The authors of a recently introduced U.S. Senate bill today urged the country to prepare for a cyberwar in an editorial that is likely to further dismay those who favor toning down the rhetoric stemming from the recent attacks against Google.
Sens. Jay Rockefeller (D-W.Va) and Olympia Snowe (R-Maine), who earlier this month proposed the Cybersecurity Act, today warned in the The Wall Street Journal that the country is at risk of cyberwar.
The op-ed piece (subscription required) says the U.S. needs to prepare for cyberattacks that have the potential to "disrupt or disable vital information networks" and "cause catastrophic economic loss and social havoc." It also states that national and economic security are at risk from such cyberattacks. The senators point to recent comments made by Mike McConnell, the former director of national intelligence, warning that the U.S is already in the midst of a cyberwar -- a cyberwar that it is losing.
Today's editorial appears largely designed to garner broad support for the proposed Snowe-Rockefeller bill. The bill, introduced earlier this month, seeks, among other things, to strengthen cybersecurity by fostering better partnerships between the public and private sectors. It would also create the position of a Senate-confirmed national cybersecurity adviser and would require the president to work closely with key private sector executives in the event of a cyber crisis.
The bill also calls for a public awareness campaign to make basic cybersecurity principles "as familiar as Smokey the Bear's advice for preventing forest fires," the senators wrote.
The proposed bill has its share of supporters, but the cyberwar rhetoric being used to justify the need for such measures is viewed skeptically by growing numbers of IT security professionals. Warnings about cyberwar, especially in the wake of the China-based attacks against Google and more than 30 other high-tech companies, is unnecessary overhyping of what's going, some experts say.
One of them is noted security researcher Marcus Ranum, chief security officer at Tenable Network Security Inc. In an opinion piece in U.S. News and World Report earlier this week, Ranum warned that the cyberwar rhetoric is scarier than actual war.
"Suddenly, the steady drumbeat of computer/network security has been pushed to center stage, and now our government is talking about 'cyberwar' and pointing a finger at China," Ranum wrote. "Unless you've been asleep for a decade, you ought to be worried when our government starts using the rhetoric of warfare -- especially vocabulary like 'preemptive' and 'deterrence.'"
Ranum today said that concerns about catastrophic economic losses and social havoc stemming from a cyberwar are misplaced.
"When some cyberwar pundit starts talking hellfire and damnation, you need to ask them whether their scenario is going to have the physical and psychological impact of a New Orleans flood or a 9/11," Ranum said in e-mailed comments to Computerworld. The types of disruptions that some people claim cyberwar will cause, such as large-scale power blackouts, are unlikely to result in the kind of mayhem that is being assumed, he said. Many "experience power failures sometimes lasting days -- because of winter weather -- and we don't dissolve into chaos," he said.
Ranum's views are similar to those of a growing number of other experts. James Lewis, who headed a team that developed a set of cybersecurity recommendations for President Obama, recently wrote about the issue in a blog. The nation is not in the middle of a cyberwar, Lewis stressed.
Drawing a comparison to traditional warfare, he noted that it's unlikely that a country would preemptively launch a missile strike against critical infrastructure in the U.S., because it would fear massive retaliation. The same holds true for cyberwar, said Lewis, who is a senior fellow and program director at the Center for Strategic and International Studies. "Foreign leaders will not lightly begin a war with the United States," he said. "And the risk of cyberwar is too high for frivolous or spontaneous engagement."
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is jvijayan@computerworld.com.