AMERICAN SECURITY COUNCIL FOUNDATION

National Security Report

Promoting ‘‘Peace through Strength’’®

In This Issue:

The Invisible Threat

By Alan W. Dowd ASCF Senior Fellow

Volume 1III, Issue VIII—August 2012 Page 2

What if America’s enemies were probing the Pentagon for weak-

nesses, sabotaging the government’s ability to protect the country,

stealing sensitive information and even planting time bombs that

could cripple the country? Most of us would say America is under

attack. And we’d be right. Whatever we call it, something not too

dissimilar is happening in cyberspace, as a disparate collection of

individuals, groups and foreign governments take aim at America’s

information infrastructure—our country’s nervous system.

To get a sense of how vulnerable our information infrastructure is

to foreign exploitation and attack, consider an all-too-real sce-

nario:

You wake up tomorrow morning, turn the TV to your favorite

morning news show, and boot up your laptop while you begin checking the messages on your cell phone. But your cell phone is

dead. The Internet works, but the websites of your favorite newspapers don’t. Only a handful of TV stations—all local channels—

are broadcasting. And all of them are warning viewers to boil water before drinking it, due to the failure of water-treatment fa-

cilities. A scrolling statement along the bottom of the screen announces that several major banks are unable to open due to com-

puter problems; electrical-power grids in the Northeast have gone dark; and automatic failsafe procedures have kicked in at sev-

eral airports, snarling air travel across the country. Hospitals and groceries, gas stations and seaports, are shut down and cut off.

Scrambling for information, you turn on the radio and hear reports that the United States has been hit by “a massive cyberattack

of unknown origin.” A hurriedly crafted White House statement announces that the president has been moved to an undisclosed

location. You race back to your computer to email friends in other parts of the country, but now, aside from the words “Unable

to connect to the Internet,” the screen is blank. America is blind, panicked and under attack.

Web War I

Defense Secretary Leon Panetta has described this sort of cyberattack as “the next Pearl Harbor.” But that may be an understate-

ment. Unlike Pearl Harbor, which decimated the Pacific fleet but left America’s vast industrial, communications and utilities infra-

structure untouched, an orchestrated cyberattack could cripple our power grid, freeze our financial system, blind our military

and scramble our communications networks—mixing the very worst of Pearl Harbor, 9/11, the 2003 Northeast Blackout and the

2008 economic crash.

If that sounds overly dramatic or alarmist, just consider Estonia, which weathered what some call “Web War I” in 2007. It started

when Russian nationalists unleashed a withering volley of “distributed denial of service” attacks that disabled Internet-

dependent systems across the country, including networks supporting government agencies, media outlets, the mobile-phone

system, the 9-1-1 equivalent and the country’s largest bank. In layman’s terms, the attackers crashed networks with countless

computer-generated “zombie” hits, flooded servers with junk data, and, as The International Herald Tribune explained, over-

whelmed “the routers and switches…that direct traffic on the network.”

“Cyber-attacks are a form of offensive action that can paralyze, weaken, harm a nation-state,” Estonian president Toomas

Hendrik Ilves explained following the three-week cyber-siege of his country.

A year after Estonia, Russian cyber-militiamen launched a digital invasion ahead of the Russian military’s ground invasion of

Georgia, crippling government networks, hijacking servers and slowing Georgia’s ability to respond.

In 2009, hackers from the former Soviet Union, bankrolled by Hezbollah and Hamas, carried out cyberattacks against Israel. As

the Israeli newspaper Haaretz reported, “The Home Front Command’s site, which instructs citizens how to protect themselves

from attacks, was down for three hours.”

Page 3 ‘‘Peace through Strength®’’

www.ascfusa.org

Russia is not the only culprit—and the list of victims is not limited to our friends in Estonia, Georgia and Israel. Gen. Keith Alexander, commander of U.S. Cyber Command (CYBERCOM), notes that “over 100 countries have network-exploitation capabilities…in 2011 the number of cyberattacks rose 44 percent…the number of attacks on U.S. critical infrastructure went from nine in 2009 to over 160 in 2011.”

Many of those attacks are emanating from China.

