(Dobbs) Could We Face a Cyber Armageddon?
The worst-case scenario is, Mutual Assured Destruction
We’re all aware of the nuclear threat that Vladimir Putin put on the table when he menacingly said at the start of the war that Russia “remains one of the most powerful nuclear states,” and put his nuclear forces on high alert, and warned that if the West “tries to stand in our way,” there could be “consequences greater than any you have faced in history.”
We are less aware of the cyber threat that’s also out there known as a “cyber apocalypse,” a bombardment of malware, ransomware, and other malignant machinations to either dangerously slow, or altogether shut down, a nation’s civilian infrastructure. Some use an even more chilling name for this threat: cyber Armageddon.
Imagine if Armageddon comes.
Imagine how bad it would be if your electricity, your heat, your water stopped working. Imagine if you couldn’t make a phone call, or send a text, or get an email, or access social media. Imagine if your credit cards didn’t connect, your bank accounts were irretrievable, your stock holdings were frozen, or your medical records disappeared. Imagine if food producers stopped producing, pipelines stopped flowing, and hospitals stopped functioning. Imagine if you couldn’t pump gas and busses couldn’t run and planes couldn’t fly.
If the war in Ukraine escalates to that level of cyberwarfare, we won’t have to imagine it. We’ll be living it. Because all those critical needs and more— our digital information sources, our weather forecasting tools, our military’s communication networks— are dependent these days on computers, and computers are vulnerable to the threat of a cyber Armageddon.
So when President Biden warned earlier this week that U.S. intelligence agencies see “preparatory activity” by Russia that targets American infrastructure, that’s what he was talking about. To the degree that our intel on the whole Russian campaign has been reliable so far, this seems more than a theoretical threat. Rather, as Biden put it, “It’s part of Russia’s playbook.”
This could bring a war that is otherwise being fought thousands of miles from our shores, right up to our doorsteps. As a friend of mine profoundly put it, if Putin escalates to cyber or nuclear, “The miles don’t matter.”
We are not ill-equipped to deal with it, but we are not perfectly well-equipped either. The good news is, we still are the dominant force in the technology world— think Microsoft, Apple, Google, and others. The bad news is, what are known as “cyber defenses” are in the hands of each infrastructure provider— each water and gas and electricity utility, each cell phone company, each bank and brokerage, each hospital, each airline, and all the rest.
A case in point in this week’s news: federal prosecutors have just charged three Russian agents, who they say have “a decade of experience going after U.S. critical infrastructure,” with hacking with a dangerous malware called Triton into a privately owned nuclear power plant in eastern Kansas. One cybersecurity expert called it “a new leap in what is possible.”
A former senior official of the Department of Homeland Security, Tatyana Bolton, is confident that some of our critical companies are prepared for whatever could come: “The J.P. Morgans of the world spend more on cybersecurity than many government agencies.” But her confidence is tempered by the possibility that Putin has “pre-positioned malware” in our energy sector— like the nuclear plant in Kansas— and elsewhere and that under pressure, he might finally activate it.
It might also be tempered by the realistic appraisal of Microsoft’s president, Brad Smith, about the limits of his ability to stop what’s coming: “We are a company, and not a government or a country.”
It’s equally realistic to consider the cybersecurity limits of our government. When the president issued his warning, he acknowledged that “the federal government cannot defend against this threat alone.” Glenn Gerstell, a former general counsel for the National Security Agency, confirms that. “The federal government, even if warned by companies like Microsoft of incoming cyberattacks, doesn’t have the necessary infrastructure in place to protect American businesses from many of these attacks.”
In short, no one— not in tech, not in government— can build an iron curtain to block a cyber apocalypse and protect us from every attack Putin might launch.
We know he could do it to us. We also know we could do it to him. Which raises the unnerving concept of Mutual Assured Destruction. In a nuclear confrontation, each side has defensive missiles that would shoot the enemy’s missiles down. But each side has enough offensive missiles that many would still get through.
In a cyber confrontation, each side has defenses, but not necessarily enough to insulate infrastructure from a crippling collapse. Not necessarily enough to prevent a cyber Armageddon.
So far, Vladimir Putin has not lit the fuse. But he does have the match.
Over almost five decades Greg Dobbs has been a correspondent for two television networks including ABC News, a political columnist for The Denver Post and syndicated columnist for Scripps newspapers, a moderator on Rocky Mountain PBS, and author of two books, including one about the life of a foreign correspondent called “Life in the Wrong Lane.” He has covered presidencies and politics at home and international crises around the globe, from Afghanistan to South Africa, from Iran to Egypt, from the Soviet Union to Saudi Arabia, from Nicaragua to Namibia, from Vietnam to Venezuela, from Libya to Liberia, from Panama to Poland. Dobbs has won three Emmys, and the Distinguished Service Award from the Society of Professional Journalists.