The concern seems clear – if the choice is between Blue Cross being hacked and people needing to double-down on their identity fraud protection and a bomb going off on a busy public street, shouldn’t the bulk of our time and resources be directed at the one which might pose lethal risk?
This distinction between “physical terrorism” and cyberterrorism relies, in large part, on a false dichotomy between the physical world and the digital world – as if physical objects are not often controlled by computers or other digital devices. Many writers have talked about the disconnect between your life online and "IRL." Except in a world where you can lock your front door from your phone, disable alarm systems from your laptop, and drone strikes are conducted from behind computer screens, making this assumption is not only unrealistic but irresponsible.
Thankfully, the U.S. government does not seem to be making the same mistake about assuming cyberterrorism is categorically different or less serious. Two days ago, the President issued an executive order focusing on Cybersecurity. While it’s great to see someone taking the possibility of a full-scale assault on communication networks seriously, it still seems to take the issue less than seriously, and also focus primarily on the communication and economic impacts. You can read the White House’s summary of the initiative here.
Interestingly, the government should be among those who most know the physical implications of cybersecurity threats. After all, with ties to the infamous Stuxnet virus that took out an Iranian nuclear facility, the U.S. government is fully aware of the potentially catastrophic risks to physical infrastructure and human life that can come from the undermining of digital networks. But hey, that was an Iranian nuclear facility – and it’s not like there aren’t, you know, 1500 nuclear plants worldwide whose reactors were created by the same company and likely susceptible to the same or similar digital attacks.