The Washington Post rightly decries the use of hyperbole and proclaims the Chinese hack against OPM was not a “cyber Pearl Harbor” even though it is very problematic:
Very serious people, including then-Defense Secretary Leon Panetta, have warned that the United States is vulnerable to a “cyber Pearl Harbor.” They have cautioned that adversaries could launch attacks on “critical infrastructure” and seek to disable or degrade “critical military systems and communication networks.” They argue that this could have crippling consequences for the nation.
By referring to “cyber Pearl Harbor,” observers are talking about attacks that — like physical attacks — could disable communications systems, power plants, electricity transmission systems and the like. Such attacks would indeed resemble the one on the real Pearl Harbor, a devastating surprise attack that could determine the outcome of a war. Our original post talked about the risk of a “major online attack aimed at taking down key communications systems,” as did the research by Erik Gartzke that was summarized in the article.
But hacking into information on U.S. government employees, however sensitive, is not a Pearl Harbor attack. It doesn’t disable large-scale communications systems, power systems or the like. It doesn’t have any direct consequences for the nation’s ability to defend itself. Instead, it is an (extremely worrying) exercise in espionage, of the kind that the original post distinguishes from Pearl Harbor-type attacks, noting that even if Pearl Harbor-type attacks are unlikely, “many actors have an interest in penetrating U.S. networks to spy or to carry out covert actions.”
Blowing these attacks out of proportion, or trying to use scare tactics to get politicians to budge, is not the way to solve this problem. The US government working with the technology and security industries to implement strong cryptography, and locate and mitigate security vulnerabilities in software are what is necessary.
In short, we need to close the holes allowing these attacks to occur so easily to decrease their viability.