The phenomenon of last week’s widespread cyberattack, using weapons developed by the United States National Security Agency to disrupt major computer operations all over the globe, is not surprising, but it does call for urgent action on the federal government’s part.
This is not new. The villains of U.S. Western movies at one point were the people who sold repeating rifles to Native Americans to use in place of their bows and arrows, sometimes against westward-bound settlers, gold diggers and land grabbers. In modern times, weapons proliferation grew much more lethal when the United States developed the atomic bomb, intended to end World War II more rapidly, but the technology then got handed to the Soviet Union. Nuclear weapons eventually ended up in the hands of China, France, India, Israel, North Korea, Pakistan, Russia and the United Kingdom, as well as the United States.
More recently, America’s and others’ cyberweapons creatively have been used to mess up Iran’s nuclear enrichment program, using the computer worm known as Stuxnet. It also appears that U.S. cyberaction has been used to gum up North Korea’s rocket launches, slowing down realization of Kim Jong Un’s ambitions in that domain, possibly even making North Korea less dangerous.
The problem now is that some of the clever procedures that NSA developed have leaked out, or have been developed independently by people in basements and elsewhere in Kiev, Moscow and Pyongyang, and are being used as they were earlier this week from Ukraine to sabotage important systems, as well as to try to shake down computer system users across the world.
The NSA — witness contractor-defector Edward J. Snowden — is showing itself to be leaky. It’s having difficulty protecting what it knows and preventing unintended use of the skills it develops.
The lessons that must be drawn are, first, that the NSA must button up its files and techniques much more tightly, and, second, that whatever cyberweapons we have, we must also stay ahead in that game in our capacity to protect our own cyber infrastructure.
The penalty for falling behind in that development is chaos and danger in our society and country, incredibly high stakes given our vulnerability.