DEAR EDITOR:

I have been in security for 8 years.  Some of my friends say there is no such thing as cyberwar.  My manager says, "If you see it on the VRT Blog then it's so"  Please tell me the truth; is there cyberwar?

Virginia O'Hanlon.
115 West Ninety-Fifth Street.

Virginia,

Your friends are wrong.  They have been affected by the skepticism of a skeptical age.  They do not believe except what they see.  They think that nothing can be which is not comprehensible by their minds.  All minds, Virginia, are closed.

Yes, Virginia, there is cyberwar.  It exists as certainly as espionage, defacing and cybercrime exist, and you know that they abound and are a threat.  Alas!  Whenever there is a means for man to do ill to  his fellow man, that capability will be developed.

Not believe in Cyberwar!  You might as well not believe in enemies!  You might get your manager to hire people to watch all the inbound connections every day to catch the enemy, but even if they did not see them, what would that prove?  When they are at their best, nobody sees the enemy.  The most real and dangerous thing in the world are those that no one can see.  Did you ever see a keystroke logger on your system?  Probably not, but that's no proof that it is not there.  Nobody can conceive or imagine all the threats that are unseen and unseeable in the world.

Cyberwar is many things, Virginia, and sometimes we need to connect the dots to understand what is possible.  Have we ever been denied electricity by a foreign power?  No (we think).  But we know that networks can be penetrated, servers can be compromised and we even know that generators can be destroyed simply by instructions from control servers.  We also know that there are those who would seek to harm us.  So yes, Virginia, there is cyberwar.

But Virginia, an understanding that something is possible is not a license to let that thing dictate your life.  We need to recognize the threat, however unlikely, that cyberwar presents.  But not so that we can panic, cry and beg our leaders to give themselves more power.  Instead we need to understand the threat so we can improve our defenses and ensure that, if it were to occur, we would have a plan in place to deal with it.

We are right to look with skepticism when our leaders show us a problem and then present a solution that empowers them further.  We must never (again) allow our fear to weaken us to the point that we transfer all responsibility to our government.  A people without responsibility are a people without freedom.  Instead we must ensure that we all do our part, because if it comes to pass that a substantial cyber-attack does occur, we will all be responsible for helping to mitigate it.  But we must also hold our leaders in check; we must hold them accountable and ensure that they are prepared.  Yes, Virginia, it is a difficult balance, but it is one we must strike.

No cyberwar!  God, were that that was true.  It exists, and most likely will exist for as long as we are online.  A thousand years from now, Virginia, nay ten times ten thousand years from now, cyberwar will continue to be a threat.  But it is not a threat without checks and it is not an excuse for weakness and panic.