Cyberwarfare

Cyberwarfare raises issues of growing national interest and concern.

Cyberwarfare can be used to describe various aspects of defending and attacking information and computer networks in cyberspace, as well as denying an adversary’s ability to do the same. Some major problems encountered with cyber attacks, in particular, are the difficulty in determining the origin and nature of the attack and in assessing the damage incurred.

A number of nations are incorporating cyberwarfare as a new part of their military doctrine. Some that have discussed the subject more openly include the United Kingdom, France, Germany, Russia, and China. Many of these are developing views toward the use of cyberwarfare that differ from those of the United States, and in some cases might represent national security threats.

Cyberterrorism is also an issue of growing national interest. Many believe terrorists plan to disrupt the Internet or critical infrastructures such as transportation, communications, or banking and finance. It does seem clear that terrorists use the Internet to conduct the business of terrorism, but on closer inspection, however, it is not clear how or whether terrorists could use violence through the Internet to achieve political objectives.

Although the U.S. government is striving to consolidate responsibility for and focus more attention on cyberwarfare issues, it is not clear how successful those efforts will be. Congress may choose to examine critically the policies, organization, and legal framework that guides executive ranch decisionmaking on issues of cyberwarfare.

Tuesday, September 29, 2009

The fog of (cyber) war


Cybermilitias, black hat hackers and other non-nation-state bad guys blur the lines on the
virtual battlefield.

