As surprising as it may sound, it already has.
“I think it’s absolutely feasible that similar types of incidents could occur here,” says Amit Yoran, a former U.S. cyberczar who now serves as CEO of forensic tools provider NetWitness. “There have been instances where U.S. government systems have been unavailable for various reasons like DoS attacks, worms or virus damage.”
However, several mitigating factors are at play, experts contend. For one, enemy countries and terrorist groups seem more interested in body counts than internet outages to make their views felt, Yoran says. “A web attack doesn’t have the psychological effect that many adversaries would look to in a Pearl Harbor-type event,” he says.
Indeed, the attacks against the Estonian government probably have had little impact on the average person, says Adam Powers, CTO of network security firm Lancope.
“If you want to demoralize people you take lives. Even the Estonia attacks likely have not affected citizens’ well being,” he says. “Is it causing them physical pain?”
Experts also contend American organizations likely have stronger defense mechanisms in place than other nations to offset such attacks.
“There are people who claim they can take down the power grid in six keystrokes,” Yoran says. “I don’t believe that. There’s real value in these corporations and in these government agencies in protecting those systems.”
Experts say they are more concerned about hackers silently stealing confidential information from organizations, or worse, insiders being used to launch potential attacks. “It’s these people that have privileged access to the resources,” says Mike Reiter, an electrical and computer engineering professor at Carnegie Mellon University and the technical director of CyLab. “If they did have the wherewithal and desire to launch these attacks, they definitely could do real damage.”