In an attempt to scare Congress into passing the cybersecurity legislation they failed to pass last year, Sheldon Whitehouse scheduled a hearing on cybersecurity today. In the hearing — and in this op-ed he penned with Lindsey Graham — he repeated a claim he has made before: cybertheft may be the biggest “illicit” transfer of wealth in history.
Almost every facet of American life is threatened when intruders exploit our cyber-vulnerabilities. And the risk is not from China alone. Foreign governments such as Iran and terrorist groups such as al-Qaida seek to worm into national infrastructure and threaten catastrophe here at home. Foreign agents raid companies, stealing plans, formulas and designs. Foreign criminal networks take money out of banks, defraud consumers with scams and sell illicit goods and products, cheating U.S. manufacturers. It may be the greatest illicit transfer of wealth in history. [my emphasis]
I think in the hearing itself, Whitehouse wasn’t as careful to always use that word “might.”
The greatest illicit transfer of wealth in history.
Don’t get me wrong: cyberattacks of all sorts are a real threat. They cost consumers a great deal of inconvenience and, at times, lots of money. They cost defense contractors far more (though of course, some of that is built into our model of defense). They cost sloppy companies as well.
But the biggest illicit transfer of wealth in history?
Ignore recent unpunished giant transfers of wealth in the wake of the financial crisis, which the Senate Judiciary Committee has largely ignored.
I guess the reason I find this so stunning is all the obviously huge transfers of wealth it ignores that were part of slavery and colonization.
Were those licit?
Those were, like Chinese or Iranian or Russian cyberattacks on the US, examples of states (and private entities) taking advantage of vulnerabilities elsewhere. They were certainly considered legitimate at the time, because Europeans got to write the history of colonization, and because they made up claptrap about “civilization” to justify it. But from a distance they look more like the kind of exploitation states often engage in if they’ve got an obvious advantage over another state or organization.
All that’s not to say Montezuma shouldn’t have resisted the Spaniards. That’s not to say we shouldn’t defend against cyberattacks.
But what really makes the US so vulnerable to cyberattacks are 1) that we’re so reliant on the Internet and 2) we’re so reliant on intellectual property (indeed, the very claim that cybertheft is the biggest transfer of wealth relies on a certain understanding of IP as wealth that itself depends on a legal infrastructure that is contingent on our relative world power). And also that so much of our critical infrastructure and IP holders are in private hands and therefore much harder to demand diligence from. That is, our vulnerability to cyberattacks is in part a fragility of our own bases for power (a vulnerability that will probably end up being less lethal than the fact that the immune systems of indigenous peoples hadn’t been exposed to European diseases).
Also, this entire discussion — which danced around the question of an international regime that might limit such attacks — completely ignored the StuxNet attack, the fact that a nation as vulnerable as we are pushed the limits of the offensive capability first. One of the witnesses (I think FBI Assistant Director Jonathan Demarast) even suggested that if our government were chartered to attack the private sector (cough, Echelon) of other countries we’d be damn good at it too — as if our attacks on the public infrastructure of Iran doesn’t count.
I get the value of a good fear campaign (I wish Whitehouse would fearmonger more in his regular addresses on climate change). But there’s fearmongering and there’s absurdity. And I think suggesting that cybertheft is worse than the stealing of entire continents is the latter.