Director Of National Intelligence Admits That There's Little Risk Of A 'Cyber Pearl Harbor'

from the so-why-are-we-rushing? dept

We've been pointing out for years that all the talk about "cyberattacks" and "cybersecurity" appear to be FUD, mostly designed to scare up money for "defense" contractors looking for a new digital angle. And yet, we keep seeing fear-mongering report after fear mongering report insisting that we're facing imminent threats of such a dire nature that multiple people keep referring to this ridiculous concept of the "cyber Pearl Harbor" which is going to happen any day now if we don't pass vaguely worded bills that will surely ramp up huge contracts. And yet, every time we'd hear these cinematic scare stories, we'd point out that no one has yet died from a "cyber attack" and ask: where was the actual evidence of real harm? Yes, we've seen hack attacks that are disruptive or really about espionage. But that "big threat" coming down to get us all? There's been nothing to support it.

And perhaps that's because it doesn't exist. Amazingly, the Director of National Intelligence, James Clapper, actually admitted in a Senate hearing that there's little risk of any "cyber Pearl Harbor" in the foreseeable future:
“We judge that there is a remote chance of a major cyber attack against U.S. critical infrastructure systems during the next two years that would result in long-term, wide-scale disruption of services, such as a regional power outage,” Clapper said in his statement to the committee. “The level of technical expertise and operational sophistication required for such an attack — including the ability to create physical damage or overcome mitigation factors like manual overrides — will be out of reach for most actors during this time frame. Advanced cyber actors — such as Russia and China — are unlikely to launch such a devastating attack against the United States outside of a military conflict or crisis that they believe threatens their vital interests.”
He later admitted that some others -- who weren't as knowledgeable -- might be able to sneak in some attacks here or there, but that the impact would likely be minimal:
“These less advanced but highly motivated actors could access some poorly protected US networks that control core functions, such as power generation, during the next two years, although their ability to leverage that access to cause high-impact, systemic disruptions will probably be limited. At the same time, there is a risk that unsophisticated attacks would have significant outcomes due to unexpected system configurations and mistakes, or that vulnerability at one node might spill over and contaminate other parts of a networked system,” he said.
Of course, at the very same hearing, the NSA's General Keith Alexander kept up the propaganda about threats. Alexander has been among those who have been spreading FUD about the "threats" -- including ridiculous claims about Anonymous shutting down the power grid -- so sticking to that line is hardly much of a surprise. This time around he focused on an increasing rate of attacks on Wall Street banks.

He also pulled out the old "the Chinese are stealing our business secrets!" claim. That always sounds good for Congress, but it is unclear how much real impact it has had.
But the Cyber Command chief stressed that the U.S. needs to clamp down on this intellectual property theft, warning it will ultimately "hurt our nation significantly."

"For the nation as a whole, this is our future. This intellectual property, from an economic perspective, represents future wealth and we're losing that," Alexander said.
It doesn't appear he has any real basis for saying that. There are all sorts of ways to compete and to innovate, and falling back on relying intellectual property laws may be the least useful and least efficient manner for doing so.

It would be nice if we could stop all the blatant fear mongering and focus on any actual problems, such as highlighting what important information isn't being shared today, since we keep getting told that it's our lack of information sharing that will lead to a cyber pearl harbor. Now that we know the threat isn't imminent, can we sit back and look at the actual evidence, understand what the real problem is, and see if there's a way to solve it that doesn't involve giving up everyone's privacy rights?


Reader Comments (rss)

(Flattened / Threaded)

  •  
    icon
    Ninja (profile), Mar 13th, 2013 @ 11:14am

    This time around he focused on an increasing rate of attacks on Wall Street banks.

    Well, they flat out screwed up everyone, crashed the entire economy and used taxpayers money from the bail outs to pay themselves fat bonuses. If I could I'd do as much damage as I could to such morons.

    There are all sorts of ways to compete and to innovate, and falling back on relying intellectual property laws may be the least useful and least efficient manner for doing so.

    Offering quality products is a good start. The quality of Chinese stuff is usually very poor.

    I read all these 'cybersecurity' scare stories as a single thing: "We, in the US, are utterly incompetent and cannot secure our vital systems thus we need to scare ourselves silly and run around screaming like loons while doing nothing that will actually address any real security breach"

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      yaga (profile), Mar 13th, 2013 @ 1:28pm

      Re:

      There you go again Ninja, finding any way possible to bash the US.

      They aren't saying they can't secure the systems. They are saying give us more money to give to corporations and pass more laws that take away the rights and privacy of our citizens.

