Cyber Attacks The New WMD Challenge to the Interagency
by Quan Hai T. Lu
The President of the United States recently said that “cyber threat is one of the most serious economic and national security challenges we face as a nation.” Advances in transistor design and integrated circuits have accelerated technologies exponentially. U.S. civil society’s reliance on these modern digital systems has, itself, made the U.S. vulnerable to cyber attacks. Cyber attacks are becoming more sophisticated, making detection and attribution difficult. Simultaneously, the “Internet of Things” (IoT) is growing exponentially in the U.S., making every citizen vulnerable to a cyber-attack. Computing and networking systems are vulnerable because integrated circuits and processors are complex—making subversive counterfeit microchips easily replaced and nearly impossible to detect; internet anonymity is pervasive; the building blocks of software are opensourced or developed by third parties; widespread commercial-off-the-shelf (COTS) software and hardware are manufactured with low or no concerns for security; foundries for microchip manufacturing are located overseas; lines of codes for software now number in the tens of millions and are growing; integrated circuits have over two billion transistors and are also growing; testing and verifying all systems for vulnerabilities is infeasible if not impossible; and development and production processes are now automated—relying on third-party or open-source libraries for hardware and source code.
The IoT links individuals’ daily lives to that of the internet. This interconnectedness between people and cyberspace gives criminals, extremists, and adversary nation-states a vector to target individuals, private and governmental organizations, and U.S. civil society as a whole, and, in the process, it has inspired a fear of the unknown. In short, cyber is the new weapon of mass destruction threat…
Editor’s Note: The following article was originally published in a previous WMD-focused edition of the InterAgency Journal in 2015. One month after the publication of this article, the Office of Personnel Management announced it had been the target of a data breach which compromised the records of more than 22 million people. Subsequent notable cyber attacks include the Democratic National Convention email leak in 2016, WannaCry in 2017, and the Facebook hack in 2018. The ease with which bad actors are able to access our personal data does not bode well for our ability to protect our critical infrastructure. The editors of the Journal invite our readers to ask themselves what has changed – for better or worse – since this article was originally published.
Read the full article
Download the complete edition
| About the Author:
U.S. Army Lieutenant Colonel Quan Hai T. Lu was the Deputy Chief of Systems Vulnerability & Assessment at the Defense Threat Reduction Agency at the time of original publication. He holds a M.S. degree in nuclear engineering and was a Countering WMD Graduate Fellow at National Defense University.