For years, cyber security analysts have warned of a coming "electronic Pearl Harbor." But has it already happened?
By DAVID SCHARFENBERG | September 1, 2010
For years, cyber security analysts have warned of a coming "electronic Pearl Harbor." But has it already happened?James Lewis of the Center for Strategic & International Studies says a large-scale attack on the state, defense and other departments in 2007 allowed an unknown foreign power to download huge amounts of government information.
And just last week Deputy Secretary of Defense William J. Lynn III, writing in the latest issue of the journal Foreign Affairs, provided the first public confirmation of what he calls "the most significant breach of U.S. military computers ever," a 2008 attack that reached into the U.S. Central Command, overseeing the wars in Afghanistan and Iraq.
Lynn wrote that a "foreign intelligence agency" placed malicious code on a flash drive that was inserted into a laptop at a U.S. military base in the Middle East. The code spread undetected through "classified and unclassified systems," he wrote, "establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control."
Lynn called the Pentagon's response to the attack, Operation Buckshot Yankee, a "turning point in U.S. cyber-defense strategy." But he also wrote of the major vulnerabilities that remain in the military, government, and private sectors.
The attacks of 2007 and 2008 may have shaken some in Washington. But they certainly haven't galvanized a nation. After all, a raid on government servers just doesn't have the same impact as images of smoldering Navy battleships — particularly when officials remain tight-lipped about what, exactly, was stolen.
Our electronic Pearl Harbor, it seems, has yet to arrive.
