One of the participants in a discussion reported by Troy Schneider in: Cybersecurity the right way attributes the formation of the Department of Homeland Security (DHS) to “…planes flew into buildings, right?”
I’m not sure reduction of 9/11 down to “…planes flew into buildings…” will be popular, but it did result in a wasted $5+ Trillion to date. If you are looking for funding, a 9/11 equivalent event would be hard to beat.
The question that came to me: What qualifies as a cyber 9/11?
I have a short list of things that didn’t:
- Office of Personnel Management (OPM) – “…greatest theft of sensitive personal data in history.” Why the OPM Hack Is Far Worse Than You Imagine Data on all prospective, former and current federal employees since 1985.
- National Security Agency hacking tools stolen and leaked on the Internet. Shadow Brokers Group Leaks Stolen National Security Agency Hacking Tools
- CIA hacking tools known as Vault 7 leaked by Wikileaks. Wikileaks releases document trove allegedly containing CIA hacking tools
- US-South Korea war plans. North Korea ‘hackers steal US-South Korea war plans’
Based on public response of the government and industry, none of those events was a cyber 9/11. (I remember the Clinton email breach, but stealing a gmail password hardly qualifies as a “hack.”)
There is an interactive visualization of data breaches that allows you to filter by organization and method of leak, then viewing the results by calendar year: World’s Biggest Data Breaches (losses > 30,000 records)
By implication, none of those breaches were sufficient to be a cyber 9/11.
I’m really at a loss to say what the cyber equivalent of “…planes flew into buildings…” would look like.
Perhaps the primary reason for the lack of a cyber 9/11 event is the distraction of hackers with more profitable targets. It might be interesting to have a copy of the National Crime Information Center (NCIC) databases, but it would be a niche item. Unless you are into suppressing civil dissent, etc.
On the other hand, the genealogy people might go nuts over it. Would need to test the market before putting a lot of effort into it.
Cyber 9/11 events? Suggestions?