Stanford CIS

The hack on the U.S. government was not a ‘cyber Pearl Harbor’ (but it was a very big deal)

By Henry Farrell on

The U.S. government has suffered a hacking attack that has potentially revealed highly sensitive information about millions of government employees. Some commentators are claiming that this is the “cyber Pearl Harbor” that they have been warning of for years.

Noah Rothman, writing for Commentary, says that this attack aims at the “preventative neutering of America’s defensive capabilities” and compares to the moment when “the zeros [sic] screamed out of the sky over Hawaii in 1941.” Rothman also says that the “professorial voices of mock prudence” have been proved to be utterly wrong, referring to a Monkey Cage post. We don’t particularly object to being described as professorial voices of mock prudence, but the underlying errors in Rothman’s post provide a useful opportunity to clear up some of the widespread confusion about cybersecurity and cyber war.

The hack on the U.S. government was not the “cyber Pearl Harbor”

Very serious people, including then-Defense Secretary Leon Panetta, have warned that the United States is vulnerable to a “cyber Pearl Harbor.” They have cautioned that adversaries could launch attacks on “critical infrastructure” and seek to disable or degrade “critical military systems and communication networks.” They argue that this could have crippling consequences for the nation.

By referring to “cyber Pearl Harbor,” observers are talking about attacks that — like physical attacks — could disable communications systems, power plants, electricity transmission systems and the like. Such attacks would indeed resemble the one on the real Pearl Harbor, a devastating surprise attack that could determine the outcome of a war. Our original post talked about the risk of a “major online attack aimed at taking down key communications systems,” as did the research by Erik Gartzke that was summarized in the article.

But hacking into information on U.S. government employees, however sensitive, is not a Pearl Harbor attack. It doesn’t disable large-scale communications systems, power systems or the like. It doesn’t have any direct consequences for the nation’s ability to defend itself. Instead, it is an (extremely worrying) exercise in espionage, of the kind that the original post distinguishes from Pearl Harbor-type attacks, noting that even if Pearl Harbor-type attacks are unlikely, “many actors have an interest in penetrating U.S. networks to spy or to carry out covert actions.”

Read the full piece at The Washington Post.