'Missiles Down Smokestacks' For Hackers?

Earlier this week, the Pentagon released portions of its first formal cyber strategy and announced that it might respond to cyber attacks with traditional military force. As an unidentified U.S. military official told The Wall Street Journal, "If you shut down our power grid, maybe we will put a missile down one of your smokestacks."

This is serious stuff.

Hacking strategic U.S. national assets seems on the rise. Certainly, we've seen a rise in news reports about attempts by hackers to compromise very sensitive U.S. communications and defense systems. Just this morning, we learned that hundreds of Gmail accounts, including those of some top U.S. government officials, were subjected to a phishing attack to capture secret passwords from computers that appear to be located in the vicinity of a top military training school in China. This past weekend, we learned that Lockheed-Martin and Northrop Grumman, both U.S. defense contractors, were subjected to significant hacking attacks last month.



Hacking can do considerable damage. Last month, we saw hackers take Sony's Playstation network down multiple times, and compromise credit cards information and user names and passwords for many thousands, perhaps millions, of users. In an earlier attack on Gmail, hackers reportedly stole critical Google source code. A hacker-introduced virus, rumored to be the handiwork of U.S. and Israeli intelligence forces, has permanently disabled much of Iran's network of uranium-enriching centrifuges.

Some governments may be complicit, but it's hard to know. Google is blaming China for the Gmail attack, probably assuming that if the "Great Firewall of China" is so good at suppressing Internet activities undesirable to the Chinese government, they must also have knowledge and the ability to control rogue activities like those emanating from Jinan that targeted Google. Given the massively distributed nature of the Internet, and the ability to "commandeer" thousands of computers and "daisy chain" them together to execute attacks, generally without the knowledge of the computer owner, it's extremely difficult to identify offending computers -- and consenting governments -- with real certainty.

It's hard to fight asymmetrical threats with traditional military force. Technology has enabled individuals acting alone to accomplish enormous tasks -- many of them good ones -- but also to wreak enormous damage.
A single hacker can disable a power grid. Knowing how he or she did it, from where, and who helped him, is exponentially more difficult than tracing a missile strike to a specific launch site or aircraft and to an aggressor nation. Putting a missile down a smokestack is a classic symmetrical response. Threatening to do that to a country that may, or may not, be the resident nation for the single elusive hacker may sound bold, but is probably going to be a very hard button to push in reality.

Why am I writing about this today? All of us working in Internet-based businesses have a front-row seat to the power of digital communication networks. We know the good things that these networks enable. Our voices will be important as our governments debate and decide important public policy decisions that may involve controlling and limiting those networks to prevent bad things from occurring on them as well. What do you think?

2 comments about "'Missiles Down Smokestacks' For Hackers?".
Check to receive email when comments are posted.
  1. Michael Caruso from ClickFacts, Inc., June 2, 2011 at 12:57 p.m.


    Great article.

    The industry needs to think about security proactively not wait like we did with the issues with cookies tracking. The FTC and others in government are looking seriously at malware in ads, pages, widgets/applications. Social media is ripe for malware (malicious software).

    ClickFacts has been fighting malware as you know for years. Malware has been linked to identity theft and infrastructure attacks like mentioned and in this article yesterday:

    One point, I made in the article is that many of the hacks are done with off-the-shelf software (exploit kit): and in some cases the bad guys are connected to organized crime or potentially governments but is possible for an individual to buy the aforementioned exploit kit.



  2. Jeffrey Minsky from OMD, June 6, 2011 at 6:59 p.m.

    Hello...Shall we play a game? How about Global Thermonuclear War?

Next story loading loading..