WASHINGTON – Warnings from U.S. Defense Secretary Leon Panetta and U.S. Department of Homeland Security Secretary Janet Napolitano that enemy nations are carrying out cyber attacks on the U.S. are on the rise.
The target? The U.S. electric infrastructure.
Even President Obama has pointed out that “our enemies are also seeking the abilities to sabotage our power grid, our financial institutions and our air traffic control systems.”
But that may not be the worst of it. Those same adversaries – China, Russia, Iran and North Korea – also incorporate in their military doctrine the use of a nuclear electromagnetic pulse, or EMP, attack as “part of a strategic operation that would basically ‘throw the kitchen sink’ at the United States,” according to Cynthia E. Ayers, who once was with the National Security Agency and currently is with the U.S. Army War College.
These countries, she said, will “hit us with everything – computer viruses, sabotage of critical communications nodes, kinetic strikes on key information systems and a nuclear EMP attack.”
“The last, an EMP, is their best chance to collapse our national power grid and take us down, perhaps permanently,” she said.
In recent months, U.S. banks, the Federal Reserve, oil and gas production companies, media outlets and U.S. Defense Department and National Nuclear Security Administration entities have reported what Ayers calls a “massive” number – “in the millions” – of cyber attacks daily
As a former employee of the National Security Agency, she is very familiar with cyber attacks on computers through the Internet and telecommunications systems.
North Korea, for example, recently exploded a nuclear weapon in what experts believe may have been a test of the miniaturization of a nuclear bomb that could fit on its missiles. The Hermit State recently tested successfully a three-stage missile that experts said could reach the Western part of the U.S.
The North Koreans also orbited a package during that missile test, which in the future could be a nuclear weapon that could be exploded at a high altitude above the U.S., causing an EMP blast that would virtually knock out the entire U.S. national electric grid system.
Experts agree that countries that cannot match the U.S. militarily have undertaken asymmetrical, or unconventional, warfare in an effort to defeat or seriously impair America.
Such an attack would be in the form of a kinetic engagement, much as Russia undertook when it invaded the neighboring Republic of Georgia with a combination of cyber and military assault techniques.
Ayers said that such an approach served as a “prototype” for “the ultimate cyberwar.”
“In fact, Russian, Iranian, Chinese and North Korean cyberwarfare doctrine includes EMP attacks on critical infrastructure to effectively remove both cyber capabilities and communications from the battlespace of the adversary,” Ayers said.
“Unfortunately, the battlespace is increasingly civilian.”
Just to be clear, she said, there have been increasing warnings of a cyber and EMP threat from America’s adversaries to collapse the nation’s critical infrastructure.
The collapse of critical infrastructure, whether through intentional attack or from the effects of a great geomagnetic storm, Ayers said, would essentially remove the United States as an actor on the world stage “instantaneously, and long term.”
However, Ayers pointed out, recent events such as a Cyber Security Conference last October, would have been a good forum to underscore the threats, but there apparently were “legal threats to the briefers” despite having been pre-cleared to discuss nuclear power plant vulnerabilities.
“Their warnings were ultimately withheld, not because the presenters were wrong, or even because of classification, but because of private industry fears of the consequences of such revelations made public,” Ayers asserted.
His assertion is reinforced by a Chicago Tribune story last October revealing that legal fears were muffling warnings of cyber security threats. A separate article in the Sophos publication similarly referred to how nuclear power plant cyber security warnings were silenced due to legal threats.
The notion of a “digital warhead” now is coming into vogue, with the introduction apparently by the U.S. and Israel of the Stuxnet virus aimed at industrial controllers associated with Iran’s power grid and its suspected nuclear weapons-related activities.
Ayers said the Stuxnet worm ultimately gave Iranian cyber experts a “leg up” on the possibilities for response.
She said that the Iranians could refocus this digital warhead and turn it into a weapon of mass destruction.
In turning the Stuxnet virus on the U.S., Ayers said the Iranians or any potential adversary could take down the U.S. power grid from remote locations by targeting specific automated control systems for destruction.
Such an initiative, she said, would be “only one step away from a high-altitude nuclear (EMP) attack.”
She pointed out that Iran and other countries openly have discussed such a prospect with U.S. officials.
“Even if the scale of such a threat seems too grandiose, the fact that the U.S. has not to date responded kinetically to a major cyber attack may make escalation in the form of incrementally more devastating cyber efforts enticing alternatives to a smaller challenger with fewer resources,” Ayers said.
Yet, President Obama has ordered new waves of cyber attacks against Iran even though the Stuxnet virus has become public knowledge.
For some, Ayers says, this alone could become a justification for an Iranian response “unless cyberwarfare is considered simply another tactic of a larger, more strategic warfare doctrine – that is, combining kinetic, strategic communication and cyber.”