Cyber attacks on corporations and governments are no longer unusual. Suspects and their computers are hauled away on a regular basis.
That’s why Admiral James Stavridis sees cyber security as the top challenge for his successor. he said, “Our society is so dependent on all these cyber capabilities, and yet our level of preparation is very low, particularly as an alliance.”
It’s also relatively easy. Anyone with decent computer skills can do it.
NATO does have a command center for cyber defense and a cyber research center in Estonia. But Admiral Stavridis said, even within the alliance, international cooperation on cyber defense is limited.
“This is, of course, an area in which nations are extremely sensitive and are very concerned about showing what they know to each other,” he said. “But we’ve got to get over that because the threat is very high and very real.”
Cyber attacks can range from nuisance attacks to strikes at computers that control banks or air traffic. There have been thefts of government intelligence and corporate secrets. And cyber attacks can have physical consequences, like disabling power plants. Last week, U.S. officials said a cyber attack helped a gang steal $45 million from cash machines around the world.
At London’s City University, Professor Kevin Jones heads the department of computer sciences. He said the Internet makes it possible for anyone to be a terrorist.
“That’s sort of terrorism at a much more approachable level than individuals carrying explosive devices because people are doing it from the security of their own bedrooms,” he said.
Many countries are developing offensive cyber weapons, and some, including China, Israel and the United States have been accused of using them.
“I think it’s too soon to bring that into the alliance,” the admiral said. “But that’s an area that I think individual nations are going to be looking at. And, over time, what’s needed here is the intellectual capital that evolves a theory of deterrence in the world of cyber.”
Deterrence could be achieved through threats of cyber or conventional attacks. Professor Jones thinks it just might work.
“You could imagine setting up a situation where it’s deemed far too risky to make an attack on country X’s stock exchange because you know the consequences are your systems will then be attacked and closed down in a certain way,” he said.
But an individual with a grievance might not care whether his or her country suffers a counterattack, adding another dangerous dimension to the issue Admiral Stavridis already has at the top of his list.