The recent defeat of the Cybersecurity Act in the Senate has brought some added attention onto the semi-frequent claims of legislators and pundits alike of the threat of “cyber-terrorism” or “cyber-crime” that Americans face. This seems to be a non-partisan issue, in the sense that Democrats and Republicans alike seem to agree that the threat is real, present, and significant (the Republican filibuster in the Senate was over the regulatory requirements of the specific legislation, and not a dispute as to the presence of the threat in general). As a libertarian who still listens to conservative talk radio, I can tell you that the thought of computer hackers working for the Chinese military constantly attempting to destroy our nation via computer attacks is regularly brought up and generally acknowledged as fact. The mainstream media seems to think so too.
As usual, any time that democrats, republicans, and the media all agree on something, my instinct is to assume that the something is incorrect. When it comes to the issue of “cyber-security” I have one simple question, if the threat is so large, why haven’t we ever experienced such an attack? I think most of us understand that, heavily exaggerated though it may be, actual terrorism is a real threat that exists. We know this because we have seen it. We’ve seen the airplanes hit the towers. We’ve witnessed first hand the dramatic loss of life, as well as economic costs, that can potentially happen as a result of actual terrorism.
“Cyber-terrorism,” on the other hand, continues to be a hypothetical. We are told that the United States faces near constant cyber-threats from individuals as well as hostile foreign governments. We are told that these attacks could have hugely devastating consequences, shutting down our power grid, our transportation systems, our financial systems, and generally bringing our entire way of life to a screeching halt. But nobody has ever seen that happen. Personally, I’ve never known such a thing to occur even on a small level. What exactly is the worst cyber-attack in the nation’s history? The theft of 80 million Playstation Network accounts? High profile websites being shut down for a few hours? Not exactly “the end of civilization as we know it,” now is it?
Given that we’ve yet to witness any severe disruptions from cyber-terrorism, I’ve determined that one of three scenarios must be true:
1. The government is lying to us about the volume of the threat. In this scenario, rather than constant attacks, the attacks are few and far between. Few enough that they can be easily noticed and stopped.
2. The government is lying to us about the potential consequences of the threat. In this scenario, attacks may be constant, but the amount of potential damage they can do is not nearly the society-ending catastrophes painted in the media.
3. The government is being completely honest about both the volume and potential consequences of the threat, but government agents (presumably the NSA?) are just that damn good at preventing it that the rogue individuals and the organized Chinese hacker divisions have been stopped literally 100% of the time.
So tell me, which do you think is most likely?