Last week Secretary of Defense Leon Panetta sounded a sharp, very disturbing warning to Americans about the threat to their future well-being posed by the country's vulnerability to cyberwarfare.
Mr. Panetta's ringing of the alarm bell risks being lost in the clanging of rhetoric and noisy search for issues that is characteristic of America's presidential election campaigns. That must not occur. It is also critical that the secretary's warning not go the way of the presidential briefing memo delivered to President George W. Bush on Aug. 6, 2001, while he was vacationing at his Texas ranch five weeks before 9/11. It was entitled, "Bin Laden Determined to Strike in U.S."
What Mr. Panetta signaled was something we all have known for years. That is the enormous vulnerability of America to the disruption of its basic institutions and services due to their dependence on computers and electronic communications. This is a factor of growing importance across the board.
Consider, for example, what happens at an organization like the Pittsburgh Post-Gazette when "the computers go down." Failure of computers all the way from kindergartens to the really serious stuff like America's oil and gas pipelines, electric power grids, water treatment systems, financial networks and transportation systems, including railroads and air-control facilities, not to mention government, including law enforcement, would be catastrophic.
We would have to be idiots not to have realized the vulnerability constituted by our dependence on these means of communications, command and control. At the same time, they are just so convenient. What are we supposed to do, go back to the U.S. Postal Service to communicate?
I personally could easily do without Twitter, Facebook, Skype and even e-mail, but then I actually enjoyed living in Africa without running water and electricity, rejoicing in the Luddite circumstances. I realize that everything is different now.
When it comes to protecting our vulnerable cybersystems -- the importance of which Mr. Panetta if not our Congress recognizes -- we assume blithely that someone is taking care of it. We are mildly careful about taking measures to see that our credit-card and bank-account numbers and our identities are not stolen, but we normally don't think about the big implications, such as the ability of a government or private hacker in China, Iran, Russia or Uzbekistan to get into our electrical power grid and turn off the lights on the whole East Coast or re-route trains and planes into each other on the tracks or in the sky. Mr. Panetta says they can do this, are actively trying to do so and that current policies and practices at private facilities -- much of America's infrastructure is private -- are not set up to block cyberattacks.
Now, lest anyone think that such attacks, presumably but not necessarily launched from outside our borders, would result from pure malevolence on the part of America's foreign enemies, it is important to recall that the United States itself carries out cyberattacks in pursuit of its goals.
The United States and Israel badly damaged the computer system that runs Iran's nuclear program with a virus called Stuxnet. Apart from U.S. worries about the Iranian program's potential to eventually produce nuclear weapons, the United States carried out the cyber-raid to forestall an Israeli military attack on Iran's nuclear installations that might drag the United States into another Middle Eastern war -- just after it had largely pulled out of Iraq and was drawing down in Afghanistan.
The question that had to be considered when the Obama administration chose to carry out the Stuxnet cyberattack was whether the yield from it could justify opening America's own imperfectly protected computer systems to Iranian or other assaults in retaliation. After all, the Stuxnet attack lent U.S. validation to the use of cyberweapons.
It probably would have been unrealistic to imagine that the United States' not using cyberweapons would have meant that other nations, not to mention radical Islamic or other militant groups, would not use them. But for the United States to open the way without having assured its own cyberdefenses was unwise to say the least.
The Obama administration attempted to get legislation through Congress that would require a reasonable level of government and private cooperation to protect the predominant share of U.S. infrastructure under private control. Unfortunately, in August, Senate Republicans, led by Sen. John McCain of Arizona, blocked it. He was acting in part at the behest of banks and companies, represented by the U.S. Chamber of Commerce, which objected because of the legislation's financial cost to them and the oversight of their activities that would have been involved.
Secretary Panetta was categorical. He said we now await a "cyber-Pearl Harbor" in its gravity. It is possible that Congress will get past the opposition of Mr. McCain and the companies and banks to enable the federal government to put up adequate defenses to save us from such an attack. If not, when it takes place it will have been one more price America has paid to preserve the absurd gridlock and graft that prevails in our government.
By making his warning public, Mr. Panetta at least has taken away in advance any after-the-fact claims that we didn't know.
Dan Simpson, a former U.S. ambassador, is a columnist for the Post-Gazette (firstname.lastname@example.org, 412-263-1976).