17 Years Later: Applying Post-9/11 Lessons to Potential Cyber Attacks

Josh Geltzer, Jen Easterly, and Luke Hartig wrote a piece for Just Security about how the lessons of 9/11 can apply to cyber security.

Seventeen years ago today, Americans learned all too tragically that, as the 9/11 Commission later put it, “the system was blinking red” for a reason. Our country, we came to realize, had been facing grave terrorist threats for which our leadership had suffered “a failure of imagination,” in the words of the Commission’s co-chair. The consequences were terrible to behold.

Today, we are told by Director of National Intelligence Dan Coats that “the warning lights are blinking red again”—this time to alert us to the threat of cyberattacks. As former senior counterterrorism officials, we believe that 17 years of lessons learned from addressing terrorist threats can help us to tackle today’s ever-growing array of cyber threats. At the same time, we worry that talking about “blinking red” warnings in advance of a potential “cyber 9/11” may misapprehend the nature of the cyber threats we face. Cyberattacks don’t produce the unmistakable, crystallizing violence that our nation experienced on 9/11. Instead, they unfold more insidiously. And, in that sense, we’re not still waiting for a cyber 9/11. It’s already here.