Cyber Attacks Are America's Top Security Threat. That’s Better News Than It Sounds

A new report lists cyber attacks as the greatest threat to U.S. security. Here's why you shouldn't be too worried.

Cyber War Training

070712-N-9758L-048 PEARL CITY, Hawaii (July 12, 2007) Ð Information Systems Technician 2nd Class Athena Stovall, assigned to Commander U.S. 3rd Fleet in San Diego, scans the network on her computer for intrusions during a cyber war training course at the Space and Naval Warfare Systems Center. The course is designed to improve how military members would act in a real-life cyber war environment by defending the networks with sweeps and scans of the system as well as responding to intrusions, such as viruses and probes. U.S. Navy photo by Mass Communication Specialist 3rd Class Michael A. Lantron (RELEASED) U.S. Navy via wikimedia commons

Cyber attacks are the top threat facing the United States, according to a report that the Director of National Intelligence published this week. That is new. Most national threats of yore implied some sort of physical damage--terrorism, weapons of mass destruction, nuclear warfare, and so on. Placing cyber attacks in the number one spot reveals a few things about how the nature of security has changed.

1. The trend is toward less dangerous threats.

For much of the past decade, terrorism was widely believed to be the top threat facing the United States. Understandably so: The aughts opened with the most horrific terrorist attack on U.S. soil to date and saw dangerous radicals in Madrid, London, Mumbai, and elsewhere plant bombs or launch other smaller attacks. These are scary things, but such attacks are also rare and small-scale.

Cyber attacks, while potentially very disruptive to the economy or power grid, are unlikely to kill nearly as many people as terrorism. (Or, for that matter, be anywhere near as terrifying as the nuclear standoff that dominated much of the last century.) Fear of cyber attacks on critical infrastructure and military controls should encourage the United States to adopt better security measures, and to judge by the White House's recent cyber security initiative and the Pentagon vowing to launch cyber counter-attacks, it looks like we have some promising momentum. (Though, um, some recent announcements about weak cyber defenses and firing cyber defense inspectors show we still have a long way to go.)

Regardless: if we're to go by verified reports, the number of people killed by cyber attacks so far is exactly zero. Of course, it's possible that someday, cyber attacks could sabotage a computing system, causing a crash that kills people. But right now, when describing cyber attack casualties, we have to talk about it in hypothetical terms because there are no actual cases.

However new and scary this threat is portrayed cyber attacks alone won't kill anyone. For proof, watch this German telecom real-time map of ongoing cyber attacks for a few minutes and then note how many places attacked are suddenly reduced to post-apocalyptic wastelands. Keep this in mind the next time a politician warns about "cyber 9/11" or "cyber Pearl Harbor."

2. Cyber is very different from other threats, and needs to be treated accordingly.

We're used to thinking of security threats as things that go boom and end in dead bodies. The overwhelming majority of cyber attacks will instead look more like crime or spycraft. Cyber attacks are useful for getting at and stealing data, especially that held by governments or businesses. When cyber attacks do cause physical damage, it's so far been through industrial sabotage that breaks complicated machines. Attacks like this, focused on data stealing, financial meddling, or industrial sabotage are best dealt with law enforcement and intelligence agenices. LulzSec, a hacking group that brought sites offline throughout the summer of 2011, was compromised and later brought down by police tracking down one of their members in person and turning him into an informant. Zero Dark Thirty this isn't.

There is the potential for cyber attacks to be deadly, but the most likely way for that to happen is a cyber attack against critical infrastructure like powerplants, dam controls, pentagon computers as part of a broader attack by regular military forces. This isn't exactly new; disabling enemy equipment or intercepting enemy communications is as old as communication itself, and the Pentagon has already said it will treat such attacks as acts of war.

3. Cyber is a threat now because very few other things are.

Even at the height of a budget crisis and with automatic spending cuts in effect, the United States spends more on its military than the next nine biggest military spenders in the world. In terms of conventional military power, no nations come close to the United States. We are living in a largely unprecedented era of safety. Cyber attacks, like terrorist attacks before it, will cause some harm. But these are primarily attacks used by small militant groups or criminals, or even nations that cannot challenge the U.S. by conventional means. That is actually a good thing. Whenever I see a headline panicking about cyber war, it just reminds me that we live in an era where the risk of conventional war or nuclear war is negligible.