9/11 Commission: History could repeat in cyber realm

Ten years after their report, the authors warn of complacency in the face of a growing threat from state actors.

A decade after the release of the 9/11 Commission report, the United States is at risk of a similar type of attack in cyberspace, according to the original authors of the report.

The authors warn of complacency in the face of terrorism and the growing danger of cyber threats in “Reflections on the Tenth Anniversary of The 9/11 Commission Report,” which was released this week.

Cyberattacks and intellectual property theft continue to grow as government agencies continue to be penetrated. Equating the cyber threat to another 9/11 event, the authors argue that the gravity of the situation has not been grasped by the American public yet—and it might not be until it’s too late.

“History may be repeating itself in the cyber realm,” write the authors. The 10-member commission was headed by former New Jersey Gov. Tom Kean (R) and former Rep. Lee Hamilton (D-Ind.).  

The cyber threats come from both asymmetric and state-sponsored sources. Cyber criminals and groups such as the Syrian Electronic Army have conducted attacks on commercial and political groups. Meanwhile, government-backed hackers continue to find avenues of attack against American private industry and government.

“Over the past decade, cyber threats have grown in scale and intensity, with major breaches at government agencies and private businesses,” the report reads. “The threat emanates largely not from terrorist groups but from traditional state actors such as China, Russia, and Iran.”

The new report offers several recommendations to defend the cyber realm.

One of the most pressing problems the authors found is that public knowledge is lagging behind official awareness of the cyber threat. The government will have to clearly explain the dangers associated with cyber threats while teaching private citizens and industry how to protect their data systems.

Meanwhile, Congress should enact cybersecurity legislation that would facilitate private-public partnerships in dealing with cyber threats, allowing companies to share threat information with the government—something that Congress has tried and failed to do for years. The report also suggests that Congress should consider granting legal authority to private companies that have been attacked.

The government will also have to continue to build norms of the cyber realm while deterring cyberattacks from state actors, which involves communicating the consequences of cyberattacks through appropriate channels and following through with those consequences.

Finally, the report recommends that cyber responsibilities be more clearly delineated among the relevant agencies, saying that the Homeland Security Department and other agencies should be aiming to complement the capabilities of the National Security Agency and to avoid overlapping duties.

The recommendations appear to fall in line with moves by the government and private industry to shine more light on state-sponsored hacking.

Earlier this year, five members of the Chinese military were indicted by the Justice Department for cyber espionage against private companies earlier this year, marking the first time that the government has pressed charges against members of a foreign entity. Private security experts have also continued to release reports detailing the activities and locations of alleged Chinese state-sponsored hackers that have targeted American and European industries.