In the post-9/11 world, the Bush administration once created a color-coded guide used for
fear-mongering detailing the current threat level from bad actors worldwide.
This tool — which came to be known as the Homeland Security Advisory System — ranged from green (good) to red (start watching ‘Doomsday Preppers‘ and get in your survival bunker), depending on the risk of terrorist attack.
We’ll just overlook the fact that my local news uses the same system to let me know if I’ll be sniffling and rubbing my eyes all day based on pollen counts.
Today, the Obama administration released an accompanying schema to detail threat levels as they pertain to cybersecurity. It’s a natural progression. Terrorists around the globe are increasingly using social media and technology to further their own agenda. As such, moving to a system that can better accommodate terrorism threats in the cyber age is sorely needed.
But, this isn’t it.
The new schema, known as the Cyber Incident Severity Schema, seems like a ploy to advance the fear-mongering of the Bush administration into “Fear 2.0” mode as we enter the brave new world of cyber terrorism.
Whereas the Homeland Security Advisory System was at least accountable based on how often we reached a “red” threat level as opposed to how often something actually came of it, the new system is going to operate in the relatively ambiguous space of the internet. For the uninitiated these hacks often take place months before they’re made public — leading to a system that’s largely in place to tell us about hacks that already happened that we really can’t do much about.
These hackers, after all, aren’t typically taking to Twitter to announce they have backdoors into OPM, they’re spying on the Secretary of State or that they’ve accessed the email of more than one sitting President. Once that occurs, it’s far too late.
Additionally, the classification system is short on details. Is black essentially a declaration of war, or is it the WikiLeaks cable release from a couple years back? Is the OPM hack orange, or yellow? Does the Sony hack even fit on the scale since it was government-sponsored, but only really impacted a private company?
Let’s keep it real, the Cyber Incident Severity Schema is a scoreboard for getting pwned by hackers and detailing just how much it hurts. As such, the schema will come to be a talking point on the 24-hour news cycle, a tool to spread panic, a government handbook for how best to whip the population into a tizzy based on months-old threats — many of which have seen the bulk of their damage done by the point we get to classifying it.
It isn’t, and never will be, a tool that could be accurately used to predict, or eliminate, threats before they occur, nor should it be touted as the solution to monitoring, or responding to them.