Chertoff also mentioned that 100 countries now have the capabilities to perform cyber attacks and cyber espionage. Though cyberwar is a serious threat, should US cyber war doctrine be the same doctrine we used to defend ourselves against a nuclear attack?
Nuclear weapons could vaporize an entire area and leave it inhospitable for 20-30 years. Where many times cyber attacks are more espionage related, they could turn deadly if power, telecommunications or infrastructure is damaged in a large city. Civil security, medical and food supply could be the heaviest hit.
But one thing that really sticks out to me is the sheer number of nations that have cyber war capabilities. When you compare 9 countries that have nuclear weapon capabilities to the 100 that have cyber attack capabilities, this is a whole new ball game. The attack could almost come from almost anywhere and strike anywhere at anytime.
Cyberwar is very cheap compared to the technology, infrastructure and financial output it takes to build nukes. Also, if someone launched a nuke, pretty sure it could be tracked back to the country of origin fairly easily. Where cyber attacks are very stealthy and sometimes are bounced through several different countries before hitting their target.
What is scary too is that Chertoff mentioned an attack against air traffic control systems. Ira Winkler, former NSA agent and president of the Internet Security Advisors Group said that not only is such an attack possible, but security was never built into air traffic control systems to begin with.
This brings up another issue. The level of force used in responding to a cyber attack. If a third world country launches a cyber attack against the US and disables it’s air traffic control systems while planes are in the air, hundreds of planes and thousands of lives would be at risk. Would we respond by disabling their air traffic control system, when they may only have ten airplanes total in the whole country?
Many experts have said that the US will not take cyber security seriously unless there is a cyber 9/11. The US needs to sit down with the international community and hammer out realistic policy now on responding to cyber attacks. The longer we continue without black and white policies the greater the risk will become.