LAS VEGAS Different wars for different times. Cofer Black, a former top CIA counterterrorism official, said on Wednesday he sees parallels between the terrorism threat that emerged before the September 11 attacks a decade ago and the emerging cyber threat now.
The question of validation -- judging the severity of the threat and who is behind it -- is just as much an issue now as it was in the lead-up to the September 11 attacks, he told an audience of information security experts at the annual Black Hat conference.
Black said he became very familiar with al Qaeda during his 28 years at CIA, including one assassination attempt against himself.
But despite what seemed to be a growing threat from the group "there was a biased view" in the 1990s that, while al Qaeda and its leader Osama bin Laden funded terrorism, they did not initiate attacks.
It was a time when the United States viewed terrorism as mainly a state-sponsored threat and its array of assets to counter that threat was limited, Black said.
When the USS Cole was attacked in a Yemeni port in October 2000, the "demand for validation" that the order came specifically from bin Laden took too long, four or five months, he said.
"Validation of threat and attack will come to your world," Black told the audience.
A "state actor" was blamed on Wednesday for a massive wave of cyber attacks that spanned five years and affected the networks of 72 organizations around the world, including the United Nations, governments and corporations.
Security company McAfee's report, which coincided with the Black Hat conference, did not name the state, though one security expert who has been briefed on the hacking said the evidence points to China.
The roughly 6,500 conference attendees include visitors from Bulgaria, Costa Rica, Vietnam, Israel, Argentina, Japan, Britain, Canada, and other countries.
STUXNET IS THE FUTURE
Black told the group "there was a lack of appreciation" in some corners of government of how great the threat from al Qaeda was going to be.
He sees the same thing happening now with cyber threats. "Men's minds have difficulty adapting to things which they have no personal experience," he said.
"The decision makers of today are still sort of in that boat. They hear it but they don't believe it," Black said.
He said that during his lifetime the biggest threat concerns have gone from nuclear annihilation to the global war on terrorism and now cyber warfare.
"The Stuxnet attack is the Rubicon of our future," he said.
Stuxnet computer worm targeted industrial control systems sold by Siemens that are widely used around the globe to manage everything from nuclear power generators and chemical factories to water distribution systems and pharmaceuticals plants.
The attack was expensive so a nation state was likely involved, he said.
Because Stuxnet infected Iran's nuclear enrichment infrastructure, some analysts have speculated it was created by the United States and Israel to cripple Tehran's suspected nuclear arms program.
"Cyber will be a key component of any future conflict whether it's with a nation state, a rogue state or terrorist groups," Black said.