Over the past several years mainstream news outlets have conveyed a litany of cyber doomsday scenarios on behalf of ostensibly credible public officials. Breathless intimations of the End Times. The stuff of Hollywood screenplays. However a recent statement by the U.S. intelligence community pours a bucket of cold water over all of this. Yes, Virginia, It turns out that all the talk of cyber Armageddon was a load of bunkum. An elaborate propaganda campaign which only serves as a pretext to sacrifice our civil liberties and channel an ocean of cash to the defense industry.
Looking back the parade of scare stories is hard to miss. For example, in late 2012 Secretary of Defense Leon Panetta warned of a “cyber-Pearl Harbor.” Former White House cybersecurity official Paul B. Kurtz likewise spoke of a threat which he referred to as a “cyber Katrina.” Former NSA director Mike McConnell claimed that a veritable Cyberwar was on and chided the public “are we going to wait for the cyber equivalent of the collapse of the World Trade Centers?” Yet another NSA director, Keith Alexander, described cyberattacks as constituting “the greatest transfer of wealth in history.” And finally, Vanity Fair magazine published a hyperbolic article entitled “A Declaration of Cyberwar” wherein the NSA’s Stuxnet attack against Iranian nuclear enrichment facilities was likened to a cyber “Hiroshima.”
Yet the 2015 Worldwide Threat Assessment of the U.S. intelligence community submitted recently to the Senate Armed Services Committee has explicitly conceded that the risk of “cyber Armageddon” is at best “remote.” In other words, it’s entirely safe to ignore the hyperbolic bluster of the Cult of Cyberwar. Despite what we’ve been told the Emperor is naked.
What society has witnessed is what’s known in the public relations business as threat inflation. It’s a messaging tool that’s grounded in human emotion. Faced with ominous prophecies by trusted public servants the average person seldom pauses to consider the likelihood of ulterior motives or perform a formal quantitative risk assessment. Most people tacitly cede to the speakers’ authority —given that most speakers are, or were, high-ranking officials— and accept their graphic worst-case scenarios at face value.
The American public saw threat inflation back in the 1950s when American leadership hyperventilated over the imaginary Missile Gap. We saw it once again before the invasion of Iraq when President Bush spoke of a nuclear “smoking gun that could come in the form of a mushroom cloud.” And after reading through the various cyber metaphors described earlier it’s hard not to recognize the fingerprints of threat inflation at work.
The goal of threat inflation is to stir up anxiety, to foment a profound sense of apprehension so that the public is receptive to marketing pitches emerging from the defense industry. Studies conducted by accredited research psychologists demonstrate that anxious people will choose to be safe rather than sorry. In the throes of an alleged crisis, anxious people aren’t necessarily particular about the solution as long as it’s presented as a remedial measure; they don’t care much about the ultimate cost or the civil liberties they relinquish. They’re willing to pay a steep price to feel safe again.
So it is that American intelligence services have raised a global panopticon and in doing so engaged in clandestine subversion programs that span entire sectors of the economy. Speaking to the public our leaders justify mass surveillance in terms of protecting the American public against terrorists. Speaking to each other intelligence officers disparage iPhone users as ‘zombies’ who pay for their own monitoring. This sharp contrast underscores an insight provided by whistleblower Ed Snowden in an open letter to Brazil. In particular Snowden stated that “These programs were never about terrorism: they’re about economic spying, social control, and diplomatic manipulation. They’re about power.”
This process, of capitalizing on deftly manufactured emotional responses, has been called securitization and it puts the economic and political imperatives of corporate interests before our own. An allegedly existential threat like cyber Armageddon can presumably justify any cost in the throes of a crisis mentality. This is exactly what powerful groups are betting on.
But just because there are several types of insurance doesn’t mean consumers should go out and buy all of them. Prudent buyers won’t pay any price to be safe, they purchase coverage strategically. There are prices that clear-headed people won’t pay. Something to remember when the term “national security” appears in public debate.
Bill Blunden is an independent investigator whose current areas of inquiry include information security, anti-forensics, and institutional analysis. He is the author of several books, including The Rootkit Arsenal , and Behold a Pale Farce: Cyberwar, Threat Inflation, and the Malware-Industrial Complex. Bill is the lead investigator at Below Gotham Labs.