      It's not about incompetence,if anything, it's about greed and control.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        varagix, Mar 13th, 2013 @ 9:58pm

        Re: Re:

        Can't it be all three? Greed, control, and incompetence working in tandem, ultimately to the downfall of everyone involved

         

        reply to this | link to this | view in chronology ]

      •  
        icon
        Ninja (profile), Mar 14th, 2013 @ 3:02am

        Re: Re:

        I'd say it's a bit of both but if you are competent you don't link vital infra-structure with the internet. Iran got delayed by stuxnet because they were incompetent enough to allow an infected pen drive to run in a 'vital' system. If you have a system that is THAT important external access to it must be very controlled.

        I know it's about greed and control but the image they pass is that of incompetence.

         

        reply to this | link to this | view in chronology ]

  •  
    icon
    Atkray (profile), Mar 13th, 2013 @ 11:25am

    And just in time to make sure no one hears this the news that poor Michelle Obama had her credit card info hacked.

    Excuse me I need some more tin foil.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Mason Wheeler (profile), Mar 13th, 2013 @ 12:04pm

    Anyone else find it hilarious that the guy's called Clapper and he's talking about the likelihood of a major power outage?

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    BentFranklin (profile), Mar 13th, 2013 @ 12:09pm

    "This time around he focused on an increasing rate of attacks on Wall Street banks."

    He makes it sound like that's a bad thing.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Rikuo (profile), Mar 13th, 2013 @ 12:10pm

    If some foreign power wanted to cause a cyber Pearl Harbour...how would a batch of new cyber laws prevent that.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Machin Shin (profile), Mar 13th, 2013 @ 12:34pm

      Re:

      I don't know, maybe the goal is to pass a bunch of laws that make us feel nice and safe.

      You know.... kind of like having our fleet of ships parked in a shallow harbor assuming their is no way it could be attacked there.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Mar 13th, 2013 @ 12:15pm

    But the Cyber Command chief stressed that the U.S. needs to clamp down on this intellectual property theft, warning it will ultimately "hurt our nation significantly."

    Looks like if one excuse for controlling the Internet is wearing a bit thin, switch to one that will get more support.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      gorehound (profile), Mar 13th, 2013 @ 1:45pm

      Re:

      Of Course ! These assholes are Clueless ! Wish someone would be able to out all the dirty laundry of the MAFIAA to the Public.Do it in a way that even Mr. Sheeple might understand.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Mar 13th, 2013 @ 12:37pm

    Follow the Money

    FUD=$$$

    The NSA is basically saying, look at all the Bad stuff that can happen, Give us more money and it wont.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      varagix, Mar 13th, 2013 @ 10:02pm

      Re: Follow the Money

      Sounds like a Prohibition Era protection racket.

      "That's a nice thing youz got there. Shame if something were to happen to it..."

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Mar 13th, 2013 @ 12:37pm

    The TSA is built on FUD, along with half of the rest of the government, as a justification for taxing us and giving it to people who aren't doing anything useful. The only thing these people are securing is their jobs.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Minimum Waged Shill, Mar 13th, 2013 @ 12:40pm

    "we'd point out that no one has yet died from a "cyber attack""

    It's possible for someone to die from a cyber attack. If someone does a DDOS attack the right way all that traffic may overload the computer systems of the target routers and computers causing them to overheat and start a fire and fires are dangerous and could kill people. So laws must be passed to prevent this OK. Don't you get it Mike. This is dangerous stuff here

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Mar 13th, 2013 @ 1:43pm

      Re:

      You seem to have confused lithium ion batteries, which catch fire in planes, with servers which shut down when they get too hot.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Minimum Waged Shill, Mar 13th, 2013 @ 3:01pm

        Re: Re:

        but if all the servers are forced to shut off all at once that's even worse because when they turn back on all at once it can create huge power surges all at once and that can cause problems with the electrical wiring and cause fires and even very dangerous transformer explosions. Especially if that transformer gets hacked through the cyberwarbots. So regulations are needed.

         

        reply to this | link to this | view in chronology ]

      •  
        identicon
        Minimum Waged Shill, Mar 13th, 2013 @ 3:02pm

        Re: Re:

        Also what if the servers are hacked into and a virus is put on them to instruct them not to turn off when they get too hot. Then they will get too hot and overheat and cause fires and that's dangerous.

         

        reply to this | link to this | view in chronology ]

  •  
    identicon
    Chris Brand, Mar 13th, 2013 @ 12:41pm

    Just doing his job

    Of course "the Cyber Command chief" is focussed all the time on this stuff - he presumably sees little else. So to him, it no doubt is a huge problem that needs solving. Also, of course, his entire budget is presumably predicated on there being an actual cyber-threat.
    It's just like the Air Force Chief will tell you how desperately important it is that we defend our skies. It would be extremely surprising to see someone in this kind of position say "actually, it's probably better to spend money elsewhere".

