During the July 4 holiday weekend, the latest in a series of cyberattacks was launched against popular government Web sites in the United States and South Korea, effectively shutting them down for several hours. It is unlikely that the real culprits will ever be identified or caught. Most disturbing, their limited success may embolden future hackers to attack critical infrastructure, such as power generators or air-traffic-control systems, with devastating consequences for the U.S. economy and national security.
As Defense Secretary Robert Gates wrote earlier this year in these pages, "The United States cannot kill or capture its way to victory" in the conflicts of the future. When it comes to cybersecurity, Washington faces an uphill battle. And as a recent Center for Strategic and International Studies report put it, "It is a battle we are losing."
There is no form of military combat more irregular than an electronic attack: it is extremely cheap, is very fast, can be carried out anonymously, and can disrupt or deny critical services precisely at the moment of maximum peril. Everything about the subtlety, complexity, and effectiveness of the assaults already inflicted on the United States' electronic defenses indicates that other nations have thought carefully about this form of combat. Disturbingly, they seem to understand the vulnerabilities of the United States' network infrastructure better than many Americans do.
It is tempting for policymakers to view cyberwarfare as an abstract future threat. After all, the national security establishment understands traditional military threats much better than it does virtual enemies. The problem is that an electronic attack can be large, widespread, and sudden -- far beyond the capabilities of conventional predictive models to anticipate. The United States is already engaged in low-intensity cyberconflicts, characterized by aggressive enemy efforts to collect intelligence on the country's weapons, electrical grid, traffic-control system, and even its financial markets.
Fortunately, the Obama administration recognizes that the United States is utterly dependent on Internet-based systems and that its information assets are therefore precariously exposed.