The awakening to cyberthreats has been gradual. In 2010, news of the world's first cyberweapon – the Stuxnet computer worm that attacked part of Iran's nuclear fuel program – burst upon the scene, raising concern about broad replication. Then came an increasing onslaught from hacktivist groups, which often stole and released private data. Between December 2010 and June 2011, for example, members of Anonymous were responsible for cyberattacks against the websites of Visa, MasterCard, and PayPal, as part of a tit for tat over the controversial WikiLeaks website.
Last year came the bald warning from Defense Secretary Leon Panetta of the possibility of a "cyber Pearl Harbor" – perhaps perpetrated by an enemy nation, extremist hacktivist groups, or cyber-savvy terrorists – that could be destructive enough to "paralyze the nation."
The threats originate from any number of sources: the lone hacker in the basement, networks of activists bent on cyber-monkey-wrenching for a cause, criminal gangs looking to steal proprietary data or money, and operatives working for nation-states whose intent is to steal, spy, or harm.
But at the Pentagon, attention these days is focused on the advancing cyberwar capabilities of China, Russia, and, especially, Iran. Iranian-backed cyberattackers, who in September targeted nine US banks with distributed denial-of-service attacks that temporarily shut down their websites, were testing America's reaction, Dr. Lewis says. The same kind of attack took place in December.