There Is No Pearl Harbor Cyber Event–‘Calamitous Events are Happening Right Now’

December 22, 2014

Citizen and law enforcement and citizen and soldier. We are all boots on the ground in cyber warfare. The war has come to the board rooms.

…Calamitous events happening right now…

NSA Chief and Cyber Warfare Commander Admiral Michael Rogers at  the Reagan Defense Forum in November 2014. Image Credit: Reagan Library
NSA Chief and Cyber Warfare Commander Admiral Michael Rogers at the Reagan Defense Forum in November 2014. Image Credit: Reagan Library

Last month I had the privilege of covering the Ronald Reagan National Defense Forum at the Reagan Library in Simi Valley, California. The honorary organizer, outgoing Congressman Buck McKeon has declared he wants to make this annual confab the ‘Davos of Defense’. If the list of speakers were any indication at this second annual conference, he’s already succeeded.

Among the speakers and panelists were the Assistant to the Joint Chiefs of Staff, Defense Secretary Chuck Hagel; former Sec Defs Leon Panetta and Robert Gates; the woman who was under consideration for the Sec Def job, Michele Flournoy; assorted Congressional Representatives; CEO’s of defense contracting firms–you name it, they were there. Major media, minor media. It was an impressive bunch.

During a panel on cyber warfare there were a few things I picked up on I believe are important as we digest the North Korean (probably Chinese) cyber attack on Sony and bringing the movie production firm to the dramatic point of selling out their first amendment privileges to a feckless, faceless enemy. Sony canceled the roll out of the movie The Interview altogether. Another movie about North Korea was shut down because of Sony’s move and Paramount’s humorous ‘threat’ to re-release the profane, gross and hilarious Team America World Police (another spoof on North Korea’s dictator–at the time Kim Jung Il) was shelved because of the threats of violence.

The beginning of the question of why there will probably be no Pearl Harbor or 9/11 type of event in cyber warfare is that it is happening all the time. It’s a constant barrage of pings into the system with sometimes hits and sometimes misses.

How serious is the threat? Here’s just a sampling sampling of recent cyber penetrations in the U.S. discussed at the Forum:

  • Alcoa in western Pennsylvania attacked.
  • Solar company in Oregon
  • Iranians breached USIS
  • Russians putting malware into critical infrastructure–especially energy.
  • Chinese penetrated personnel files of 800,000 postal workers and
  • Chinese possibly penetrated a private company that does security vetting for government personnel
  • Chinese penetrated NOAA, the government weather entity used for critical infrastructure including aviation, disaster response system

As Northrup Grumman CEO Wes Bush told the gathering when asked about  the possibility of a cyber Pearl Harbor:

If I were an adversary and had my pick of any network in the U.S. that I wanted to find my way into, perhaps other than some government networks, and some very, very secure private networks, and I could go in and steal the intellectual property I needed, maybe plant some things, why would I choose to do a Pearl Harbor? I’m getting exactly what I want.

Q You’re saying catastrophic, loss of life event is not the likely scenario.

It concerns me, if we only hinge our strategy around, gee, if there’s a calamitous event, or something, we’re being very, very short sighted. The calamitous events are happening. For those who think their networks are truly, truly secure and all of that information is getting protected, they’re kidding themselves.

I actually think, depending on what you want to call the Pearl Harbor scenario, we’ve got the calamitous events happening right now and we need to be thinking of it that context.

The head of the nation’s Cyber Warfare Department and NSA Chief Mike Rogers said we can’t wait for a Cyber Pearl Harbor:

If you still think we’ll wait for something really big to happen, I think, wow, this is a losing strategy. That is not what we’re about as a nation. We’ve got to be willing to take on the tough problems.

And he presciently said what appears to have happened with North Korea and and the attack on Sony:

The concern I have increasingly is what if the lines are starting to blur? And what if nation-states are turning to surrogates, whether they be criminal actors, whether they be groups or individuals. What if groups, individuals are starting to create partnerships …that make attribution difficult and clearly trying to stymie attribution as well as policy decisions on our part. That’s probably the biggest thing that I’m watching right now and I’m thinking, ‘wow’ this is going to require us to think a little differently.

Though the President said Friday it’s not an act of war, the fact is the Sony hack was an attack on the cornerstone of our Republic: The 1st Amendment right to free speech and religion.

As Rogers told the gathering:

If we’re not careful and this trend continues, this will encourage nation states, groups and individuals and potentially engage in evermore escalatory and risky behavior, and that’s not a good thing for us. Because, don’t you forget, once you gain access to a system then the big challenge becomes what’s the intent. Is it I’m trying to steal intellectual property, is it I’m a criminal entity and I’m trying to steal data, account information, things I’m trying to generate resources with. Is it I’m trying to do reconnaissance for follow-on military activities. Is it, ‘ I’m using this access because I want to engage in manipulation of your data? Is it, ‘I want to use this data potentially for destructive behaviors? Intent is everything here because once you get in, there’s a lot of options open to you as the attacker, so to speak.

See the panel for yourself below: