Reliable Security Information
The Bogometer is blinking red

History means a lot on the cybersecurity/cyberwar beat. Particularly not knowing it. If you're reporter on the cyber-disaster line you probably don't remember what went on five years ago. And, under no circumstances, do you recall or even care what transpired before that. Short attention/retention is your thing. To be otherwise threatens the job security, making it harder to work.

So most have no idea how truly deadening and repetitive is the messaging on the subject.

Names change a little but the claims are the same. Doom is upon us. The talk's always cheap.

There are lots of reasons for it in the US psyche. Almost too many to write about thoroughly in even a year's worth of blog posts.

Today, among others having to do with being self-serving, there's the national trait, or character flaw, of a kind of bragging grandiloquent importance in the bringing of Paul Revere warnings coupled with the bright seam of American paranoia toward the outside world.

And it's all hung on the hooks of bad days from national history, rhetorical conveniences in the growing of the fear-based economy.

Add the American belief that bullshit magically transforms into not-bullshit if a few people with well-known names in Congress, or anywhere else, say it. (This, hand in hand with the national security techno-shaman's reliance upon truth being a matter of majorities quoted in the press.)

From The Hill website on March 17:

Lawmakers and administration officials have warned of potentially catastrophic consequences if Congress doesn't pass cybersecurity legislation this year, but some observers question whether the rhetoric is overblown.

"Think about how many people could die if a cyber terrorist attacked our air traffic control system and planes slammed into one another," Sen. Jay Rockefeller (D-W. Va.) testified at a Homeland Security and Government Affairs Committee hearing last month. "Or if rail-switching networks were hacked -- causing trains carrying people, or hazardous materials -- to derail and collide in the midst of some of our most populated urban areas, like Chicago, New York, San Francisco or Washington."

At the hearing, committee Chairman Joe Lieberman (I-Conn.) said he feels like it's Sept. 10 2001, on the eve of a devastating terrorist attack.

"The system is blinking red - again. Yet, we are failing to connect the dots - again," Lieberman said.

Now, jump in the time machine, and take a look at something taken from the Pittsburgh Post-Gazette, on September 9, 2003:

Almost two years after the devastating attacks of 9/11, former Bush White House adviser Richard Clarke sounded the alarm in Pittsburgh about a cyberattack that could be just as damaging to the national psyche, arguing that the federal government remains "slow" and "very 20th century" in its preparation for computer-based terrorist threats.

Clarke, in an interview yesterday on Carnegie Mellon University's campus, singled out the U.S. Department of Homeland Security, led by former Pennsylvania Gov. Tom Ridge, for being sluggish in making cyberspace a true national security priority. The department, Clarke noted, has yet to appoint a director and several key managers to its National Cyber Security Division -- a group asked to implement a protection plan Clarke developed before leaving the Bush administration in February.

The problem, Clarke said, is that Homeland Security leaders still "think of risks to our society in terms of things that explode and incidents that have body bags. In the 21st century, as the power blackout of Aug. 14th proved, a great deal of damage to our economy and disruption to our way of life can be done without anything exploding or anybody being killed."

Clarke's insistence that the country pay attention to cybersecurity has made him a polarizing figure in the computer industry and Washington D.C., where he has worked for the last four presidents and advised three of them on intelligence and national security matters.

He left the White House as Bush's cybersecurity czar in February, to become a consultant. Known for his contempt of bureaucracy and his critique of pre-Sept. 11 intelligence failures, Clarke emerged after 9/11 as the digital Paul Revere, warning that the country's electrical power, finance, telecommunications, transportation, water and especially the Internet are all vulnerable to cyberattack.

In making his case for shoring up the nation's electronic infrastructure, Clarke is getting support from Pittsburgh and specifically, CMU. With Clarke's assistance, CMU computer scientist Roy Maxion sent a letter last year to President Bush warning that "our nation is at grave risk of a cyberattack that could devastate the national psyche and economy more broadly than did" the 9/11 attacks."

The letter, cosigned by Maxion's CMU colleague John McHugh and more than 50 of the country's top computer scientists, laid out a nightmarish scenario involving the sudden shutdown of electric power grids, telecommunications "trunks," air traffic control systems and the crippling of e-commerce and credit card systems with the use of several hundred thousand stolen identities. "We would wonder how, as nation, we could have let this happen," the letter said.

Maxion and his co-signers proposed a five-year cyberwarfare effort modeled on the World War II Manhattan Project, requiring an investment ranging from $500 million to $1 billion per year. "The clock is ticking," the letter said.

Some critics maintain that Clarke and institutions such as CMU, which was awarded $35 million in federal funds last year to fight cyberterrorism, are hyping a threat that does not really exist -- especially in the case of al-Qaida, the organization that carried out the attacks of 9/11 ....

[As a source for this story, I was quoted as saying:] "In 2003, it takes no great intellect to say the nation is in great danger from the electronic frontier. The fantastic claim always gets attention, diverts the mind from thornier but mundane problems ... Far easier to say al-Qaida is looking to turn off the power. You don't ever have to prove if there is even a small nugget of truth to it."

Terrorists, Smith said, "are interested in creating bloodshed and terror. The Internet doesn't rise to this level of impact in a way that a truck bomb does."

But Clarke, who was in Pittsburgh yesterday to speak at a computer intrusion detection conference, said he has been in this position before, warning of national security threats that some would not take seriously. Clarke, a counterterrorism coordinator under President Clinton, was among those who worried about Osama Bin Laden's capabilities before the events of 9/11.

"An awful lot of people, unfortunately, don't believe (a cyberattack) will happen," he said. "And as with terrorism itself, we learned from 9/11 that you can yell and yell and yell and imagine something happening and say it is going to happen, as I did with regard to al-Qaida, and no one believes you enough to act until it happens."

As for al-Qaida, Clarke claims that some of its followers have master's degrees in computer science, and that "there is lots of evidence that al-Qaida has downloaded sophisticated hacking tools because we have seized their computers and know what's on them. So, I do think there is grounds for concern."

But focusing on al-Qaida is missing the point, he said. "I don't think it is terribly important who the enemy is. It doesn't matter. What you need to worry about is the vulnerabilities."

There are some encouraging signs that the country may be safer from cyberattacks than it was before 9/11, according to Clarke.

There is anecdotal evidence, he said, that the companies that control much of the country's electric power generators, telecommunications lines, rail terminals and shipping containers are taking the voluntary security steps asked of them in Bush's National Plan for Protecting Cyberspace, developed by Clarke and released earlier this year ...

Some critics, responding to requests from the Bush administration that U.S. firms make themselves more secure, argued that companies have little incentive to pay for such measures in a slow economy.

Others said the plan itself lacked federal firepower.

"If (Clarke) had made it to correspond with the urgency of his warnings, it would have been a strong strategy with teeth in it, capable of compelling the private sector to improve security practices in many different ways," said Smith, the senior fellow with think tank GlobalSecurity.Org. "However, when unfurled, it had no power. It might as well have not been written."

Jump back in the time machine, return to the present.

Here's what readers see in an article at The Smithsonian:

But Clarke is even more concerned about "official" hackers such as those believed to be employed by China.

"I'm about to say something that people think is an exaggeration, but I think the evidence is pretty strong," he tells me. "Every major company in the United States has already been penetrated by China" ...

"My greatest fear," Clarke says, "is that, rather than having a cyber-Pearl Harbor event, we will instead have this death of a thousand cuts. Where we lose our competitiveness by having all of our research and development stolen by the Chinese. And we never really see the single event that makes us do something about it. That it's always just below our pain threshold. That company after company in the United States spends millions, hundreds of millions, in some cases billions of dollars on R&D and that information goes free to China....After a while you can't compete."

No, nobody has noticed all the jobs and treasure that went to China.

Anyway, keep in mind the 1 percent and their shoe-shiners have never looked at the China trade deficit from the aisles of Target or Wal-Mart.

So -- spanning nine years --- you've a good snapshot of our culture of lickspittle, one in which the same people repeat the same scripts over and over, in action. Tough old mutton everyone's chewed through many many times repackaged as new fresh veal cutlets.

For The Smithsonian article, the cyber apocalypse is almost here. Not only has the "competitiveness" been stolen, so have the military secrets. The latter is another constant thread in American natsec discourse, one that reaches back decades.

If there is military confrontation at sea near Taiwan, the Chinese may win it Clarke insinuates for The Smithsonian.

"[We] might be forced to give up playing such a role for fear that our carrier group defenses could be blinded and paralyzed by Chinese cyberintervention," it reads.

Wait, there's more: "Clarke now wants to warn us, urgently, that we are being failed again, being left defenseless against a cyberattack that could bring down our nation's entire electronic infrastructure, including the power grid, banking and telecommunications, and even our military command system ..."

Remember up top, how I said sometimes the names change a little as years go by? I may have exaggerated.

America -- tits up from cyberwar. Currently predicted about once or twice a week and dutifully published, there being no shortage of stenographers and fuglemen for the job.

Get the pies. Imagine your favorite cyberdoom-monger on the stage.

Originally published at Dick Destiny blog.
Got something to say? E-mail ... ah, if you can't figure it out yourself ...

Subscribe to SitRep: SitRep RSS Feed SitRep ATOM Feed