Cybersecurity Threat Inflation Watch: Blood-Sucking Weapons!

by on March 22, 2012 · 6 comments

In their paper, “Loving the Cyber Bomb? The Dangers of Threat Inflation in Cybersecurity Policy,” my Mercatus Center colleagues Jerry Brito and Tate Watkins warned of the dangers of “threat inflation” in cybersecurity policy debates. In early 2011, Mercatus also published a paper by Sean Lawson, an assistant professor in the Department of Communication at the University of Utah, entitled “Beyond Cyber Doom” that documented how fear-based tactics and cyber-doom scenarios and rhetoric increasingly were on display in cybersecurity policy debates.  Finally, in my recent Mercatus Center working paper, “Technopanics, Threat Inflation, and the Danger of an Information Technology Precautionary Principle,” I extended their threat inflation analysis and developed a comprehensive framework offering additional examples of, and explanations for, threat inflation in technology policy debates.

These papers make it clear that a sort of hysteria has developed around cyberwar and cybersecurity issues. Frequent allusions are made in cybersecurity debates to the potential for a “Digital Pearl Harbor,” a “cyber cold war,” a “cyber Katrina,” or even a “cyber 9/11.” These analogies are made even though these historical incidents resulted in death and destruction of a sort not comparable to attacks on digital networks. Others refer to “cyber bombs” even though no one can be “bombed” with binary code. And new examples of such inflationary rhetoric seem to emerge each day. For example, today’s NPR’s Morning Edition program featured a segment by Tom Gjelten entitled, “Cybersecurity Bill: Vital Need Or Just More Rules?” that included the comments of Michael McConnell, a former director of National Intelligence, Here’s what McConnell said about cyberwar at the 6:30 mark of the show:

“this threat is so intrusive, it’s so serious, it could literally suck the life’s blood out of this country, and if we don’t address it, it’s going to be a severe impact and so I think we have no choice but to address it and some of that process will be regulatory.”

Wow, who knew the blood could literally be drained from our bodies by cyberattacks! Have the Chinese or Iranians developed a cyber-superweapon that can reach through our screens and suck the life right out of us? (Like a cross between Videodrome and Halloween III: Season of the Witch!)

I’m being silly, of course. And some might dismiss such rhetorical flourishes or even defend them in the name of “doing whatever it takes” to raise awareness about an important concern. But these fear-based tactics are dangerous. As Brito and Watkins note, “when a threat is inflated, the marketplace of ideas on which a democracy relies to make sound judgments—in particular, the media and popular debate—can become overwhelmed by fallacious information.” In my paper, I argue that technopanics and threat inflation can have many troubling ramifications. They can:

  1. Foster animosities and suspicions among the citizenry;
  2. Create distrust of many institutions, especially the press;
  3. Often divert attention from actual, far more serious risks; and,
  4. Lead to calls for information control.

But we shouldn’t expect such rhetorically tactics to subside any time soon. After all, bombastic predictions of an impending cyber-apocalypse are nothing new, especially because they are such an effective way to grab attention, headlines, and funding.

Back in January 1996, the conservative Weekly Standard magazine ran a truly over-the-top cover story by Charles J. Dunlap entitled “How We Lost the High-Tech War of 2007.” (The actual cover appears above and the whole outlandish article is worth reading for its comedic value if noting else.) It included a dramatic Tom Clancy-esque cover illustration of the U.S. Capitol building smoldering in flames after an apparent cyber-attack of some sort.  Of course, there was no High-Tech War of 2007. But talk is cheap and there are few downsides to using such alarmist tactics. Pessimistic critics who use threat inflation to advance their causes are rarely held accountable when their panicky predictions fail to come to pass. As journalist Matt Ridley correctly observes, “Pessimism has always been big box office.”  Bad news sells, and there are always plenty of buyers.

It’s a shame rational debate is increasing impossible in this and other Internet policy arenas.

Previous post:

Next post: