• by Dave Morgan , Featured Contributor, June 2, 2011

Earlier this week, the Pentagon released portions of its first formal cyber strategy and announced that it might respond to cyber attacks with traditional military force. As an unidentified U.S. military official told The Wall Street Journal, "If you shut down our power grid, maybe we will put a missile down one of your smokestacks."

This is serious stuff.

Hacking strategic U.S. national assets seems on the rise. Certainly, we've seen a rise in news reports about attempts by hackers to compromise very sensitive U.S. communications and defense systems. Just this morning, we learned that hundreds of Gmail accounts, including those of some top U.S. government officials, were subjected to a phishing attack to capture secret passwords from computers that appear to be located in the vicinity of a top military training school in China. This past weekend, we learned that Lockheed-Martin and Northrop Grumman, both U.S. defense contractors, were subjected to significant hacking attacks last month.

Hacking can do considerable damage. Last month, we saw hackers take Sony's Playstation network down multiple times, and compromise credit cards information and user names and passwords for many thousands, perhaps millions, of users. In an earlier attack on Gmail, hackers reportedly stole critical Google source code. A hacker-introduced virus, rumored to be the handiwork of U.S. and Israeli intelligence forces, has permanently disabled much of Iran's network of uranium-enriching centrifuges.

Some governments may be complicit, but it's hard to know. Google is blaming China for the Gmail attack, probably assuming that if the "Great Firewall of China" is so good at suppressing Internet activities undesirable to the Chinese government, they must also have knowledge and the ability to control rogue activities like those emanating from Jinan that targeted Google. Given the massively distributed nature of the Internet, and the ability to "commandeer" thousands of computers and "daisy chain" them together to execute attacks, generally without the knowledge of the computer owner, it's extremely difficult to identify offending computers -- and consenting governments -- with real certainty.

It's hard to fight asymmetrical threats with traditional military force. Technology has enabled individuals acting alone to accomplish enormous tasks -- many of them good ones -- but also to wreak enormous damage.
A single hacker can disable a power grid. Knowing how he or she did it, from where, and who helped him, is exponentially more difficult than tracing a missile strike to a specific launch site or aircraft and to an aggressor nation. Putting a missile down a smokestack is a classic symmetrical response. Threatening to do that to a country that may, or may not, be the resident nation for the single elusive hacker may sound bold, but is probably going to be a very hard button to push in reality.

Why am I writing about this today? All of us working in Internet-based businesses have a front-row seat to the power of digital communication networks. We know the good things that these networks enable. Our voices will be important as our governments debate and decide important public policy decisions that may involve controlling and limiting those networks to prevent bad things from occurring on them as well. What do you think?