On Sunday, 60 Minutes aired a story about the National Security Agency. It focused in part on the role the NSA plays trying to thwart cyber attacks against the United States. It's good that America has smart people focused on our cyber-vulnerabilities. Foreign adversaries certainly have an incentive to exploit some of them, just as the U.S. and Israel used Stuxnet to exploit vulnerabilities in Iran's cyber-security.
What confounds me is the plot that 60 Minutes presented as one that the NSA has thwarted. In their telling, the agency may well have saved the global financial system from a viable Chinese attempt to destroy every computer in the world!
The transcript shows how 60 Minutes presented this part of its story:
John Miller: Could a foreign country tomorrow topple our financial system?
Gen. Keith Alexander: I believe that a foreign nation could impact and destroy major portions of our financial system, yes.
John Miller: How much of it could we stop?
Gen. Keith Alexander: Well, right now it would be difficult to stop it because our ability to see it is limited.
One they did see coming was called the BIOS Plot. It could have been catastrophic for the United States. While the NSA would not name the country behind it, cyber security experts briefed on the operation told us it was China. Debora Plunkett directs cyber defense for the NSA and for the first time, discusses the agency’s role in discovering the plot.
Debora Plunkett: One of our analysts actually saw that the nation state had the intention to develop and to deliver, to actually use this capability—to destroy computers.
John Miller: To destroy computers.
Debora Plunkett: To destroy computers. So the BIOS is a basic input, output system. It's, like, the foundational component firmware of a computer. You start your computer up. The BIOS kicks in. It activates hardware. It activates the operating system. It turns on the computer.
This is the BIOS system which starts most computers. The attack would have been disguised as a request for a software update. If the user agreed, the virus would’ve infected the computer.
John Miller: So, this basically would have gone into the system that starts up the computer, runs the systems, tells it what to do.
Debora Plunkett: That's right.
John Miller: —and basically turned it into a cinderblock.
Debora Plunkett: A brick.
John Miller: And after that, there wouldn't be much you could do with that computer.
Debora Plunkett: That's right. Think about the impact of that across the entire globe. It could literally take down the U.S. economy.
John Miller: I don't mean to be flip about this. But it has a kind of a little Dr. Evil quality—to it that, "I'm going to develop a program that can destroy every computer in the world." It sounds almost unbelievable.
Debora Plunkett: Don't be fooled. There are absolutely nation states who have the capability and the intentions to do just that.
John Miller: And based on what you learned here at NSA. Would it have worked?
Debora Plunkett: We believe it would have. Yes.
There's a lot of sly hedging in there, but the impression 60 Minutes leaves its viewers with is unmistakable: that China has the capability and intention to destroy every computer in the world, but the NSA stopped its dastardly plot, averting the possible collapse of the United States economy, or perhaps the world economy.