Terrorism expert Harvey Kushner says the most sensitive U.S. assets are at the mercy of any “hacker or cracker,” and the next major attack against the country will likely come through cyberspace, but he is also also cautiously optimistic that America’s best minds will be able to thwart the sinister intentions of its enemies.
During a recent appearance on WNYW-TV Fox 5 in New York City, Kushner offered a blunt diagnosis of the cyber threat facing the American people and the nation’s most sensitive national data.
“Any hacker or cracker from his or her basement can get into our national grid and get into our military hardware,” said Kushner in the Fox 5 interview.
Kushner, who is also director of the Homeland Security and Terrorism Institute at Long Island University, said this level of vulnerability is the price of rapidly advancing technology.
“The advances occur almost on a daily basis. So just when you have something up and you have it somewhat protected, somebody is able to compromise the system and get into whatever it is you’re trying to protect,” said Kushner, who fears the next major attack that succeeds against the U.S. will come from hackers.
“I do think that the next Pearl Harbor, so to speak, when it comes to a terrorist event here in the United States, certainly will be in cyberspace,” he said.
However, Kushner is quick to add the private sector in the U.S. is at the cutting edge of keeping pace with hackers.
“I’m quite confident that the private sector, because of its interest in the process, will try to develop better techniques to protect their infrastructure, whether it be Amazon or whether it be Google or whether it be any number of players out there,” he said.
The private sector must stay ahead of the curve, because businesses are a much softer target for hackers and failure to protect sensitive consumer information can bring misery to millions of Americans.
“The first line of defense when it comes to cyberspace actually is the private sector, whether it’s Home Depot or it’s Target or whether it’s your local hospital or your own database. You’re going to have to be responsible for putting up firewalls and other types of protections, so others can’t get in and do you damage,” said Kushner, who argued that leaning on the private sector for solutions is critical for anyone trying to keep the government from assuming a larger role in overseeing the Internet.
“We do not want it regulated,” he said. “There’s a lot of people who don’t want to regulate the Internet. They want to keep it as a free base of operation, and so that makes it vulnerable.”
But while private companies are expected to play a critical role in developing defenses against cyber attacks that can also be employed by the government, corporate vigilance is also responsible for alerting the Iranians to the most significant threat to the progress of its nuclear program, namely the Stuxnet worm.
“You know who blew the whistle on that was Symantec and a few of these other companies here in the West that protect the cyber industry,” Kushner said. “They noticed that was happening and they put out the report, so it exposed our intelligence agencies who were working very hard to disturb the Iranian nuclear system.”
The most extensive compromising of government data came through an attack on the Office of Personnel Management, which the government announced in June. The attack compromised sensitive information for as many as 18 million government employees, applicants and retirees. Most experts believe the Chinese are to blame.
Kushner said a lot more than personal information is at risk if hackers can access government systems.
“From traffic lights to medical records to water to power grids to your automobile and then again to our satellites and our military and to our government records, all of this is at risk,” he said, noting several adversaries have the ability to do the U.S. great harm.
“There are individuals as well as governments,” he said. “You can’t rule out a Chinese cyber attack or a Russian cyber attack or an ISIS cyber attack.”
Kushner doesn’t believe U.S. officials made cyber security less of a priority, but he said efforts at the federal level fell behind nonetheless.
“I think it’s been a priority, certainly after 9/11 and the realization of what could happen. But not enough was done. As you see, they were able to get in and get compromised records,” said Kushner, who added that cyber security needs to be a higher national priority in the budget as well.
“Our representatives in Washington need to allocate much more money to cyber defense, especially when it comes to our military and to our power grids and to our services that keep our country running on a 24/7 basis,” he said.