The United States has been beset by hackers who have plundered the country’s intellectual property and meddled with its political system. But the worst could be yet to come in the form of a “cyber 9/11″—a term often invoked but rarely defined.
This week, two security experts speaking at Fortune’s Brainstorm Tech conference in Aspen, Colo. this week shared some unsettling specifics.
Jen Easterly, who helps lead cyber security defenses at Morgan Stanley, cited the powerful hacking tools that are already being deployed by the likes of North Korea to attack the international banking system. She warned a broader attack of this nature could create financial instability, and that the tools could be deployed against other critical targets.
“What’s a cyber 9/11? My scary scenario is non-state actors getting hold of these capabilities, and attacking the air traffic control system and the energy system,” said Easterly, who served in the army for 22 years and served as a counter-terrorism advisor to President Obama.
Jay Kaplan, CEO of cyber defense firm Synack, warned a cyber 9/11 could involve terrorists hitting not only the energy grid, but also water systems. He added that the U.S. had been attacked since “the start of the Internet” but that the country’s current lack of preparedness could expose it an unprecedented cyber disaster.
And while any worst case attack is likely to come from non-state actors (ie terrorists), Easterly and Kaplan say the cyber-threat from countries—especially China, Russia, and North Korea—remains very real. Both echoed Director of National Intelligence, Dan Coats, who stated this week that warning lights “are blinking red again” and a cyber attack is imminent.
And contrary to the doubt raised by President Trump over Russian interference in the 2016 election, both experts share the view of the intelligence community that such interference definitely occurred.
“There is incontrovertible evidence of a nation state sponsored attack,” said Easterly, adding the goal was to sabotage the country’s fair and free elections, and that such attacks amount to an attack on our “cognitive infrastructure.”
Synack also noted that the country’s broad cyber vulnerabilities stem in large part from a lack of qualified people capable of defending companies and governments. He called for more training, pointing to China, which he says is building six universities for cyber education.
On a brighter note, Synack said U.S. tech giants are doing a better job of working with intelligence agencies to address the problem of terrorists using popular websites to spread propaganda or plan attacks.
“Nobody wants terrorists on their platforms,” he said.
