Estimate: two years and $100 million to "Internet Armageddon"
Charlie Miller, a five-year veteran of the National Security Agency's computer espionage department, was tasked with finding the cost and time it would take to bring down America's cyber infrastructure.
That cyber infrastructure isn't well-defined, but it would certainly include vital elements like the smart grid, the banking system, and communications--a vague attack, but one that would essentially cripple the entire country's networked presence.
Asked by the wordy Cooperative Cyber Defence Centre of Excellence in, of all places, Estonia, Miller went at the problem as if he were a small rogue nation. In his words, as told to the AFP:
"I pretended North Korea asked me to scope out the job of orchestrating a cyber attack on the United States. I lay it out as I would do it realistically. I already knew it was easy, but now I know in detail how easy it would be. We are certainly very vulnerable."
Miller estimated the cost at $100 million, using about a thousand "cyber-soldiers" (hackers, really, ranging from government-trained operatives to geeky hobbyists) and requiring about two years of work. All of those numbers are alarmingly small, especially the budget.
The plan would actually use the two years as a secret lead-up to the final attack: the hackers would quietly infiltrate hundreds or thousands of different systems and networks, but not attacking. Those hackers would simply leave the key turned, as it were, so on the big day, the defenses would already be down. The attack would be incredibly broad and sudden, not giving security forces enough time to plug each hole individually.
That's all pretty worrisome, but Miller's scenario is unlikely for a few reasons. First, many of the world's greatest hackers are either from the States or from friendly nations, neither of whom stand to much benefit from destroying the entire cyber infrastructure. There aren't many rogue nations with the motivation to do such a thing, and possibly none with both the motivation and ability.
Also, the plan's greatest strength, its slow-and-steady nature, is also a weakness. If any of the hacks are discovered, security would rise exponentially, and those tactics would become useless, aware to cybersecurity agents. So you can breathe easy--at least, easy-ish.
This post was originally published on Smartplanet.com