We saw such an attack last week with a hack aimed at poisoning the water system in Tampa. Fla.
“It started with a cursor moving on its own, sliding across a computer screen at the water treatment plant in Oldsmar, Fla. Someone had taken remote control of a plant operator’s machine — and in just a few minutes, they increased the level of sodium hydroxide in the city’s drinking water by a factor of 100. After spiking the caustic substance to unsafe levels, the hacker immediately left the system,” NPR reported.
The Times reporter Nicole Perlroth, author of a new book about the cyberarms race with the ominous title “This Is How They Tell Me the World Ends,” predicted such an attack, and worse, in a recent interview with me. Her thinking: While we are good on cyberoffense, our cyberdefenses have been considerably weaker, made more vulnerable because we have the most to steal.
And while we Americans rule the world from a physical military perspective, having aced countries like Russia in the Cold War, our competitors and foes have been able to level the playing field in the digital arena. It makes sense: If you can’t beat them, purloin them (and their data).
While Ms. Perlroth’s book points the finger at a number of strategic errors the United States has made over the decades — including enabling a gray market in cyberweapons and the use of such destructive tools by the United States (remember Stuxnet? — well, you should) — she said to me that Washington has lacked a good deterrent strategy, adding that “the problem is we’ve over-tilted on finding other people’s secrets without protecting our own.”
How best to do that will be a big debate in Washington over the next year, as the Biden administration tries to clean up the SolarWinds debacle.
Is new legislation needed to require more interagency coordination in response to attacks that are both domestic and global? Should companies be compelled to report cyberattacks against them, if only discreetly, to government agencies? And do we need a single person, or possibly an agency, to deal with all of our cybersecurity problems, which will only get worse as we become even more jacked into the system, or is that both too creepy and potentially threatening to the privacy of American citizens?
I have no good answers.
In Mr. Trump’s impeachment trial this week the Senate is addressing the appalling physical attack on the Capitol by American insurrectionists. Senators are discussing how the perpetrators managed to get in the building and who pushed their hot buttons.