CISPA: How dangerous is a cyberattack?

Answers to your questions about the news.
April 27 2012 6:13 PM

How Dangerous Is a Cyberattack?

It could cause a blackout. Or maybe a nuclear war.

A destroyed computer.
What's the worst kind of damage a cyberattack could do to the United States?

Photograph by ThinkStock.

The House of Representatives passed the Cyber Intelligence Sharing and Protection Act, or CISPA, on Thursday. Rep. C.A. Dutch Ruppersberger, D-Md., said the bill would help protect the country from a “catastrophic cyberattack.” What’s the worst-case scenario for a cyberattack?

Nuclear winter, but don’t count on that happening. In a 2009 paper for the International Commission on Nuclear Non-proliferation and Disarmament, cybersecurity analyst Jason Fritz described how computer hackers could trigger a nuclear war. Hackers would infiltrate the detection systems of a nuclear state, he wrote, and fool its military into believing a nuclear strike was already underway. Officials would have 15 minutes, at most, to decide whether the alarm was genuine and how to respond. The hackers could create confusion during that brief period by shutting down communications systems with a denial-of-service attack—an event that would mimic the electrical disruptions that might occur if a nuclear weapon were to detonate in the atmosphere above the country. Ultimately, the panicked leaders might order a counterstrike, leading to an all-out nuclear war. Most cybersecurity experts regard this scenario as exceedingly far-fetched, though. There are too many encryption points, and too much human involvement, in nuclear launch systems for this to happen.

A hacker, or team of hackers, would have a better chance of infiltrating the military’s non-nuclear computer systems, but even that isn’t likely to produce any catastrophic results. Chinese hackers reportedly gained access to the nonclassified data on the defense secretary’s computer in 2007, but machines containing classified information are far more difficult to contact. Slightly more worrying was the infiltration of the control systems for the Joint Strike Fighter plane, made public in 2009, although the most highly classified and critical elements of the aircraft’s computer systems were insulated from the attack, according to military sources. Analysts say that any infiltration of the plane’s systems could, at worst, merely degrade its radar or targeting capabilities, reducing the number of enemies it could successfully engage at one time.

Advertisement

The nation’s power grid would be a more viable target. In 2007, programmers hired by the Department of Homeland Security demonstrated how easy it was to overcome the grid’s antiquated software security systems and remotely take control of a generator. Once hackers had a line in, they might cause turbines to spin out of control until the generator had been reduced to a smoking, shaking, and, ultimately, broken-down pile of metal. The simulated attack very closely resembled the one used to damage centrifuges at Iran’s Natanz nuclear complex: The Stuxnet virus commanded those machines to spin beyond their tolerances.

The nightmare scenario of a cyberattack on the grid would be the destruction of so many generators that the entire country would lose power for months. That probably wouldn’t happen, though, because officials would shut the system down as soon as the first couple of generators went haywire. The result would likely be a two- or three-day regional blackout, akin to the 2003 loss of power in the Northeast or the successful 2005 cyberattack on the Brazilian power grid. Whether you consider that catastrophic depends on your interpretation of the word.

Got a question about today’s news? Ask the Explainer.

Explainer thanks Carl E. Landwehr of the Cyber Security Policy and Research Institute at George Washington University, James Andrew Lewis of the Center for Strategic and International Studies, and Martin Libicki of the RAND Corp. and author of Cyberdeterrence and Cyberwar.

Brian Palmer writes about science, medicine, and the environment for Slate and the Natural Resources Defense Council. Email him at explainerbrian@gmail.com. Follow him on Twitter.

TODAY IN SLATE

Culturebox

The Ebola Story

How our minds build narratives out of disaster.

The Budget Disaster That Completely Sabotaged the WHO’s Response to Ebola

PowerPoint Is the Worst, and Now It’s the Latest Way to Hack Into Your Computer

The Shooting Tragedies That Forged Canada’s Gun Politics

A Highly Unscientific Ranking of Crazy-Old German Beers

Education

Welcome to 13th Grade!

Some high schools are offering a fifth year. That’s a great idea.

Culturebox

The Actual World

“Mount Thoreau” and the naming of things in the wilderness.

Want Kids to Delay Sex? Let Planned Parenthood Teach Them Sex Ed.

Would You Trust Walmart to Provide Your Health Care? (You Should.)

  News & Politics
Politics
Oct. 22 2014 9:42 PM Landslide Landrieu Can the Louisiana Democrat use the powers of incumbency to save herself one more time?
  Business
Continuously Operating
Oct. 22 2014 2:38 PM Crack Open an Old One A highly unscientific evaluation of Germany’s oldest breweries.
  Life
Gentleman Scholar
Oct. 22 2014 5:54 PM May I Offer to Sharpen My Friends’ Knives? Or would that be rude?
  Double X
The XX Factor
Oct. 22 2014 4:27 PM Three Ways Your Text Messages Change After You Get Married
  Slate Plus
Tv Club
Oct. 22 2014 5:27 PM The Slate Walking Dead Podcast A spoiler-filled discussion of Episodes 1 and 2.
  Arts
Culturebox
Oct. 22 2014 11:54 PM The Actual World “Mount Thoreau” and the naming of things in the wilderness.
  Technology
Future Tense
Oct. 22 2014 5:33 PM One More Reason Not to Use PowerPoint: It’s The Gateway for a Serious Windows Vulnerability
  Health & Science
Wild Things
Oct. 22 2014 2:42 PM Orcas, Via Drone, for the First Time Ever
  Sports
Sports Nut
Oct. 20 2014 5:09 PM Keepaway, on Three. Ready—Break! On his record-breaking touchdown pass, Peyton Manning couldn’t even leave the celebration to chance.