A civil defense for the cyber age?
The Russians are coming — again. So are the Chinese, the North Koreans, and an array of international bad actors, threatening American security — not with nuclear weapons but with computer hacks. The latest Russian gambit might even have tipped the recent presidential election toward Donald Trump.
These attacks on computer systems in the United States feel like a throwback to the days of the Cold War, and it’s got some experts suggesting a response out of the 1950s: a civil defense system, a government-sponsored campaign to teach millions of Americans how to survive cyberwarfare. They warn that securing America might require a modern digital equivalent of the old-school air raid drills familiar to millions who came of age five or six decades ago.
“The United States may be more vulnerable today to highly disruptive attacks than it was during the Cold War,” Nora Bensahel, a scholar in residence at the School of International Service at American University in Washington, and retired US Army Lieutenant General David W. Barno wrote in a 2015 article for the military affairs website “War on the Rocks.” “Fixing this massive problem will require a new form of civil defense for the 21st century, with active engagement from citizens, the private sector, and government officials at all levels.”
But it’s far from obvious that Americans today can be recruited to such an effort, even if the safety of the nation is in peril.
The cybersecurity stakes are high. At first, foreign attackers just stole secret files, like military plans or the personnel records of government workers. Now they allegedly tried to influence the presidential election. What’s next? Phone networks, electricity grids, or drinking water supplies? Hitting any one of those would sow chaos.
Civil defense is a familiar concept to baby boomers, who grew up with the threat of nuclear attack. In 1954, 12 million Americans took part in a nationwide air raid drill. Schools taught students to duck beneath their desks and cover their eyes from atomic blasts. Homeowners were urged to build fallout shelters in their backyards.
To this day, some countries retain active civil defense programs. Every year Taiwan stages a nationwide air raid drill to prepare for a possible attack from mainland China. In October, 40 million Russians took part in massive civil defense exercises. But by the mid-’60s, the US civil defense craze was on the wane. Americans realized such preparations would be useless in an all-out nuclear war.
Air raid drills and bomb shelters are useless against hackers as well. But a digital civil defense could teach millions of citizens to secure their own devices before they’re used by hackers as a gateway into bigger networks.
“Americans will need to do more to protect their own personal networks from attack,” Bensahel said in an interview, “especially because any insecure system can become a back door to hack into more sophisticated systems.”
What would a cyber civil defense campaign look like? Much of the materials have already been developed by the National Cyber Security Alliance, a Washington-based partnership between the Department of Homeland Security and several private companies that include Raytheon Co., RSA Security, Microsoft Corp., and Facebook Corp. The alliance sponsors curriculum materials to teach digital security concepts in schools and online security guides for adult consumers, and is also behind such events as National Cyber Security Awareness Month in October and a yearly Data Privacy Day on Jan. 28.
But Michael Kaiser, the group’s executive director, conceded these efforts have barely made a dent in public awareness.
“You have to spend the time to proliferate it into everyone’s consciousness,” Kaiser said. “We’re talking about educating everybody. And that’s not easy.”
One reason, said Juliette Kayyem, a lecturer in homeland security at Harvard University’s John F. Kennedy School of Government, is that most cybercrimes are nonviolent. “There’s no ‘boom’ moment,” Kayyem said. That makes it hard to rally the public around a serious civil defense campaign against them.
Kayyem said a major attack on a critical target like a water treatment plant or a power station might make citizens take the threat more seriously. But even then, Kayyem suspects that Americans will eventually retreat to our old ways.
“That unity of effort — you grab it for a moment after 9/11 or after the Boston Marathon,” she said. “There’s this brief moment where everything can get done, and you try to grab it, and it dissipates.”
Public cynicism would also undermine a cyber civil defense system. Historian Susan Roy said Americans of the 1950s believed government knew best.
“We were a much more naive country,” said Roy, author of “Bomboozled,” a book about the civil defense program. “We had three networks; everybody got their news from the same place. There was much more trust in government. We’d just gotten done winning World War II.”
The debacle of Vietnam and the turmoil of the 1960s changed everything. Roy believes that an old-school civil defense program aimed at mobilizing the entire country would be doomed to failure.
“I can’t imagine anything like that working now,” she said.