If I could, I would repeal the Internet. It is the technological marvel of the age, but it is not -as most people imagine -a symbol of progress. Just the opposite. We would be better off without it. I grant its astonishing capabilities: the instant access to vast amounts of information, the pleasures of YouTube and iTunes, the convenience of GPS and much more. But the Internet’s benefits are relatively modest compared with previous transformative technologies, and it brings with it a terrifying danger: cyberwar. Amid the controversy over leaks from the National Security Agency, this looms as an even bigger downside.
By cyberwarfare, I mean the capacity of groups - whether nations or not - to attack, disrupt and possibly destroy the institutions and networks that underpin everyday life. These would be power grids, pipelines, communication and financial systems, business record-keeping and supply-chain operations, railroads and airlines, databases of all types (from hospitals to government agencies). The list runs on. So much depends on the Internet that its vulnerability to sabotage invites doomsday visions of the breakdown of order and trust.
In a report, the Defense Science Board, an advisory group to the Pentagon, acknowledged “staggering losses” of information involving weapons design and combat methods to hackers (not identified, but probably Chinese). In the future, hackers might disarm military units. “U.S. guns, missiles and bombs may not fire, or may be directed against our own troops,” the report said. It also painted a specter of social chaos from a full-scale cyberassault. There would be “no electricity, money, communications, TV, radio or fuel (electrically pumped). In a short time, food and medicine distribution systems would be ineffective.”
I don’t know the odds of this technological Armageddon. I doubt anyone does. The fears may be wildly exaggerated, as Thomas Rid of Kings College London argues in his book “Cyber War Will Not Take Place” (already published in Britain, due out this fall in the United States). In living memory, there are many threats that, with hindsight, seemed hyped: the “missile gap” in 1960; the Y2K phenomenon in 2000 (the date change was allegedly going to disable many computer chips); and, so far, the prophecies of widespread terrorism after 9/11.
Still, the Internet creates new avenues for conflict and mayhem. Until now, the motives for hacking — aside from political activists determined to make some point — have mostly involved larceny and business espionage. Among criminals, “the Internet is seen as the easiest, fastest way to make money,” says Richard Bejtlich, chief security officer for Mandiant, a cybersecurity firm. Recently, federal prosecutors alleged that a gang of cyberthieves had stolen $45 million by hacking into databases of prepaid debit cards and then draining cash from ATMs.
Stealing trade secrets likely dwarfs ordinary crime. From its clients, Mandiant identifies four industries as receiving the bulk of attacks: aerospace and defense (31 percent); energy, oil and gas (17 percent); pharmaceuticals (15 percent); and finance (11 percent). Mandiant identified one unit of China’s People’s Liberation Army that allegedly has hacked 141 companies and organizations since 2006, removing “technology blueprints, propriety manufacturing processes, test results, business plans.”
What’s unclear is how “infrastructure” systems (electricity grids and the like) have been penetrated and, on command, might be compromised. In the mid-1980s, most of these systems were self-contained. They relied on dedicated phone lines and private communications networks. They were hard to infiltrate. Since then, many systems switched to the Internet. “It’s cheaper,” says James Andrew Lewis, an Internet expert at the Center for Strategic and International Studies. The architects of these conversions apparently underestimated the risk of sabotage.
As yet, there has been little. One publicized incident occurred in 2012 when hostile software (“malware”) infected an estimated 30,000 computers of Aramco, Saudi Arabia’s oil company. Business operations suffered, but oil production and delivery continued. More powerful was the Stuxnet virus, reportedly developed by the United States and Israel to disrupt Iran’s nuclear program. The future could be more tumultuous. If the United States attacked Iran’s nuclear facilities, Lewis thinks it would retaliate with cyberattacks against banks and electricity networks. Press stories report that Iran has already increased its attacks. There’s a race between cyber offense and defense.
All this qualifies our view of the Internet. Granted, it’s relentless. New uses spread rapidly. Already, 56 percent of U.S. adults own smartphones and 34 percent have tablets, says the Pew Internet & American Life Project. But the Internet’s social impact is shallow. Imagine life without it. Would the loss of e-mail, Facebook or Wikipedia inflict fundamental change? Now imagine life without some earlier breakthroughs: electricity, cars, antibiotics. Life would be radically different. The Internet’s virtues are overstated, its vices understated. It’s a mixed blessing — and the mix may be moving against us.
