Former Defense Secretary: “small window” exists to prevent cyber terrorist attacks

"In cyber we have a small window of opportunity to act before the most malicious actors acquire the most destructive technologies", Gates told an audience last week
"In cyber we have a small window of opportunity to act before the most malicious actors acquire the most destructive technologies", Gates told an audience last week

“Today, even as the [US’s] political class and citizenry are understandably focused inwardly on our own economic problems and political paralysis to deal with them, the rest of the world continues to mark on, becoming only more turbulent, more complex, and in some instances more dangerous”, Gates told the audience in Philadelphia late last week.

“We tend to postpone addressing problems until they have reached a crisis situation”, he warned, adding that agencies tasked with protecting the nation against physical and cyber attacks “are denied adequate resources to do what is expected of them”.

What Gates was referring to is the pending “fiscal cliff” that is scheduled to trigger automatically at the beginning of 2012 if a greater budget agreement is not reached. It will mean tax increases and budget cuts across the government, including those allocated to defense and homeland security. Once implemented, he said it would result in “deep and damaging cuts to the national defense and homeland security capabilities” of the US government.

As he reflected on the 11th anniversary of the 9/11, Gates said that few experts would have predicted the absence of any further terrorist attacks on US soil in the decade after the terrorist attacks. And although the death of Osama bin Laden and other leaders have dealt a serious blow to al Qaeda, the organization is by no means dead. “While al Qaeda is on its heels…the organization has metastasized to Iraq, North and East Africa, Nigeria, and Yemen. It has also turned to alienated indigenous Muslims outside the greater Middle East to launch attacks in their homelands – especially in the United Kingdom and the United States”, Gates said.

The internet has been a major tool in radicalizing these disaffected Muslims, the former US defense chief and CIA director maintained. “On one level we have been lucky in that a number of plots that could have caused great damage have failed – in some cases because of the blundering and amateurish attempts of the would-be terrorists”, but also because of military operations and heightened awareness among the general public.

“We have to be honest with ourselves”, Gates continued. “We can no more eliminate the risk from terrorism altogether than we can eliminate crime. To expect that the government will be able to stop any and all kinds of future terror attacks is completely unrealistic, especially in a large and open country with more than 300 million people.” But the US must continue to address these threats nonetheless, Gates added, without compromising its core values.

The China Syndrome

The threat of physical attacks – namely terrorist, or in the case of Iran, potential nuclear ones – was cited as a low to mid-level security concern by Gates. Perhaps the most pressing threat, he opined, was that of terrorist groups and rising powers that are developing technologies to “take advantage… of our vulnerabilities, to sever lines of communications…and in so doing narrow our military and strategic options”. But rather than leave us to read between the lines, Gates asserted that it was China that he was specifically referring to.

Some “cling to the naive view that financial self-interest will keep the Chinese benign for the foreseeable future”, he said. Citing China’s need to maintain such a high economic growth rate to satisfy it’s rising middle class, the former defense secretary said the Chinese are avoiding an expensive military arms race with Western powers and are instead investing in things like “electronic warfare assets” – what he said Chinese strategists consider part of it’s Assassin’s Mace strategy.

“The US military and economy relies on information technology to function, which has created new vulnerabilities”, Gates observed. “Those wishing to cause us harm no longer need an industrial complex to marshal deadly force”. It’s far cheaper, in contrast, to develop cyber warfare capabilities, Gates proclaimed. “A small number of highly trained programmers using off-the-shelf equipment can develop toxic tools and deploy them with great effect”, he warned.

Then came perhaps the most curious part of Gates’ address to the crowd in Philadelphia. “Today we have seen cyber tools used to exploit information or disrupt networks…used to cause physical effects, such as the reported havoc wreaked by the Stuxnet virus on Iran’s nuclear facilities”. Curious, notably, because Gates was referring to the threat of Chinese cyber intrusions, but failed to mention that reports have implicated the US and it’s Israeli ally as the source of Stuxnet.

Nonetheless, his red flag over the importance of the cyber threat remains valid – but it’s the sources of such attacks, and their attribution, that remains in question. As Gates observed: “Because US military power provides a strong deterrent, most nation-states have no more interest in conducting an easily traceable and highly destructive cyber attack than they do a conventional military one.

“Terrorist groups”, he added, “have no such hesitation. With few assets to strike back at, they are hardly deterred. If a terrorist group gains a disruptive and destructive [cyber] capability, we have to assume it will strike with little hesitation. So in cyber we have a small window of opportunity to act before the most malicious actors acquire the most destructive technologies”.

What’s hot on Infosecurity Magazine?