Don Tennant

Analysts and strategists gathered at the Cyber Warfare 2009 conference in London last
January were grappling with some thorny problems associated with the cyberaggression
threat. One that proved particularly vexing was the matter of exactly what constitutes
cyberwarfare under international law. There's no global agreement on the definitions of
cyberwarfare or cyberterrorism, so how does a nation conform to the rule of law if it's
compelled to respond to a cyberattack?
Back in the U.S. trenches, drawing up a legal battle plan is indeed proving to be
extraordinarily complex. Those definitions are especially elusive when you consider that
no one can even be sure who the potential combatants are.
"There is some real work that needs to be done, not only in the U.S., but globally, to think
about what is a use of force or an act of war in cyberspace," says Paul Kurtz, a partner at
Good Harbor Consulting LLC in Arlington, Va., and a former senior director for critical
infrastructure protection on the White House's Homeland Security Council.
The need to establish global norms about what is acceptable behavior in cyberspace, he
says, is complicated by the fact that "the weapons are not just in the hands of nationstates.
They're essentially in everybody's hands."
Steven Chabinsky
"Laws of war would forbid targeting purely civilian infrastructure," adds Steven
Chabinsky, senior cyberadvisor to the director of national intelligence. "But terrorists, of
course, don't limit themselves by the Geneva Conventions."
Time, effort and expertise
Further fogging up the battlefield is the fact that it's nearly impossible to identify all of
the potential targets. It is possible to conduct a threat assessment, however, and there
appears to be general consensus in the cyberdefense community that the biggest threat in
terms of scale is presented by nation-states.
"Cyberattacks which seek to manipulate [an adversary's] critical infrastructures would
take more time, effort and expertise than mere data theft," says Kenneth Geers, U.S.
representative to the Cooperative Cyber Defense Centre of Excellence in Tallinn,
Estonia. "But computer network defenders should understand that time, effort and
expertise are resources that militaries and foreign intelligence services often have in
abundance."
Analysts and former intelligence officials, including Kurtz, say that, not surprisingly,
China and Russia top the list of countries with highly developed cyberwarfare
capabilities. Kurtz also named Iran and North Korea as countries with known
cyberwarfare aspirations.
While Chabinsky declined to be specific because of concerns about compromising
intelligence-gathering methods, he affirmed that the U.S. has identified "a number of
sophisticated nation-state actors who we believe have the capability to bring down
portions of our critical infrastructure." Fortunately, he added, "we don't think they have
the intent to do so, [since] our country would respond accordingly, and not necessarily
symmetrically through cyber means."
On the other hand, Kurtz notes, governments "would have more resources at their
disposal in order to disguise or bury the true source of an attack." But, he says, "It would
be a grave mistake to believe that a small, well-funded cell could not inflict very serious
damage on the information infrastructure supporting the U.S. and the global economy."
Resources and motive
Chabinsky notes that deterring or responding to cyberwarfare threats from other countries
is more in the comfort zone of national governments. "There's a lot more to worry about
should the same computer network attack capabilities exist in the hands of irrational or
otherwise unrestrained criminals or terrorists," he says.
Intelligence officials and analysts agree that so far, there's little direct threat of a
cyberattack by organized terrorist groups. "Nonstate actors such as al-Qaeda probably do
not possess the infrastructure or expertise to attempt a cyberattack that would rival the
shock value of using bullets and explosives," Geers says.
But these officials and analysts recognize that terrorist groups have the resources and
motive to fund such activity by others.
Although terrorists may not be capable of attacking our critical infrastructure themselves,
"it's less clear whether they could find a hired gun to do so," Chabinsky says. "Obviously,
terrorist groups have the intent to harm us, are aware of the potential impact of a
successful cyberattack and would find the ability to attack us from a distance quite
appealing."
According to Chabinsky, some potential "hired guns" are in an extraordinarily effective
position to cause trouble. That position is within the walls of corporate America.
"I think the primary cyber-risk to our critical infrastructure is from disgruntled employees
who have insider knowledge and access," Chabinsky says. "Insider threats can take
advantage of the most serious vulnerabilities; in fact, they can create them. Could they
sell their capabilities to a terrorist group? Certainly."
Criminal element
To make matters worse, it's not only terrorist groups that are equipped to pose this sort of
threat. In fact, they may not even be the most ominous nongovernmental source of
potential cyberdamage.
Mike Theis
"I would say that currently, organized criminal activity provides a more pervasive and
damaging threat than organized terrorists," says Mike Theis, who until recently served as
chief of cyber counterintelligence at the National Reconnaissance Office (NRO), an
agency of the U.S. Department of Defense.
That could change at any time, Theis says.
While the motives of organized terrorists and organized criminals differ, their profitgenerating
tactics are largely the same. Terrorists use cybercrime to fund their ideologyinspired
activities, and criminals do it for the sake of profit itself (see sidebar, next page).
Theis cites the infamous Russian Business Network as an example of the cybercriminals
highest on the most-wanted list, but he pointed out that it would be difficult to name any
organized crime syndicate that's not heavily engaged in electronic crime.
"Traditional organized crime has now moved to cyberspace to commit, support and
enhance their crimes," says Ira Winkler, founder and president of Internet Security
Advisors Group. These crime syndicates are "performing intelligence and
counterintelligence collection of their own to see what governments are doing to stop
their efforts."
