The cyber sharks are circling America
May 10th, 2013
11:04 AM ET

The cyber sharks are circling America

By William L. Tafoya, Special to CNN

Editor’s note: William L. Tafoya is a retired FBI Special Agent and professor and director of Information Security & Protection at the University of New Haven. The views expressed are his own.

When confronted by a sudden, unexpected high level of stress and overwhelming anguish, our brain employs a coping mechanism that suppresses the experience long enough to enable us to regain control. This capacity kicks in automatically to prevent us being paralyzed, unable to move or speak.

But because the same experience can be perceived differently depending on the individual, each of us responds in a very different way. Some of us will run when confronted by a challenge, while for others, the brain will also try to block something out altogether when we do not understand what is going on. But putting off dealing with something does not resolve it – a fact that U.S. policy makers would do well to consider.

Although the computer was around before, it was not until 1959, when Jack Kilby and Robert Noyce simultaneously but independently invented the integrated circuit – the computer chip – that the Information Age truly began. Since that breakthrough, every facet of our lives has been spinning faster and faster in the direction of total dependence on information systems.

As a result, for years now, cyber security experts have been warning about the vulnerability of our nation’s information systems. They are not all in agreement, of course – what group of experts is? Nevertheless there is at least some consensus that since the dawn of the computer revolution, as our dependence on computers has increased, our cyber underbelly has become more and more exposed. But even as we have become aware of that, so have our potential adversaries.

The fact is that our vulnerability to attacks on our critical infrastructure (communications, air traffic control, water, gas, emergency services, and more) generally, and the power grid in particular, has become dangerously apparent. Meanwhile, the Internet has become a vital part of our personal and professional lives – imagine trying to operate your business, big or small, without it.

Yet this vital tool is being attacked every day, and unless the United States stops being reactive to threats and policy makers become proactive in fortifying our defenses, our very real vulnerabilities will be exposed.

This is not hyperbole. The timid assert that there is no irrefutable evidence that we are actually in danger. But this begs the question of whether it will take yet another catastrophic attack on this country – this time in the form of a cyber attack – for legislators and the public to be roused from their lethargy? Are the reputed threats actual and significant or unconfirmed and exaggerated?

Consider Exposing One of China’s Cyber Espionage Units, a report released in February 2013. The Mandiant Group, a very well respected cyber security firm, presents a widely lauded and comprehensive account of state-sponsored cyber espionage. Their report provides credible evidence of a “smoking gun,” proof that since 2006, elements of China’s People’s Liberation Army, most recently PLA Unit 61398, have been hacking into information systems and stealing hundreds of terabytes of data from 141 American companies in 20 major industries. The theft of these corporations’ intellectual property allegedly included “technology blueprints, proprietary manufacturing processes, test results, business plans, pricing documents, partnership agreements, emails and contact lists from victim organizations’ leadership.” Meanwhile, there are also credible accounts of the information systems of banks, gas pipelines, and virtually every other critical infrastructure having been hacked on an ongoing basis for years.

More from CNN: Pentagon says China using cyber attacks

So far, we have been able to tolerate the inconvenience of a disruption to our power supply. A decade ago in the northeast, when the lights went out in the so-called Northeast Blackout of August 2003, the lives of some 50 million people were adversely affected, with the costs of the blackout hitting an estimated $6 billion damage, with at least 11 lives lost over a mere two day period. Consider how much worse this could have been had it occurred during a winter month. It is true that that incident was not a cyber attack. But it very easily could be next time.

A few years ago, the Scientific American asked an important question: “Are we still at risk for a massive blackout?” The answer, of course, is yes. But will it take an incident of a similar scale to prompt the public to demand that lawmakers take action and come to terms on appropriate and meaningful legislation to ensure that the lights are not put out deliberately.

Consider the U.S. senators who last month voted not to take up the CISPA bill (Cyber Intelligence Sharing and Protection Act), which had passed overwhelmingly earlier in the month in the House of Representatives. That decision underscored the fact that despite us living in a glass house, pundits, politicians and civil libertarians are more fearful of “big brother” than they are of real threats.

One does not need to have a Ph.D. in marine zoology to recognize danger in the water – if we see a dorsal fin coming towards us, a self-preservation instinct should kick-in. It would be foolhardy to wait until we know if it is a basking shark or a Great White that we have spotted in the water before we clamber into the boat to safety.

Today, there are many digital dorsal fins of cyber sharks circling America. If we do not get out of these troubled waters by enacting enabling legislation to protect ourselves, America’s critical information infrastructure will remain more virtual than real. Our way of life is at grave risk. What will it take to spark meaningful action?

Post by:
Topics: Cyber

« Previous entry
soundoff (64 Responses)

    The dog his is out to kil me and the Greeks are behind it. I not fils safety hear. I can haz cheezburger?

    May 14, 2013 at 11:53 pm | Reply

    Purple monkey dishwasher. Why have it always take my blud? Look around you. The lost ones can tak yur soul with black breth and cold heart. Be aaware for it lirks in shadow.

    May 14, 2013 at 11:57 pm | Reply

    Blackness reaches for your lives and I feer I canot protek you from the evil that is to come. Look to god for salvaton and not to currupt soulless individuals who pretend care. Only HE knows truth above all.

    May 15, 2013 at 12:02 am | Reply
  4. steve in oregon

    Remember that movie back to the future? I remember watching it in the theater wondering what the future would be like. I think its fair to say most people would agree we need a movie back to the past! The world is really depressing to watch.

    May 15, 2013 at 3:14 am | Reply


    May 15, 2013 at 9:33 am | Reply
    • allenwoll

      WE ARE - by several fold - our OWN worst enemy ! ! !
      The medium of combat is Political Inluence Money, used to quash and silence the Voice of the People ! ! !
      By comparison, China is but a (healthy) mosquito !

      May 15, 2013 at 12:58 pm | Reply
  6. allenwoll

    Cyber Terrorism, including Cyber Theft is a TECHNICAL problem with a TECHNICAL solution, NOT a political problem - except that governments must insist that that technical solution be found and always implemented.
    Buildings falling down is a TECHNICAL problem with a TECHNICAL solution, NOT a political problem - except that governments must insist that that technical solution be always implemented.

    May 15, 2013 at 10:38 am | Reply
  7. Thomas Warn-Varnas

    well, if a cyber shark exists..

    there must always be cyber bait.. right?



    thomas 🙂

    May 16, 2013 at 9:33 pm | Reply
  8. Rick McDaniel

    The WH will do nothing much about that.

    May 19, 2013 at 6:52 pm | Reply
1 2

Post a comment


CNN welcomes a lively and courteous discussion as long as you follow the Rules of Conduct set forth in our Terms of Service. Comments are not pre-screened before they post. You agree that anything you post may be used, along with your name and profile picture, in accordance with our Privacy Policy and the license you have granted pursuant to our Terms of Service.

« Previous entry