Cyber War. It’s long been used to scare Americans into spending money. The military is again talking about protecting the country from disasters by training on cyber (information technology).
Who can forget, for example, the 2022 NYT opinion piece alarmingly titled:
I’ve Dealt With Foreign Cyberattacks. America Isn’t Ready for What’s Coming.
It’s been crickets since then, and rightfully so. In fact, Cyberattacks have been the exact opposite of such predictions with Russia losing badly and nobody really talking about it — a blog post for another day.
So let’s take a look one again at allocation of risk resources versus reality of disaster in America.
First, to properly set context, we should review a non-military operation meant to prevent fireworks on Independence Day.
Bay Area firefighters this year partnered with law enforcement to run a huge “zero-tolerance” policy.
Last year, authorities promised to crack down on the use of illegal fireworks by issuing a “zero-tolerance policy” in counties where fireworks were already illegal, The Chronicle reported. This year, authorities were expected to do the same. [Cal Fire Battalion Chief Jon] Heggie said Cal Fire departments were coordinating with local, state and federal agencies to create task forces intended to prevent the use of illegal fireworks. Anyone caught with illegal fireworks could be fined up to $50,000 and sent to jail for up to one year, according to Cal Fire.
Boom.
It seems to have been a great success as I’ve found exactly zero fires reported due to fireworks.
In fact, I’ve seen and heard almost zero fireworks.
Independence Day fireworks are a widespread tradition and zero evidence of them is actually quite peculiar. The only other time I imagine it’s been this quiet was in southern American states that lost their Civil War when they tried to spread vicious propaganda that the 4th of July is only a holiday for Black Americans.
Second, such success in suppressing personal fireworks lies in stark contrast to basically constant news about commercial fires running out of control.
I mean everyone surely knows how a privately-run power utility Pacific Gas and Electric (PGE) in California has been very weakly regulated, and continues to flaunt safety with massive repeated disasters.
Starting fires all over the place for decades, seemingly all the time killing Americans, hasn’t been stopped by local authorities and the military certainly hasn’t been called in.
The Wall Street Journal (subscription) reported that investigators attributed more than 1,500 fires to PG&E power lines and hardware between June 2014 and December 2017. CAL FIRE attributed 12 fires that started in Northern California on October 8 and 9, 2017 to PG&E power equipment.
It’s unbelievably just how constant disaster has become, literally synonymous with critical infrastructure in the U.S.
Is there an oil rig or tanker around somewhere?
Then you might as well expect a devastating breach of safety.
Did a power line run through some remote wilderness?
Then you might as well expect a devastating fire.
And no military response.
The biting analysis could go on for years, there’s so much evidence of critical infrastructure being a giant dumpster fire with little to no real safety.
Over 1,500 California fires in the past 6 years — including the deadliest ever — were caused by one company: PG&E. Here’s what it could have done but didn’t.
It has a real and present danger (including but not limited to wrongful death, personal injuries, property loss, and business losses), which is so very much worse than anything cyber.
Here’s a headline you WON’T see…
U.S. Marines Deployed to defend California from companies there running critical infrastructure — threat to national security is from the “business” of ignoring risk.
Third, in other words, it seems like on the 4th of July in the Bay Area you would need only to drive a big truck with PGE logos full of fireworks and you could launch all you want wherever you want. Just make sure you don’t put the word “cyber” on anything. It will be seen as business as usual for critical infrastructure.
In fact under the logos you could write “Go ahead and fine us again, we don’t care” as the motto of the privately-run power utility; nobody is going to call the Marines in to defend America from obvious and present disaster… unless of course (again) you put that word “cyber” on anything because that could get some attention.
Did I mention PGE is privately-run?
The wealthy owners faced upwards of $30 billion in fines from its disasters over just three years (2015–2018) and all they did was declare bankruptcy for ONE YEAR.
This is like Cyber War destroying PG&E ability to distribute power (even killing people and destroying homes and businesses) and the company announcing it will simply pay some fines and declare bankruptcy for a year then declare everything back to normal.
Does the US military have a training program for responding to that? Army of lawyers perhaps?
How bad can any Cyber War really be compared to ongoing existing disasters, seriously?
Is it any wonder we hear about “22 mayors, including San Jose’s, pushing to make PG&E customer owned” so it can be less of a threat to security.
And so (fourth), now let’s dig in a bit more to a National Interest story at hand about the U.S. Marines gearing up to defend America from “disaster”.
During a conflict with the United States, an opponent could try to disrupt power and water supplies by knocking regional power supplies off-line or cutting off access to running water. In response to this challenge, the Marine Corps is working with National Guard units to prepare for this challenge. […] “They vary in levels of sophistication from a cyber-criminal or hacktivist that is doing nothing more than low risk access attempts that can be mitigated by very simple security controls and elevate all the way up to the most advanced threat act or using sophisticated means of initiating access with stealthy movement throughout the IT enclave and into the operational technology enclave where the critical infrastructure is located,” [cyberspace operations chief of the Marine Innovation Unit, M Sgt. Mike] McAllister continued.
Oh no, a hacktivist! Wonder if that includes a mayor who would be trying a hack to protect his city from PG&E-led dangers.
Can you image the U.S. Marines being called in on behalf of a morally and literally bankrupt privately-run utility, to stop citizens and their leaders from defending against national security risks posed by those utilities?
Sounds like Guatemala, or Hawaii for that matter.
This is a topic I’ve worked on for ages, even inside the world’s leading response teams, and I have seen the worst of it. There’s even a post I wrote in 2019 about real cases of insider threats taking out water and emergency services. Nobody ever suggested a military response.
That’s probably why I see cyber much like Eisenhower described things in the 1950s: a funding sinkhole (congressional-military-industrial complex) begging for massive cash and time allocations when other areas of safety and security are in far greater need.
When the president’s brother asked about the dropped reference to Congress, the president replied: “It was more than enough to take on the military and private industry. I couldn’t take on the Congress as well.”
If firefighters and police can completely shut down fireworks to protect the country from disaster, let them go after the utilities too. The military probably wouldn’t even have to be involved in Cyber (just like they aren’t involved in fires) if American civic action to stop harms from giant private companies like bulk energy was in any way effective.
Related: “Was Stuxnet the First?”
