The Center for a New American Security is hosting an event on cybersecurity next week. Some fear‐mongering in the text of the invite caught my eye:
[A] cyberattack on the United States’ telecommunications, electrical grid, or banking system could pose as serious a threat to U.S. security as an attack carried out by conventional forces.
As a statement of theoretical extremes, it’s true: The inconvenience and modest harms posed by a successful crack of our communications or data infrastructure would be more serious than an invasion by the Duchy of Grand Fenwick. But as a serious assertion about real threats, an attack by conventional forces (however unlikely) would be entirely more serious than any “cyberattack.”
This is not meant to knock the Center for a New American Security specifically, or their event, but breathless overstatement has become boilerplate in the “cybersecurity” area, and it’s driving the United States toward imbalanced responses that are likely to sacrifice our wealth, progress, and privacy.