Cybersecurity: How much of a risk is there? The latest from the Bush Institute's "Ideas in Action"

Nightmare scenario: Hackers the country of which we cannot attribute go beyond the exploratory, are able to leave behind code that shuts down the electric grid for some large part of the country, and are able to do this more than once. Suppose we cannot with any confidence attribute the action to a state, but suspect a state is somehow behind the actions. Do we risk retaliation of a similar type, or do we retaliate in some other way, say economically or militarily?

On the other hand, suppose we have good reason to believe such a hacking does not originate from a state actor, but some small groups of hackers peppered over the globe. In that case, what could we do? Is there any realistic alternative than cyber defensive measures, and an international criminal law effort to nab the attackers?

Another worry: Suppose an enemy state decides that traditional military kinetic attacks are passe and unnecessarily risky of retaliation, and instead they wage what amounts to a sustained cyber war upon our economic infrastructure, perhaps including attacks on power grids. Suppose they do this, while carefully anonymizing the source, or suppose the do indeed 'outsource' this work to a terror group or some group of hackers, being careful to create plausible deniability.

Not enough 'what ifs'? How about this one. Granted, as is mentioned in the program, that the hackers have healthy self-interested reasons to leave the information infrastructure basically healthy, so that they can carry on their criminal activities, what risk is there that low level but persistent 'e-bank robbing' will go on, said 'robbing' funding state and/or non state enemies such as China, AQ, NOKO or Iran? Can we not assume that efforts along these lines are not already well underway, being kept at a low enough level as to not be too obvious, escalation risking a shutting of the door to future theft? What is the appropriate response to such activities? Do we hack into financial institutions in 'enemy cyber territory' and take back the money, or do we disable said 'banks'? What are the repercussions, if these are established institutions in those states? What sort of 'collateral economic damage' can we countenance? Can we expect some sort of retaliation? Don't states like NOKO, that have no appreciable source of money, no thriving market, but have ambitions, do they not have a strong incentive to, say, steal a buck from my bank account, your account, and millions of others, if they find there is a way to do so without being noticed? I don't know that I'd notice it. Would you?

Ok, enough questions. Be sure to watch the episode! Another great discussion.