A secret National Security Agency program called "Perfect Citizen" detects a cyber terrorist threat. The president uses his emergency powers, the "kill switch," to seize the Internet and thwart the attack.

This scenario reads like an overwrought screenplay for a bad summer thriller. But the peril posed by a cyber attack is real. Today, the country still doesn't have an effective, coordinated plan of action in place to deal with such a danger.

Three weeks from the ninth anniversary of the 9/11 attacks, fears remain focused, understandably, on the physical targets: a building, a bridge, a tunnel. Or the players: The Christmas Day "underwear bomber" underscored how poorly airline passengers are screened. And the failed Times Square car bomber exposed our vulnerability to terrorists from within.

What's going on? Our foreign policy debate focuses on the connection between terrorism and engagement in Afghanistan; and our political debate dwells on the building of a mosque near Ground Zero.

Yet, there is no urgency - until, perhaps, when it will be too late - to deal with a threat that could take many lives and cause a severe economic disruption or widespread chaos. What would happen if an enemy nation or a terrorist group hacked into the computer systems of a major bank, the Hoover Dam, Kennedy Airport or the Long Island Rail Road?

The Pentagon's U.S. computer system is being probed millions of times a day. While some of these attempted hacks might come from a curious teenager in a Brookhaven basement, there is troubling evidence of malicious attacks. Earlier this year at least 34 companies - including Google, Yahoo, Adobe, Northrop Grumman and Dow Chemical - were part of a concerted cyber attack that originated in China. And it is happening everywhere. In 2008, Russia, shortly before invading neighboring Georgia, was accused of launching a series of cyber attacks against Georgia's security infrastructure, to disorient the country's defenses.

 

Getting serious about cyber terrorism, however, raises some profound questions about government powers, privacy and regulation of the Internet, which is now done by private enterprise.

Dozens of bills have been languishing in Congress. The one advanced by Sen. Joseph Lieberman (I-Conn.), chair of the Senate's Homeland Security Committee, raises the central question: Should the federal government be allowed to take over computer networks in an emergency?

Lieberman says his bill would give the president the power, in a national security crisis, to order Internet service providers, search engine operators and other businesses to take action such as shutting down their network or to stop accepting traffic from a certain country. If they refuse, then the government would have the ability to take control of those operations.

Opponents have derided the bill as giving the White House a "kill switch." That's too slick an argument that doesn't acknowledge that the president already has extensive power to take over the nation's communication systems in a national emergency.

But those concerns are real, and the Lieberman bill and similar ones don't adequately address them. What kind of threat or attack should trigger such an incredible intrusion into our ubiquitous information systems? Will it be the military, through the Pentagon, or a civilian agency, like Homeland Security, that assesses the threats and exercises the control? And once such a takeover was justified in the national interest, what exactly could the president do, and for how long? How can these powers to fight cyber terrorism be squared with the First Amendment? Are there threats to our public speech and private communications?

 

While the political battle over who can do what to whom and when plays out in Washington, the National Security Agency has awarded a contract worth up to $100 million to Raytheon to devise a way to monitor the computer systems of sensitive infrastructure, such as the electrical grid and nuclear power plants, and alert Washington immediately at the hint of any cyber attack.

Even if the NSA didn't give this program the unfortunate Orwellian name of "Perfect Citizen," the disclosure of its existence raised immediate concerns that the NSA was creating a surveillance program to eavesdrop on U.S. citizens. The NSA - whose job is to eavesdrop on the nation's enemies - quickly put limits on the program, describing it as a "vulnerabilities-assessment and capabilities-development" system. That's all the NSA has said about the secret project.

If that's truly what it is, then that is what's needed. Many of the computerized networks that manage the United States' infrastructure are old, and most were created before the dominance or even existence of the Internet. They have since been hooked into various national computer networks, but the fear is that they have weaknesses that can be exploited by hackers.

The nation must be prepared for a cyber war. That includes setting a chain of command for such an attack, determining the extent of the president's power during such an emergency, and developing a clear understanding of how the liberties of its citizens will be curtailed. If we don't do it now, it will be all the more terrifying then. hN

SUBSCRIBE

Unlimited Digital AccessOnly 25¢for 5 months

ACT NOWSALE ENDS SOON | CANCEL ANYTIME