The potential for a ‘miscalculated’ enemy cyberattack keeps me up at night, warns Pentagon cyber chief

If there is one thing that keeps the Pentagon's cyber chief up at night, it's the potential for an enemy to "miscalculate" a cyberattack that creates much more damage than is intended.

When asked what kept him up at night, Deputy Assistant Secretary of Defense for Cyber Policy Ed Wilson told members of Congress it was the possibility for an enemy to miscalculate an attack.

"I think it would be the miscalculation of an adversary that is trying to seek ... an outcome it miscalculates with regards to how they go about doing it, the WannaCry like incident, that maybe has much more implications worldwide or globally than what an actor would have anticipated. And so, that's what I guess keeps me up in the middle of the night," Wilson said.

The WannaCry attack was one of the most high-profile cyberattacks in recent years. The initial outbreak occurred in May 2017 and would eventually affect more than 300,000 computer systems across the world. Victims of the attack were greeted with a window that claimed their files had been encrypted and the only way to get them back was to send $300 worth of Bitcoin to a listed address. By the time the attack stopped in June, more than $130,000 in payments had been made and billions of dollars worth of damage had been done.

Tom Bossert, Trump's former Homeland Security adviser, confirmed in a December op-ed that North Korea was behind the attack.

"The world is increasingly interconnected with new technologies, devices, networks and systems creating great convenience," Bossert wrote. "Unfortunately, that provides bad actors opportunities to create mayhem with the hope of anonymity, relying on the complex world of ones and zeros to hide their hand. They have stolen intellectual property and done significant damage in every sector."

Cybersecurity experts have long warned of the unintentional danger posed by cyberweapons. The ambiguous nature of cyberactors means that it is often difficult to determine an adversary's intention. Governments and militaries also run the risk of falling victim to "false flags," or operations in which one actor makes it appear like another is responsible for an attack.

"Due to the difficulty of determining whether certain activity is intended for espionage or preparation for an attack, cyber operations run the risk of triggering unintended escalation," wrote Benjamin Brake, a fellow with the Council on Foreign Relations in 2015.

Comments are closed.