CybersecurityImpact of cyberattack on U.S. could be "an order of magnitude surpassing" 9/11

Speaking at the Washington Ideas Forum at the Newseum in Washington, D.C., last week, former director of national intelligence and director of the National Security Agency Mike McConnell said that the United States is unprepared for a cyberattack and must overhaul its defenses.

“The warnings are over. It could happen tomorrow,” he said of a large-scale cyberattack against the United States, which could impact the global economy “an order of magnitude surpassing” the attacks of 9/11. McConnell, in a panel with Bush administration Homeland Security Adviser Fran Townsend and Washingtonian reporter Shane Harris, called cybersecurity “the wolf at the door.”

Max Fisher writes in the Atlantic that McConnell and Townsend both argued that the United States should overhaul how it defends against cyberattacks. Townsend warned that U.S. intelligence and security agencies lack the organizational ability and authorization to prevent and respond to cybersecurity threats.

DHS is currently tasked with domestic cybersecurity, but “The real capability in this government is in the National Security Agency,” she said. The NSA is legally forbidden from spying on Americans. “Those laws haven’t kept apace with technology and the threats,” Townsend warned. “The bad guys had gotten an edge because the laws hadn’t kept up.” As Harris documents in his book, The Watchers: The Rise of America’s Surveillance State, the NSA has pushed against the limits of laws against domestic spying.

Townsend and McConnell said that the NSA should be given greater authority to operate domestically. Harris countered that “there is a long history of suspicion, and well founded on the part of the American public” of expanding government authority “in the name of national security.” When asked how to expand the already substantial surveillance state without overstepping, Townsend said that the Obama administration should “have the debate about surveillance law” now, rather than waiting until after an attack. That way, the conversation could be proactive and transparent, rather than reactive and secretive. In the days immediately after 9/11, the Bush administration rushed through a wide swathe of national security overhauls because they felt a second attack was impending and they did not have time for a full and public debate, which would have been difficult anyway without revealing classified information about the still-fresh attacks. Many of those changes took years to untangle. Townsend said that having a cybersecurity debate before a crisis occurs could avoid the mistakes of the Bush administration.

When asked why cybersecurity is such a difficult issue, McConnell explained that all it would take is “a very small group with a very small cost of entry” to wreak havoc by finding and exploiting vulnerabilities. Attacking is easy, but “the greater challenge is defending ones and zeros.” Townsend added, “We can set all the rules we want, but the Internet is a world wide thing.”