Editor’s note: Greg Shannon is chief scientist for the CERT Division at Carnegie Mellon University’s Software Engineering Institute, and chair of the IEEE Cybersecurity Initiative.
Director of National Intelligence James Clapper recently testified before Congress that his fundamental concern focuses on the “moderate, iterative and constant barrage of cyber attacks on U.S. infrastructure” that will “impose cumulative costs on U.S. economic competitiveness and national security.” Whether one agrees or not, Clapper’s comment led me to consider what an economy-threatening cyber attack really means.
A long-term cyber threat or attack might be like a war of attrition and last 30 years. If that shaves 1 percent of GDP each year, do we care? Is that “economy threatening”? This may well be the sort of assessment that policymakers will have to make on our behalf.
One approach is to distinguish between, say, petty crime and larger, broader threats. We can’t make everyone…
View original post 1,021 more words