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Mar 13th, 2013 @ 12:49pm

    "no one has yet died from a "cyber attack""

    My Flak Cannon and the pile of gibs in the corner disagree with your assessment.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Mar 13th, 2013 @ 1:13pm

    SEC and DOJ have pretty much refused to hold big banks and Wall Street responsible for the damage they have done the economy and the average citizen. Politicians evidently don't get people are pissed over this two tier justice system. Some are apparently doing things about it with hacking and exposing money trails and insider info.

    When you have a cabinet level justice officer claiming that big banks are too big to be held responsible for their misdeeds it raises eyebrows. Lets not even talk about all the wrong claims for foreclosure on innocents that weren't behind in their loans...if they had one. No one is making these banks pay up for their mistakes or for the third parties doing their bidding.

    There's lots of ill will out there on Main Street that no one seems to get a rats ass about in Washington. I wonder why there are so many doing things that the powers that be don't like?

    I couldn't hack my way out of a wet paper bag. But I do see civil unrest building by the lack of action in Washington to deal with the real criminals and hold them accountable.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      out_of_the_blue, Mar 13th, 2013 @ 1:25pm

      Re: "lack of action in Washington to deal with the real criminals"

      Well, AC, I agreed with you right up to that point.

      Problem is that there's NO longer ANY separation between the political and corporate realms. It's even worse than politicians being paid off: nowadays people move freely between political or appointed offices and corporate or media positions. It's total fascism, just short of openly announced on front page of the New York Times. Difficult to believe anyone hasn't noticed it, so I suppose that you just hold on to a faint hope it's not so bad as looks.

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        John Fenderson (profile), Mar 13th, 2013 @ 2:41pm

        Re: Re: "lack of action in Washington to deal with the real criminals"

        Right on the money, ootb!

         

        reply to this | link to this | view in chronology ]

      •  
        icon
        Suzanne Lainson (profile), Mar 13th, 2013 @ 4:16pm

        Re: Re: "lack of action in Washington to deal with the real criminals"

        Problem is that there's NO longer ANY separation between the political and corporate realms. It's even worse than politicians being paid off: nowadays people move freely between political or appointed offices and corporate or media positions.

        I agree. My sense is that private industry will get exactly what it wants from the government in terms of security.

        It will get defense contracts.
        It will call on the government to clean up security whenever private industry wants help.
        It will protest government surveillance whenever it wants to collect its own data on citizens, and then it will turn around and sell it to the government

        As I read about all the back and forth on security and privacy I don't see much difference between what government does and what private industry does and I think private industry calls the shots because it can buy the government it needs. The rest of the debate is just a sideshow.

         

        reply to this | link to this | view in chronology ]

      •  
        icon
        Suzanne Lainson (profile), Mar 14th, 2013 @ 12:53am

        Re: Re: "lack of action in Washington to deal with the real criminals"

        POWER-CURVE SOCIETY: The Future of Innovation, Opportunity and Social Equity in the Emerging Networked Economy | The Aspen Institute: "The industries that are most resistant to any change in the status quo, said [Michael Fertik, Founder and Chief Executive Officer of Reputation.com] are Internet-based media incumbents such as Google and Facebook, which argue that new requirements to protect privacy will destroy innovation. Shane Green of Personal said that when he talks to people at large Internet companies that gather lots of personal data, he is 'amazed' at their resistance to disclosing how they capture data, what they do with it and how much money they make from it. 'They sound just like Ma Bell from way back,' said Fertik. 'They have absolutely no interest in talking about privacy. Why won’t [these companies] open up and talk about how they capture data and what they do with it? Because they’re controlling things in a way that benefit them and not everyone else.'”

         

        reply to this | link to this | view in chronology ]

  •  
    icon
    ECA (profile), Mar 13th, 2013 @ 1:20pm

    lETS SEE..

    So our computers are at risk??

    So, we arnt sending out IP to other nations so they can Build them Cheap, and send them back 'for sale' to US??

    Hmm, sounds weird..

    Do we send letters and NDA agreements to those companies in OTHER countries, AND ASK them not to share our DATA on products we WANT them to make??
    Then 'as the company' why not just copy and send it to a Alternate, to make the product themselves...CHEAPER.

    HOw many APPLE clones are there in China and the middle east..>? TONS. Why arent they HERE?? we have ANTI-COMPETITION LAWS/CONTRACTS..

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    John, Mar 14th, 2013 @ 4:43am

    Scary bedtime stories

    Everyone loves to tell "the children" scary bedtime stories, but the biggest risks (which have actually played out) come from within. e.g. Enron manipulating the power markets and causing outages, Wall St and the GFC, etc.

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This