The barrier between the physical and digital worlds is wearing thin. “Everything can be intercepted” is right, and most everything important already has: our personal data, our intellectual property, our chemical factories, our nuclear plants, even our own cyber weapons. Our infrastructure is now virtualised, and only becoming more so as the pandemic thrusts us online with a scope and speed we could never have imagined only weeks ago. As a result, our attack surface – and potential for sabotage – has never been greater.
For years, intelligence agencies rationalised the consealment of digital vulnerabilities as critical to monitoring America’s adversaries, to war-planning, to our national security. But those rationalisations are buckling. They ignore the fact that the internet, like so much we are now witnessing in a global pandemic, has left us inextricably connected. Digital vulnerabilities that affect one, affect us all.
Threats that were only hypotheticals a decade ago are now very real. Russia proved it can turn off power in the dead of winter. The same Russian hackers who switched off the safety locks at the Saudi petrochemical plant are now doing digital drive-bys of American targets.
A rudimentary phishing attack arguable changed the course of the American Presidential election. We’ve seen patients turned away from hospital because of a North Korean cyber attack. We’ve caught Iranian hackers rifling through our dams. Our hospitals, towns, cities and, more recently, our gas pipelines have been held hostage with ransomware.
We’ve caught foreign allies repeatedly using cyber means to spy on and harass innocent civilians, including Americans. And over the course of the coronavirus pandemic, the usual suspects, like China and Iran and newer players, like Vietnam and South Korea, are targeting the institutions leading our response.
One decade ago, the primary threats to our national security were still, for the most part, in the physical domain: hijackers flying planes into buildings, rogue nations getting a hold of nukes, drug mules tunneling in through the southern border, the improvised explosive devices tormeting our troops in the Middle East, and the homegrown terrorists detonating them in the middle of America. Developing the means to track those threats and stave off the next attack has always been in the NSA’s job description.
If the next 9/11 struck tomorrow, the first question we would ask ourselves is the same question we would ask some two decades ago: how did we miss this? But in the two decades since 9/11, the threat landscape has been dramatically overhauled.
It is now arguably easier for a rogue actor or nation state to sabotage the software embedded in the Boeing 737 Max than it is for terrorists to hijack planes and send them careening into buildings.