Close your eyes and try to envision the biggest threat to America's cybersecurity — something that could knock out power to a city in a blink.
What image is floating there? A dark room full of foreign soldiers, staring intently at computer screens? Russian President Vladimir Putin, possibly shirtless and on a horse?
Think smaller. Think cuddlier.
Think squirrels. But bonus points if you imagined Putin on a Shetland pony.
As the nation is at perhaps its most apoplectic about what, exactly, Russian computers are doing to American ones, a cybersecurity expert pointed out this week that most are ignoring an insidious, bushy-tailed foe that occasionally buries acorns and gets squashed by mail trucks.
Since 2013, Cris Thomas, a cybersecurity expert who has testified before Congress, has been tracking reports of “cyberwar operations” by animals in the English-speaking world.
Squirrels are the leading, and possibly cutest, attackers. They’ve been responsible for 879 successful attacks.
“If these numbers are accurate, squirrels just aren’t winning the cyberwar, they’re crushing it,” he told Shmoocon 2017, an annual East Coast hacker convention, earlier this week.
His speech, aptly, is titled “35 Years of Cyberwar: The Squirrels are Winning.”
— CyberSquirrel (@CyberSquirrel1) September 29, 2016
It’s the latest iteration of his attempts to dispel myths about the threat of cyberwarfare and focus Americans' fears where they should be rightly placed.
“A lot of people don’t understand the word ‘cyber,’ and because we don’t understand it, we’re afraid of it,” Thomas told The Washington Post. “And because we’re afraid of it, it must be bad.
“We’ve been told to fear cyberattacks from large-threat actors that will cripple the electric grid — there has been no dissenting voice.”
The U.S. government has launched an investigation into the alleged Russian hacking, which has caused a domino effect in American politics on the eve of a transfer of presidential power.
Over the weekend, Rep. John Lewis of Georgia, a prominent Democrat and a civil rights icon, said that Russia’s hacking of the Democrats was part of a conspiracy that he believes delegitimizes Donald Trump’s election.
The war of words escalated, and now dozens of Democrats have said they’ll skip Trump’s inauguration. Nearly two of every three Americans believe Russian hacking affected the election — and eight of 10 Democrats, according to a Washington Post-ABC News poll.
As The Post’s Andrea Peterson reported, a devastating cyberattack is a common doomsday scenario on Capitol Hill.
“Practically speaking, an adversary is going to go after our civilian infrastructure first,” former National Security Agency and U.S. Cyber Command chief Keith Alexander said during a hearing last fall. “We’re seeing that in some of the things going on today. Take down the power grid and the financial sector, and everybody’s going to forget about these problems.”
But right under their noses — or possibly above them, hopping across a power line — is a looming menace.
In 1987, a rogue squirrel took out power to Nasdaq’s computer center for 90 minutes, according to the New York Times. It disrupted 20 million trades. And Thomas keeps lists of other animal saboteurs — a bird that stored 300 pounds of acorns in a microwave transmitter, jellyfish that pooled in a power plant’s water tanks. Even a power outage caused by “caterpillars, lots of them.”
Last year, humans were responsible for a coordinated attack on the Ukrainian power grid. Ukrainian officials were able to get the power back on in a few hours.
Thomas told The Post that the Ukraine incident shows that power companies and other critical industries have weaknesses, and “we need to fix these problems and devote some resources.”
“But we can’t go whole hog and go Cheney doctrine,” he said, referring to former vice president Richard B. Cheney. “It’s like terrorism and Iraq. We just went totally nuts trying to solve this one problem. When it comes to the hype that’s out there from the cyberwar hawks, I think we need to tone it down a little bit.”
After all, he says, more outages are caused by actual hawks, anyway.