For just 0.015% of what the United States spends annually on defense, a computer expert could put together an army of hackers and stealthy programs that could take down any country's cyber-infrastructure. How could we possibly defend ourselves against that?
The two year, 100 million dollar figure comes from Charlie Miller, who worked on computer espionage prevention at the National Security Agency for five years before moving into the private sector. Asked by Estonia's Cooperative Cyber Defence Centre of Excellence to figure out what it would take to virtually attack an entire country's computer-based infrastructure.
Miller explained that the ease of the task surpassed even his disconcertingly low expectations:
"I pretended North Korea asked me to scope out the job of orchestrating a cyber attack on the United States. I lay it out as I would do it realistically. I already knew it was easy, but now I know in detail how easy it would be. We are certainly very vulnerable."
The battle plan he drew up involves broad-based attacks on smart grids, banks, and communications systems. (Basically, we're talking Live Free or Die Hard with less preposterous Bruce Willis action.) The cyber army would number about a 1,000 soldiers anywhere in the world, some of whom would be elite uber-hackers but many of whom could be little more than average, college-educated computer enthusiasts.
The key, Miller explained, would be to use those two years to covertly breach secure networks and leave cyber beachheads that the invasion force can later use to cement their position. Such preparation would be necessary and make victory all but inevitable, but it would give the target a slim hope:
"Once you give me two years to get set up you are basically screwed. But, during the two years you have the opportunity to see what is going on and stop it before it gets going."
Miller used North Korea in his scenario because they have the least to lose and the most to gain from taking down the internet. They are so isolated and so behind in computer technology that they would barely feel the loss of the global technology infrastructure, and so dramatically leveling the playing field would likely give them the best chance in an all-out war.
There isn't much of a silver lining here, although our best hope is probably hacker morality. As much as the foot soldiers in this cyber army could be drawn from anywhere, the top echelons of the invasion force would need to come from a very small group of world-class hackers, and there probably aren't enough of them who are sufficiently amoral to go along with such a destructive scheme.
Mark Harding, the president of the National Security Corporation, wrote his thesis on cyber war at Naval officers school. He argues that it's this human element that gives us the best chance against computer attack:
"There are people I know who have indicated they can take the entire Internet down and they can. But, they don't because they believe in doing no damage and not taking anything that isn't theirs. It's when you lack a skill set of morality and discipline when you end up on the dark side."