The Winds of Cyber War
At the same time Georgia's physical defenses were under assault from Russian troops, its technological infrastructure was under assault from denial of service attacks, forcing many government Web sites offline. Cyber attacks will likely become an increasingly common element of future warfare, and governments are taking steps to shore up IT defenses.
The computer attacks Russia allegedly orchestrated against Georgia in August have raised the cyber warfare bar to a new threat level. The cyber assault that accompanied Russia's armed maneuver into its former territory of Georgia escalated to an international event.
The concept of hurting a nation's technological infrastructure as part of a wider conflict is not new. The extent to which the digital warfare was waged, however, clearly added to a growing concern that has already led U.S. officials to prepare for the next wave of computer warfare.
We now have entered a new age of cyber warfare, one in which attacks are apparently waged by governments for military purposes rather than -- or, perhaps, in addition to -- high-tech gangs of criminals seeking financial gain. Governments and Internet security firms are quietly gearing up for the potential onslaught. The U.S. government has created a secret computer warfare response team to meet this new international threat.
"We know that the U.S. Department of Homeland Security (DHS) is behind a big initiative on cyber warfare. We've seen more government reactions each time an incident is discovered. Generally, it takes six to nine months after a new incident to accelerate defensive efforts. We are slowly getting up momentum. We know that the U.S. government is involved in cyber attacks, but this is being hushed up," Mandeep Khera, researcher for Web application security security testing firm Cenzic, told TechNewsWorld.
Cyber War Primer
DHS statistics in published accounts showed that 37,000 attempted breaches of government and private computer systems were reported in fiscal 2007. Those incidents increased from the 24,000 reported the previous year.
In addition, FBI reports from last year show that 108 countries have dedicated cyber attack capabilities. Groups within China's government and computer networks based inside Russia have been linked to cyber attacks aimed at various government agencies in the U.S. and Europe.
For instance, for three weeks starting in April of 2007, 1 million computers under botnet control started attacking the Estonian government's computers in a denial of service (DoS) assault. Following that series of digital attacks, NATO provided the Estonian government with help in restoring its computer systems and investigating the attacks. Considerable evidence reportedly pointed to computers in Russia as the source of the commands; however, Russia's government has denied any involvement.
Computer security experts have theorized that cyber attacks like the ones hackers were using for spam and ID theft operations could easily become weapons for political and military purposes against governments. What happened in Georgia further supports the notion.
Russia's apparent effort to shut down Georgian government Web sites in August was one of the most public incidents of cyber attacks by a government to date. But what brought down Georgia's networks wouldn't have likely shaken the foundations of other governments that place a greater reliance on their IT infrastructures.
"The Georgia attack was more of an annoyance. It didn't really affect the government's response. Small countries like Georgia have no cyber resources. Overly technologically sophisticated countries such as the U.S., the UK, Germany and Japan can protect themselves. The rest can't," Patrick Peterson, IronPort vice president of technology and Cisco Fellow, told TechNewsWorld.
The effects of Russia's cyber assault were quickly mitigated. The Georgian government relocated its Web sites to U.S. servers, forcing the organizations behind the attacks to cease or else risk a much larger confrontation.
A One-Two Punch
On the surface, the Russia-Georgia confrontation is significant for two reasons. One, it appears to be the first time a cyber attack was coordinated with a conventional attack. Two, the cyber attack completed and reinforced the surface attack.
"The goal was to prove the Georgia government's weakness and helplessness. The response may not have been what Russia expected. The Georgia government migrated the Web sites to servers within the U.S. This then globalized the attack, pushing Russia into a situation where it had to press the attack against U.S. servers or stop attacking," Dominic Fedronic, CTO of digital identity assurance firm ActivIdentity, told TechNewsWorld.
It may very well be that Russia decided not to cross that line this time. But this raises a new prospect in future disputes, he said: the risk of globalization of cyber war.
The cyber attacks in the Georgia and Estonia incidents have several points in common, according to Fedronic. They were extremely distributed, and they were coordinated. In addition, they used a common tool set, and they originated from Russia and supporters worldwide.
The evidence suggests that the cyber attacks were preceded by extensive preparation -- renting Web resources or confiscating resources through acquired botnets, Fedronic said. This multi-pronged cyber attack maximized effectiveness and left defenders with few options to stop the attacks.
"You have to wonder if the cyber attack was deliberately planned by the government or was a spontaneous reaction to the political unrest. But does that answer matter at all? The fact is, the cyber attack happened," Fedronic added.
The initial scale of Russia's cyber attack against Georgia is significant. Most Web sites are prepared to handle five to 10 times the normal volume of traffic. Government agencies typically have a much higher threshold -- as much as 100 to 1,000 times normal volume, according to Peterson.
"That doesn't mean that a similar attack could not happen [in the U.S.] if we don't remain vigilant. Our Web resources are built for massive volume, so the bar needs to be much higher to have a successful cyber attack," said Peterson.
The U.S. government has already invested in protection based on what occurred in previous cyber attacks, he said.
More to Come
Fedronic and other security experts have no doubts that the Russian cyber attack against Georgia is just the tip of the iceberg, and he expects to see similar attacks in the future.
"I think that these cyber attacks will happen, so we need to be prepared for them. Historically, the goal of battle plans has been to shut down the enemy's commerce and ability to function. The Internet has become the main flow of business and communication," Fedronic said. "It is now clear that the first sign of upcoming warfare will be forays of cyber attacks. Cyber warfare is now a critical part of the picture."
Cenzic's Khera agrees. Cyber attacks have been more common than most people realize, he said.
Smaller attacks of a similar nature are almost common in some hot zones, according to Tom Stracener, senior security analyst for Cenzic. "The attack on Georgia shows an economy of scale," he told TechNewsWorld. "It was massive attacks on multiple levels. This is not just a U.S. problem. Hamas and Hezbollah have been doing this for years against Israeli Web sites. These types of attacks against opponents' Web sites are also very common in South America. All of this points to a future of widespread information warfare. It is becoming one more big weapon in the war arsenal."
The U.S. government decided 12 months ago to spend US$30 million to prepare for cyber attacks by establishing the Comprehensive National Cybersecurity Initiative (CNCI), according to Peterson. Reportedly, CNCI was commissioned by two different executive orders to proactively harden government computer systems against intruders rather than reacting to intrusions after the fact.
"The activities of the CNCI are so secretive that it functions as an underground agency. Even Senator [Joe] Lieberman, after hounding the administration for an explanation, only received an official letter that was heavily redacted, indicating that the CNCI is a super top secret agency that operates on a need-to-know basis," Peterson said.
Apparently, Sen. Lieberman didn't need to know.
"President Bush issued a Presidential Order in January 2008 to authorize steps for government agencies to react to such attacks," said Fedronic. "We don't know many details about what is taking place. The order involves a great deal of secrecy. But there has been considerable amount of organization and securing and predicting the number of potential attack points," he said.