CISPA: How dangerous is a cyberattack?

Answers to your questions about the news.
April 27 2012 6:13 PM

How Dangerous Is a Cyberattack?

It could cause a blackout. Or maybe a nuclear war.

A destroyed computer.
What's the worst kind of damage a cyberattack could do to the United States?

Photograph by ThinkStock.

The House of Representatives passed the Cyber Intelligence Sharing and Protection Act, or CISPA, on Thursday. Rep. C.A. Dutch Ruppersberger, D-Md., said the bill would help protect the country from a “catastrophic cyberattack.” What’s the worst-case scenario for a cyberattack?

Nuclear winter, but don’t count on that happening. In a 2009 paper for the International Commission on Nuclear Non-proliferation and Disarmament, cybersecurity analyst Jason Fritz described how computer hackers could trigger a nuclear war. Hackers would infiltrate the detection systems of a nuclear state, he wrote, and fool its military into believing a nuclear strike was already underway. Officials would have 15 minutes, at most, to decide whether the alarm was genuine and how to respond. The hackers could create confusion during that brief period by shutting down communications systems with a denial-of-service attack—an event that would mimic the electrical disruptions that might occur if a nuclear weapon were to detonate in the atmosphere above the country. Ultimately, the panicked leaders might order a counterstrike, leading to an all-out nuclear war. Most cybersecurity experts regard this scenario as exceedingly far-fetched, though. There are too many encryption points, and too much human involvement, in nuclear launch systems for this to happen.

A hacker, or team of hackers, would have a better chance of infiltrating the military’s non-nuclear computer systems, but even that isn’t likely to produce any catastrophic results. Chinese hackers reportedly gained access to the nonclassified data on the defense secretary’s computer in 2007, but machines containing classified information are far more difficult to contact. Slightly more worrying was the infiltration of the control systems for the Joint Strike Fighter plane, made public in 2009, although the most highly classified and critical elements of the aircraft’s computer systems were insulated from the attack, according to military sources. Analysts say that any infiltration of the plane’s systems could, at worst, merely degrade its radar or targeting capabilities, reducing the number of enemies it could successfully engage at one time.

Advertisement

The nation’s power grid would be a more viable target. In 2007, programmers hired by the Department of Homeland Security demonstrated how easy it was to overcome the grid’s antiquated software security systems and remotely take control of a generator. Once hackers had a line in, they might cause turbines to spin out of control until the generator had been reduced to a smoking, shaking, and, ultimately, broken-down pile of metal. The simulated attack very closely resembled the one used to damage centrifuges at Iran’s Natanz nuclear complex: The Stuxnet virus commanded those machines to spin beyond their tolerances.

The nightmare scenario of a cyberattack on the grid would be the destruction of so many generators that the entire country would lose power for months. That probably wouldn’t happen, though, because officials would shut the system down as soon as the first couple of generators went haywire. The result would likely be a two- or three-day regional blackout, akin to the 2003 loss of power in the Northeast or the successful 2005 cyberattack on the Brazilian power grid. Whether you consider that catastrophic depends on your interpretation of the word.

Got a question about today’s news? Ask the Explainer.

Explainer thanks Carl E. Landwehr of the Cyber Security Policy and Research Institute at George Washington University, James Andrew Lewis of the Center for Strategic and International Studies, and Martin Libicki of the RAND Corp. and author of Cyberdeterrence and Cyberwar.

TODAY IN SLATE

Politics

Blacks Don’t Have a Corporal Punishment Problem

Americans do. But when blacks exhibit the same behaviors as others, it becomes part of a greater black pathology. 

I Bought the Huge iPhone. I’m Already Thinking of Returning It.

Scotland Is Just the Beginning. Expect More Political Earthquakes in Europe.

Students Aren’t Going to College Football Games as Much Anymore

And schools are getting worried.

Two Damn Good, Very Different Movies About Soldiers Returning From War

The XX Factor

Lifetime Didn’t Think the Steubenville Rape Case Was Dramatic Enough

So they added a little self-immolation.

Medical Examiner

The Most Terrifying Thing About Ebola 

The disease threatens humanity by preying on humanity.

Why a Sketch of Chelsea Manning Is Stirring Up Controversy

How Worried Should Poland, the Baltic States, and Georgia Be About a Russian Invasion?

  News & Politics
Weigel
Sept. 20 2014 11:13 AM -30-
  Business
Business Insider
Sept. 20 2014 6:30 AM The Man Making Bill Gates Richer
  Life
Quora
Sept. 20 2014 7:27 AM How Do Plants Grow Aboard the International Space Station?
  Double X
The XX Factor
Sept. 19 2014 4:58 PM Steubenville Gets the Lifetime Treatment (And a Cheerleader Erupts Into Flames)
  Slate Plus
Slate Picks
Sept. 19 2014 12:00 PM What Happened at Slate This Week? The Slatest editor tells us to read well-informed skepticism, media criticism, and more.
  Arts
Brow Beat
Sept. 20 2014 3:21 PM “The More You Know (About Black People)” Uses Very Funny PSAs to Condemn Black Stereotypes
  Technology
Future Tense
Sept. 19 2014 6:31 PM The One Big Problem With the Enormous New iPhone
  Health & Science
Bad Astronomy
Sept. 20 2014 7:00 AM The Shaggy Sun
  Sports
Sports Nut
Sept. 18 2014 11:42 AM Grandmaster Clash One of the most amazing feats in chess history just happened, and no one noticed.