• Beijing encourages hundreds of quasi-independent hacker teams and even trains some at Chinese military bases. In fact, the Pentagon concluded in 2007 that the People’s Liberation Army (PLA) “has established information warfare units to de-velop viruses to attack enemy computer systems and networks.”

• Germany blames hackers linked to the PLA for massive cyberattacks against the chancellery and foreign ministry. One Ger-

man official even used the phrase “Chinese cyberwar” in describing the attacks.

• In 2007, the Pentagon was forced to disable computer systems serving the Office of Secretary of Defense, after it was dis-

covered that the PLA had hacked into the system. • Chinese hackers have attacked government ministries in Europe, Japan, India, Taiwan, South Korea, Australia and dozens of other countries; penetrated computer systems at U.S. defense firms, the White House, State Department and NASA; and planted computer components in the United States with Trojan horse codes that could be activated to destroy or disable real-world facilities. “If we go to war with them, they will try to turn them on,” an intelligence official told The Wall Street Jour-nal.

• The Pentagon’s 2008 report on China concluded that Beijing views cyberspace as an arena for “non-contact warfare” and aims to conduct “cyber-warfare against civilian and military networks—especially against communications and logistics nodes.”

• “China’s development in the cyber realm, combined with its other anti-access/area denial capabilities, imposes significant

potential risk on U.S. military activities,” according to Adm. Samuel J. Locklear III, commander of Pacific Command. Indeed,

the Pentagon’s 2011 report on Chinese military power noted that Beijing would employ cyberattacks “to constrain an adver-

sary’s actions or slow response time by targeting network-based logistics.” Consider the gaping vulnerabilities of U.S. Trans-

portation Command (TRANSCOM). AOL Defense reports that 90 percent of TRANSCOM’s communications are handled on

unclassified networks, owing to the fact that TRANSCOM has to rely on collaborative relationships with commercial partners

to move military equipment. In the event of a U.S.-China crisis, it’s not difficult to imagine Chinese cyberwarriors exploiting

this vulnerability.

Something Bad

The physical infrastructure America depends on—the electrical grid, water-treatment facilities, air-traffic control system,

transportation arteries—depends on cyberspace. And cyberspace is at risk. With a few keystrokes, someone could throw

America’s high-tech society back to pre-industrial days.

Before scoffing at that possibility, listen to the words of Ene Ergma, head of the Estonian parliament: “Cyberwar doesn’t make you bleed. But it can destroy everything.” Or consider this: The British government warns that utilities-network up-grades carried out by the Chinese telecom firm Huawei may have given Beijing the ability to shut down essential services, including power and water supplies.

Similarly, The Wall Street Journal has reported on “pervasive” penetration of the U.S. electrical grid, whereby malicious software and sleeper switches have been implanted to allow China or Russia to disrupt service at a time of their choosing.

It’s no wonder that House Intelligence Committee Chairman Mike Rogers warns that “Something pretty bad is coming.” Alex-ander worries about the enemy’s “transition from disruptive to destructive attacks…I think those are coming.”

The challenge is to mitigate the effects of a full-blown cyber-crash, cyber-blackout, cyber-9/11 or cyber-Pearl Harbor—and

then to take the fight to the enemy’s swath of cyberspace. Click here for part II

American Security Council Foundation Page 4

The American Security Council Foundation is a 501 (c) (3) Tax Exempt Organization Est. 1958

Peace through Strength® is a registered trademark of the ASCF. All rights reserved

Donate now to the ASCF at www.ascfusa.org

LEVELS OF MEMBERSHIP

Please Select Your Annual Membership Level

Student Membership $10.00

Post 9/11 Veterans $10.00

Patriot $25.00

Bronze Eagle $50.00

Silver Eagle $100.00

Gold Eagle $250.00

President’s Circle $500.00

Corporate Associate $10,000.00

Executive Associate $25,000.00

MEMBERSHIP FORM

To join ASCF , please fill out the form below and mail it back or join at

Name:______________________________________

Address: ___________________________________

City/State/Zip:_______________________________

Telephone:__________________________________

E-mail:_____________________________________

Mail to: ASCF 1250 24th Street, NW Suite 300

Washington, D.C . 20037

Scan below to Join ASCF