Some opinions stated that a virtual mail system (paperless mail) would be more sensitive towards attacks than our current physical, paper-based mail systems. Considering the ongoing magnitude of cyber attacks, our first instinct was to go along with these opinions. But after some more thought we now can see a possible advantage for paperless mail systems when it comes to the cost efforts to prevent a malicious attack, or cleaning up after such an attack. In other words: We need to distinguish between the frequency of attacks and the cost of attacks.

Cost of attacks

Remember the 2001 anthrax attacks? They cost five priceless human lives. And resulted in the deployment of 1360 Bio Detection Systems (BDS) located at 271 locations. Further measures were the implementation of irradiation of mail for the White House, Congress, and the Library of Congress. The cost for irradiating D.C. federal mail exceeded $74.7 million from November 2001 through April 2008. The cleanup of the Brentwood and Hamilton facilities cost around $200 million. The overall cost is estimated to be well over $1 billion. Although the frequency of attacks involving paper-based mail systems was low, the resulting costs were quite high. Additionally, the source of repeated attacks, targeting or using paper based mail systems, is rather hard to track.

A digital paperless mail system, designed to be resilient against attacks, could be up and running again within hours after an attack. Backup sleeper systems could be functional in a short time, once the required DNS changes have trickled through the internet. Backup sleeper systems can be implemented several levels deep. By the time the last level backup system is compromised the first level system could be made operational again. The malicious attacker would then face a whack-a-mole situation. And the source of repeated cyber attacks is likely to be more traceable than the source of attacks on paper-based mail systems.