On 1/18, Max Boot wrote for The Wall Street Journal’s Saturday Essay section on The Guerrilla Myth, or 9 lessons of insurgency “we seem unable to learn.” Boot wrote War Made New: Weapons, Warriors, and the Making of the Modern World, which I really enjoyed.
Boot’s essay isn’t cyber specific, but rather, broadly covers the notion of guerrilla warfare/insurgency. There is, however, a brief discussion of how technology–which previously was “relatively unimportant in guerrilla war” from the prospective of the guerrilla–may take on greater importance in the future. If guerrillas/insurgents previously sought to negate a conventional foe’s technological advantage, in the future, they may seek to exploit it or even adopt it, using cyberweapons to wreak havoc.
Here’s an interview with Boot, courtesy of The Wall Street Journal:
We’ve got a bit of this going on in Syria right now. Truth be told, I haven’t followed the situation as closely as I would’ve liked, but I remember a few news stories discussing how Syrians targeted regime forces with cyberattacks. I don’t know if those cyberattacks were particularly effective.
On another note, at the end of his essay, Boot suggests that tech-savvy terrorists could cause a great deal of damage. That’s nothing new, we’ve all read the articles on how a terrorist group could cause mass mayhem with a cyberattack. However, I find it remarkable that we haven’t suffered a terrorist cyberattack yet. At the ABA conference on National Security, Steven Chabinsky (CrowdStrike) showed a video where a terrorist group dubbed in Arabic a 60 Minutes Interview with Mike McConnell. This was dubbed in Arabic:
If I were an attacker and I wanted to do strategic damage to the United States, I would either take the cold of winter or the heat of summer, I probably would sack electric power on the U.S. East Cost, maybe the West Coast, and attempt to cause a cascading effect. All of those things are in the art of the possible from a sophisticated attacker.
It was like a playbook for a devastating terrorist cyberattack. It seems that terrorist groups are aware of the potential damage a cyberattack could cause. There’s no question of willingness. I think it’s really difficult to cause a cascading effect on the US power grid, so that’s probably not in the cards for a terrorist group, but outside of low level DDOS attacks, why haven’t we suffered a terrorist cyberattack? Are we just lucky? Do terrorists groups lack the necessary resources or expertise? If so, couldn’t they just hire someone? Here’s a relevant CRS Report titled Terrorist Capabilities for Cyberattack: Overview and Policy Issues, if you’re interested.
Leave a Reply