Moreover, Winkler says, drug cartels, organized crime gangs and terrorist organizations
are joining forces to combat the U.S. military and law enforcement agencies. "Possibly
most important is that Russian crime gangs are heavily involved with the Taliban and al-
Qaeda in the distribution of the poppy crops they grow," he says. "They are interested in
stopping any coalition efforts to slow down the poppy distribution."
According to Chabinsky, cybercriminals have increased the scope and sophistication of
their activities beyond those of all but a few nation-states. "There's big money to be had
over the Internet, and organized crime is spending a lot of time and money to enhance
their tradecraft," he says. "Organized cybercrime concerns me not just because of the
money being stolen, but because cybercriminals are gaining the capacity to harm our
critical infrastructure and could be motivated to do so as part of an extortion scheme."
Adding to the complexity of the problem are questions about the preparedness of other
countries to combat the threat.
Cyberweapons
According to former NRO official Mike Theis, terrorists and criminals pose similar
threats with respect to illicit profit generation. The following are some examples of
activity these groups might aim to perpetrate:
• Theft of personal information that could be used for sale to the highest bidder or
on an information exchange.
• Theft of trade secrets, intellectual property or superior business processes. "It
could be something as simple as your customer list, but there is usually a lot more
of value than that," Theis says.
• Cyberhostage taking. If the contents of your entire hard drive were remotely
encrypted by a hacker, would you pay $100 to get the decryption key? Would
10,000 people like you do the same?
• Cyberblackmailing. How much would you pay to prevent your
family/customers/competitors/regulators from knowing something that was found
on your computer?
• Cyberslaving. The perpetrator installs a back door or "loader" on your machine
and sells it to the highest bidder. It would allow the buyer to install any type of
software on that machine without being detected. "The last I heard, the average
price was still about $1 per machine," Theis says. "It's not uncommon to see
machines purchased in blocks of 10,000 or more in order to launch a denial-ofservice
attack."
"So basically," Theis says, "anything that can be done in the world of brick and mortar
has some type of a cyber equivalent."
"There is reason to consider whether some nation-states lack the ability to control
organized crime within their borders, lack the resources to control criminals who
victimize people and businesses outside their borders, or suffer from corruption in which
government officials are complicit in lucrative criminal schemes," Chabinsky says.
The hacker myth
Another complicating factor is that these criminal elements are anything but cohesive
units with consistent objectives.
"One of the things that's very tricky about cyberspace is you can have criminal
organizations easily morph with hacker organizations, and you may have a cell within
that that may have a different purpose or objective than the criminal organization," Kurtz
explains. "This comes down to the essence of what makes the cybertradecraft so
complex. It's only a keystroke difference between getting inside someone's system and
shutting it down."
Indeed, the role that hackers play on the cyberwarfare stage is widely underestimated. "I
think that a big myth is that cybercrime is still about a 15-year-old kid doing Web
defacements," Chabinsky says.
In truth, the hacker element is gaining influence worldwide, and that influence is being
targeted by governments. In China, hacker groups have traditionally been motivated by
national pride, says Carl Setzer, an associate partner at Dallas-based iSight Partners Inc.,
a security research firm that monitors hacking communities in China .
The government has done a good job of channeling that pride toward its own ends, even
if government officials don't issue direct orders to hacker groups, Setzer says. Still, iSight
Partners says it has found evidence of direct interaction between large Chinese hacker
groups and the government, a relationship Setzer characterizes as "indirect control."
According to Winkler, China has a problem it has to acknowledge. "They have the
Internet so filtered that even if [cybercrime] is not supported by the Chinese government,
given the hold they have on their Internet connections, they can't claim clean hands," he
says. "For them to say, 'We aren't noticing attack traffic' is absurd."
Plausible deniability
Of course, the Chinese government is hardly alone in its aim to manipulate the role of
hackers. Theis says cyberconflicts anywhere in the world that are attributed to the efforts
of "patriotic hackers" tend to be the stuff of myth. Usually, he says, they're the "wellthought-
out efforts of nation-states with well-developed strategies and resources."
Although Theis has no doubt that patriotic hackers participate in cyberconflicts, he's
convinced that far more is ascribed to them than real-world conditions would sensibly
allow.
"To be truly effective on anything other than the smallest of scales takes strategic
planning, resourcing and practiced execution to ensure activities are focused at the right
place and time to be a force multiplier, and not wasted on the overkill of nonessential
targets or activities," Theis says. "It seems ludicrous that countries that have stated their
understanding of the importance of cyberconflict dominance and have dedicated
resources to that effort would not use them in a decisive way, but [instead] would depend
on patriotic hackers to just happen to get it right and just at the right time."
Still, governments have every reason to want to strain the limits of credibility, Theis says.
"It's a nice myth to perpetuate if you're trying to maintain plausible deniability."
Jeremy Kirk and Sumner Lemon of the IDG News Service contributed to this story.
Next: A short history of hacks, worms and cyberterror
Related Links
• Internet Warfare: Are we focusing on the wrong things?
• The fog of (cyber) war
• A short history of hacks, worms and cyberterror
• Software: The eternal battlefield in the unending cyberwars
• The grid: The new ground zero in Internet warfare
• Russia's cyber blockade of Georgia worked. Could it happen here?
• Cyberwar's first casualty: your privacy
• The Internet is down. What does that really mean?

No comments:

Post a Comment