The Politicians Who Cried 'Cyber Pearl Harbor' Wolf

from the tough-to-believe-them-any-more dept

With all the talk lately about cybersecurity legislation, we've still yet to see anyone lay out an actual scenario for a real "cyber security" threat (or, at least one that goes beyond your everyday malware or corporate espionage, which are covered by existing laws just fine). However, we have heard lots of fear mongering about planes falling from skies and electric grids being shut down -- despite no evidence that there is any such threat (and, if there is, the concern should be focused on why those things are hooked up to the internet in the first place). And, of course, in all this fear mongering, there's one phrase that stands out: "Digital Pearl Harbor," as in, "we must protect ourselves before there's a digital Pearl Harbor."

David Parera, over at FierceGovernmentIT, has done the dirty work of tracing the history of the phrase, and suggesting that these Chicken Littles have been warning about the "imminent" digital Pearl Harbor for many years now.
The earliest public reference appears to be in a June 26, 1996 Daily News article in which CIA Director John Deutch warned that hackers "could launch 'electronic Pearl Harbor' cyber attacks on vital U.S. information systems."

The next month, then-Deputy Attorney General Jamie Gorelick told the Senate Governmental Affairs permanent subcommittee on investigations that "we will have a cyber-equivalent of Pearl Harbor at some point, and we do not want to wait for that wake-up call," according to the Armed Forces Newswire Service.

Thereafter the term appears to have gone into a hiatus, apart from some offhand or derivative references to the original sources cited above. But, not to worry, Sen. Sam Nunn (D-Ga.) used it again in the spring of 1998, being quoted in a March 19 South Bend Tribune article warning that "We have an opportunity to act now before there is a cyber-Pearl Harbor...We must not wait for either the crisis or for the perfect solution to get started."
There's a lot more where that came from, so go hit the link, read it, and be amazed.

Of course, as Parera notes, just because every single one of those fearmongering reports turned out to be false, it's still possible that the "Digital Pearl Harbor" is right around the corner. But, still, it at least raises significant questions of how important it is that we rush through the bill without an explicit explanation of the true threat. Of course, that won't really matter, as everyone's basically playing a giant game of musical chairs, trying to be ready to claim they "called it" should these horrible things ever actually happen.

Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    TtfnJohn (profile), 15 Jun 2012 @ 6:31pm

    Re: Re: Re: Re: Re: Damned if you do, damned if you don't

    Plenty of Linux boxes are out there just not all that many desktops comparably. (Android is a Linux flavour though.)

    It's nice to blame C for the lack of security in OS installations rather than old code that should have been removed from the OS kernel years ago. In reality it's bad programming practices and bad testing prior to release that's the cause of most if the problems. If an organization is still using the utility that caused the buffer overflow error or a descendant of same 25 years on they should be slow roasted. C, remember, was designed to be one and a quarter steps removed from Assembler and not a high level language that takes care of a ton of stuff for the coder. I've never seen a claim that it was designed to be secure in and of itself from Kerrigan and Ritchie or anyone else. It was designed to produce operating systems. Unix, actually. Security was left to the programmer or programming team.

    Now if you can name or come up with a mid-level or high level language that will be secure with an acceptably fast and small executable them please tell me what it is. One more to your liking because I can see your contempt for C and it's derivatives. And yes, it's an enormous pain at times.

    Someone must think it's good enough because it's still widely used.

    Windows flaws are well known and cracking it isn't difficult if someone really wants to which means that botnets are easier to establish on Windows systems than on *Nix systems not just because it's more widespread. Though that helps. They can be put on *Nix systems as proof of concept botnets have been established and tested on closed networks. We'll see if Win8 can reduce the flaws in Windows and reduce the number of botnet infected machines.

    None of this has to do with using C or C++ to code but design of the OS itself, as much as C is an enormous pain to use. Or would you rather code an OS to assembler? ;-)

    Meanwhile as far as an attack on critical systems are concerned we're back to enforcing the best practices possible on users and administrators. That and accepting that there is no such thing as a 100% secure system which doesn't mean trying to get there.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Special Affiliate Offer
Anonymous number for texting and calling from Hushed. $25 lifetime membership, use code TECHDIRT25
Report this ad  |  Hide Techdirt ads
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.