By cyberwarfare, I mean the capacity of groups - whether nations or not - to attack, disrupt and possibly destroy the institutions and networks that underpin everyday life. These would be power grids, pipelines, communication and financial systems, business record-keeping and supply-chain operations, railroads and airlines, databases of all types (from hospitals to government agencies). The list runs on. So much depends on the Internet that its vulnerability to sabotage invites doomsday visions of the breakdown of order and trust.
In a report, the Defense Science Board, an advisory group to the Pentagon, acknowledged “staggering losses” of information involving weapons design and combat methods to hackers (not identified, but probably Chinese). In the future, hackers might disarm military units. “U.S. guns, missiles and bombs may not fire, or may be directed against our own troops,” the report said. It also painted a specter of social chaos from a full-scale cyberassault. There would be “no electricity, money, communications, TV, radio or fuel (electrically pumped). In a short time, food and medicine distribution systems would be ineffective.”
I don’t know the odds of this technological Armageddon. I doubt anyone does. The fears may be wildly exaggerated, as Thomas Rid of Kings College London argues in his book “Cyber War Will Not Take Place” (already published in Britain, due out this fall in the United States). In living memory, there are many threats that, with hindsight, seemed hyped: the “missile gap” in 1960; the Y2K phenomenon in 2000 (the date change was allegedly going to disable many computer chips); and, so far, the prophecies of widespread terrorism after 9/11.
Still, the Internet creates new avenues for conflict and mayhem. Until now, the motives for hacking — aside from political activists determined to make some point — have mostly involved larceny and business espionage. Among criminals, “the Internet is seen as the easiest, fastest way to make money,” says Richard Bejtlich, chief security officer for Mandiant, a cybersecurity firm. Recently, federal prosecutors alleged that a gang of cyberthieves had stolen $45 million by hacking into databases of prepaid debit cards and then draining cash from ATMs.
Stealing trade secrets likely dwarfs ordinary crime. From its clients, Mandiant identifies four industries as receiving the bulk of attacks: aerospace and defense (31 percent); energy, oil and gas (17 percent); pharmaceuticals (15 percent); and finance (11 percent). Mandiant identified one unit of China’s People’s Liberation Army that allegedly has hacked 141 companies and organizations since 2006, removing “technology blueprints, propriety manufacturing processes, test results, business plans.”
What’s unclear is how “infrastructure” systems (electricity grids and the like) have been penetrated and, on command, might be compromised. In the mid-1980s, most of these systems were self-contained. They relied on dedicated phone lines and private communications networks. They were hard to infiltrate. Since then, many systems switched to the Internet. “It’s cheaper,” says James Andrew Lewis, an Internet expert at the Center for Strategic and International Studies. The architects of these conversions apparently underestimated the risk of sabotage.
As yet, there has been little. One publicized incident occurred in 2012 when hostile software (“malware”) infected an estimated 30,000 computers of Aramco, Saudi Arabia’s oil company. Business operations suffered, but oil production and delivery continued. More powerful was the Stuxnet virus, reportedly developed by the United States and Israel to disrupt Iran’s nuclear program. The future could be more tumultuous. If the United States attacked Iran’s nuclear facilities, Lewis thinks it would retaliate with cyberattacks against banks and electricity networks. Press stories report that Iran has already increased its attacks. There’s a race between cyber offense and defense.
All this qualifies our view of the Internet. Granted, it’s relentless. New uses spread rapidly. Already, 56 percent of U.S. adults own smartphones and 34 percent have tablets, says the Pew Internet & American Life Project. But the Internet’s social impact is shallow. Imagine life without it. Would the loss of e-mail, Facebook or Wikipedia inflict fundamental change? Now imagine life without some earlier breakthroughs: electricity, cars, antibiotics. Life would be radically different. The Internet’s virtues are overstated, its vices understated. It’s a mixed blessing — and the mix may be moving against us.