U.S. Sens. Jay Rockefeller (D-W.Va) and Olympia Snowe (R-Maine), who earlier this month proposed the Cybersecurity Act, today warned in the The Wall Street Journal that the country is at risk of cyberwar.
The op-ed piece ( subscription required ) says the U.S. needs to prepare for cyberattacks which have the potential to "disrupt or disable vital information networks" and "cause catastrophic economic loss and social havoc." It also states that national and economic security are at risk from such cyberattacks. The senators point to recent comments made by Mike McConnell, the former director of National Intelligence, that warned the U.S is already in the midst of a cyberwar, and that it is losing.
Today's editorial appears largely designed to garner broad support for the proposed Snowe-Rockefeller bill. The bill, introduced earlier this month, seeks, among other things, to strengthen cybersecurity by fostering better partnerships between the public and private sector. It would also create the position of a Senate-confirmed national cybersecurity adviser and would require the president to work closely with key private sector executives in the event of a cyber crisis.
The bill also calls for a public awareness campaign to make basic cybersecurity principles "as familiar as Smokey the Bear's advice for preventing forest fires," the senators wrote.
The proposed bill has its share of supporters, but the cyberwar rhetoric being used to justify the need for such measures is viewed skeptically by growing numbers in the industry. Warnings about cyberwar, especially in the wake of the China-based attacks against Google and more than 30 other high-tech companies, is unnecessary overhyping of what's going, some experts say.
One of them is noted security researcher Marcus Ranum, chief security officer at Tenable Network Security Inc. In an opinion piece in U.S. News and World Report earlier this week, Ranum warned that the cyberwar rhetoric is scarier than actual war.
"Suddenly, the steady drumbeat of computer/network security has been pushed to center stage, and now our government is talking about "cyberwar" and pointing a finger at China," Ranum wrote. "Unless you've been asleep for a decade, you ought to be worried when our government starts using the rhetoric of warfare — especially vocabulary like 'pre-emptive' and 'deterrence'."
Ranum today said that concerns about catastrophic economic loss and social havoc stemming from a cyberwar are misplaced.
"When some cyberwar pundit starts talking hellfire and damnation, you need to ask them whether their scenario is going to have the physical and psychological impact of a New Orleans flood or a 9/11," Ranum said in e-mailed comments to Computerworld . The oft-cited disruptions associated with a cyberwar, such as large scale power blackouts, are unlikely to result in the kind of mayhem that is being assumed, he said. Many "experience power failures sometimes lasting days – because of winter weather – and we don't dissolve into chaos," he said.
Ranum's sentiments are similar to that of a growing number of others. James Lewis, who headed a team that developed a set of cybersecurity recommendations for President Obama, recently wrote about the issue in a blog. The nation is not in the middle of a cyberwar, Lewis stressed.
It is unlikely that any country would pre-emptively launch a missile strike against critical infrastructure in the U.S. because of fear of massive retaliation. The same holds true for cyberwar, said Lewis, who is a senior fellow and program director at the Center for Strategic and International Studies. "Foreign leaders will not lightly begin a war with the United States, and the risk of cyber war is too high for frivolous or spontaneous engagement," he said.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld . Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is firstname.lastname@example.org .