海角大神

What keeps Pentagon planners today up at night, even more than the threat of a terrorist attack? It is the prospect of an act of cyberwarfare 鈥� an incursion into America鈥檚 financial systems, water treatment plants, or the electrical grid that keeps lights on and homes heated.

鈥淐yber will overtake terrorism as the persistent, gnawing, constantly-at-us kind of threat and danger,鈥� warned Ashton Carter, deputy secretary of Defense, at a conference last month in San Francisco. He was relaying the fears of FBI Director Robert Mueller, who has been describing the dangers of cyberincursions in the same stark terms for months.

On this front, Pentagon officials have become increasingly vocal. They routinely hire teams of professional hackers to find vulnerabilities in computer systems. And they have lobbied to pass legislation currently circulating on Capitol Hill to step up information-sharing between the government and private industry to increase cybersecurity, especially when it comes to 鈥渃ritical infrastructure鈥� such as power plants.

Yet this information-sharing raises eyebrows among some critics outside the Defense Department, who say private companies have enough incentive to improve cybersecurity without legislating it, and that such exchanges between the Pentagon and industry have the potential to compromise privacy.聽

The Pentagon, for its part, makes no secret of the fact that, even in a time of fiscal restraint, there is money to be had for firms that can help make the cyber realm more secure. In the midst of tense defense budget negotiations, 鈥淚 can just tell you that at no time in the deliberations ... was it even considered to make cuts in our cyber expenditures 鈥� not even considered,鈥� Mr. Carter said.

In fact, that portion of defense spending is increasing. It would increase still more 鈥渋f we could find more worthy investments to make,鈥� Carter added.

Even so, companies don鈥檛 necessarily understand the threat of cyberattack, Pentagon officials say. Though the 鈥渓ong march鈥� toward cybersecurity is just beginning, Carter says, 鈥淚t鈥檚 difficult to embark on this march, because the market, both economic and political, undervalues security at the moment 鈥� doesn鈥檛 see it, doesn鈥檛 fully get it,鈥� he added. 鈥淎nd I鈥檓 afraid events will soon prove it wrong.鈥�

Legislation on Capitol Hill would require a certain degree of federal oversight of cyberprotection for 鈥渃ritical infrastructure鈥� such as power stations and water plants. Disabling such facilities by attacking their computer systems, say defense officials, would be a 鈥渃yber Pearl Harbor.鈥� The bill also would require private firms to let the government know when their systems are hacked.

This seems reasonable, say US officials. 鈥淭here are only two types of companies: those that have been hacked, and those that will be. Even that is merging into one category: those that have been hacked and will be again,鈥� the FBI"s Mr. Mueller said last month. 鈥淢aintaining a code of silence will not serve us in the long run.鈥澛�

Yet it remains unclear how information that private companies share with the US government might be used, says says Jerry Brito, a senior research fellow at the Mercatus Center at George Mason University.聽鈥淎re we going to start profiling terrorist suspects based on their Internet habits?" he asks. "There are all sorts of things you can do with this information.鈥澛�

Some say the threat of attacks on these plants may not be as great as some Pentagon officials seem to think.

鈥淲e鈥檝e seen what a blackout looks like. It鈥檚 not fun,鈥� says Dr. Brito, who also directs the Technology Policy Program at the Mercatus Center. 鈥淏ut it鈥檚 not such a huge overwhelming concern that it鈥檚 an existential threat 鈥� I really haven鈥檛 seen any evidence of that.鈥澛�

Just how much of a role the Pentagon needs to play in defending these systems remains an open question, too, Brito adds. 鈥淚鈥檓 personally skeptical that we need legislation to solve these cybersecurity issues,鈥� he says. 鈥淲hy do we believe that the private sector doesn鈥檛 have an incentive to protect itself?鈥�

While the threat is real, plant owners, too, have an interest in defending against it. 鈥淔olks who own a nuclear power plant invest billions into it 鈥� they don鈥檛 want to see that investment destroyed,鈥� Brito says.

Disabling power plants and other critical infrastructure is difficult enough that terrorist groups, many of whom are luddites, aren鈥檛 capable of doing it, some argue. The only groups that currently have that capability are foreign militaries, such as China's, Brito says, and China and the US have enough economic links that a cyberattack on US infrastructure by China is not a very distinct possibility.

But the Pentagon is not dissuaded from sounding the alarm. At a recent hearing of the House Armed Services Emerging Threats subcommittee, a top official at the Defense Advanced Projects Agency, or DARPA, the Pentagon鈥檚 internal futuristic think tank, urged not only the expansion of America鈥檚 cyberdefenses, but also the development of offensive cyber capabilities as well 鈥� which could include, say, honing the ability of US forces to shut down the power grids and financial systems of other countries.

鈥淢odern warfare demands the effective use of cyber, kinetic, and combined cyber and kinetic means,鈥� Kaigham 鈥淜en鈥� Gabriel, deputy director of DARPA, recently told lawmakers. 鈥淲e need cyber options that can be executed at the speed, scale, and pace of our military kinetic options,鈥� he added. 鈥淲e need approaches that match the diversity, dynamic range, and operational tempo of DOD activities.鈥� In short, he said, 鈥淲e need more options.鈥