda because of its tremendous Q score. I just don’t see the government reacting until a cyber-9/11 happens.

Second, this is a prediction. And I recognize that. So let’s say that this isn’t 100% going to happen, and I won’t put a date on it. It probably won’t happen soon. In fact, it probably won’t happen for dozens of years. But if another 9/11 happens, it won’t be planes or bombs, it will be digital.