If there’s one flavor of reporting I find more irritating than innumerate science “journalism”, it’s got to be the cybersecurity beat. This morning NPR was the offender.
I should admit up front that I automatically assume that anyone employing the prefix “cyber” is an idiot, and this unfortunately means that I’m inclined toward skepticism even when listening to actual experts in the field. But this NPR piece is symptomatic of a undeniably idiotic tendency to lump together every governmental system that takes electricity, then assume that summarizing the first twenty minutes of Transformers and asking “WHAT IF?!” qualifies you as some sort of digital Cassandra.
The piece starts out by discussing Russian vandals’ successful efforts to screw with the Georgian government’s website — something that can be plausibly done by a disaffected teenager — then jumps rapidly to “monkey[ing] with GPS” which involves, you know, satellites, or at least skill at building, concealing and fortifying radio transmitters; and, if anything other than a braindead denial of service, would also require the discovery of a novel attack on the system’s design. These things are much harder than checking to see if the recently-launched website of a small ex-Soviet country is running slightly outdated software that someone else has written an exploit for.
Of course, the U.S. military is planning its own cyberattacks. Pentagon cyberwarriors have detailed plans to take down power, telecommunication and transportation systems just about anywhere.
There is just one problem: What if the other side strikes first? In cyberwar scenarios, pre-emptive attacks are favored, and effective retaliation can be difficult.
“We have extremely good cyberoffensive capabilities and almost nothing in the way of cyberdefense,” Clarke says.
WHAT DOES THIS MEAN? Disrupting the operation of a website is very different from disrupting the operation of the internet, which is very different from interfering with military communication systems, which is very different from interfering with military battlefield communication systems, which is very different from being susceptible to the interception of digital communications. But all of these things are just jammed together, mindlessly.
What kinds of electronic attack are possible? To what extent are our defense systems susceptible to them — in particular, are those systems at all tangled up with the internet? If not, what economic consequences could plausibly be inflicted on our country by disruption of the internet, and how do they compare to the historical example of, say, a blockade? If an online attack originates from overseas, what countermeasures are available? And do we have a protocol in place with the major backbone operators to implement them?
None of these questions are asked or answered. Blah blah blah cyber. That’s it, over and over. This is a multi-part series, so perhaps future installments will resolve this problem. But so far NPR’s approach is just to quote a bunch of people in the cyberwar pontification business making ominous intonations about our need to take cyberwar more seriously (i.e. spend more money on people like themselves).
Then there’s this:
For a country whose economy operates largely in cyberspace and whose military pioneered Net-centric warfare, this is a serious failing.
This author pretty clearly has no idea what Net-centric warfare is supposed to mean — it’s just used a nice lexical break from those relentless “cyber”s. Here, have a CRS report. Yeesh.