The Art of Cyber Warfare, Part 2: Digital Defense
Apr 30, 2008 4:00 AM PT
Part 1 of this two-part feature explores the threats and potential damages cyber attacks on civil and government systems pose to nations' security.
In Late April last year, about 1 million computers under botnet control started attacking the Estonian government's computers in a denial of service (DoS) assault. The onslaught continued for three weeks.
In the aftermath of this cyber warfare incident, NATO provided the Estonian government with some help in restoring the computer systems and investigating the attacks. Considerable evidence reportedly pointed to computers in Russia as the source of the commands, but Russia has denied any involvement.
The attacks were possibly organized by one or more well-known Russian hackers. One prominent theory is that Russian hackers were protesting the Estonian government's decision to move a popular monument.
Regardless of the culprits, the cyber attack on Estonia is one of a series of computerized warfare events regularly taking place globally. While few details are provided to the media, cyber attacks are on the rise.
"Besides the financially motivated attacks that have increased dramatically in frequency, politically motivated and funded attacks have significantly gone up," Mandeep Khera, vice president of marketing for Cenzic, told TechNewsWorld. Cenzic provides Web application security, testing and assessment.
"Many attacks have been made to a number of government agencies to steal intellectual property and other military intelligence. Many attacks from China were successful about a year ago in stealing government intelligence," Khera said. "What's even scarier is that millions of attempts are being made every day against our utilities, and other government agencies. Some of these go through while the vast majority are blocked."
These cyber attacks are extremely worrisome because politically supported attacks have the backing of strong entities. Sponsors of these cyber attacks are trying to gain control to the keys to the kingdom, Khera continued.
U.S. utilities and infrastructure aren't attackers' only potential targets; those of any nation are in the crosshairs.
"As more and more information is being accessed through Web applications, we are getting more vulnerable to cyber attacks at our national infrastructure. The virtual war doesn't kill people, but in some respects can be more dangerous than the physical war," Khera said.
TDI and the SANS Institute have reported a method of hacking the BMC (baseboard management controller) found on multitudes of computers. The BMC is a feature that contributes to green computing, but they are completely open to hacking, according to TDI's Vice President Jay Valentine. The vulnerability, he said, puts critical systems in danger.
"All existing security systems are built for software and hard drives that spin. However, with the advent of the BMC (the baseboard management controller), the operating system can be hacked from the firmware. All existing security measures are blind to this. We are working with the government to remediate [this]. The power industry has been hacked on this big time," Valentine told TechNewsWorld.
TDI administers cyber security for the CIA, Defense Intelligence Agency (DIA) and the Army and provides protection for nuclear launch codes, he said.
Cyber assaults may be viewed as part of a larger political picture called "irregular warfare." Many of the tenets of irregular warfare are evidenced in the Estonian cyber attacks and other less-known incidents.
"Irregular warfare has traditionally been the province of the weak against the strong, but that is changing with cyber warfare," Tom Mullen, a member of PA Consulting Group's management team, told TechNewsWorld. He heads the firm's federal and defense services practice.
"From David versus Goliath to American Colonists versus Redcoats to Islamic Terrorists versus Western Nations, usually the weaker force uses irregular tactics to defeat the stronger foe," he said.
Estonia established independence from the Soviet Union in 1991 and has since become a member of both NATO and the European Union. Earlier this year, it became the first country to allow online voting in a parliamentary election.
"In Estonia, we saw the suspicion that the much stronger nation (Russia) was behind them. This is an intriguing and largely overlooked aspect of the attacks," Mullen said.
A larger piece of the security puzzle often lies with finding the command elements. Even identifying the individual computers that initiated the action still does not identify who sponsored it, Mullen explained.
Even more troubling is the reality that attackers can use another nation's computers to do their dirty work, he said. Cyber attacks are especially intriguing because of the plausible deniability involved.
"Strong nations have been hurt by irregular warfare in the recent past and may well be concluding that irregular warfare is useful for their own purposes as well. Indeed, particularly in the area of cyber warfare, there has been a mini arms race amongst China, Russia, and the U.S. for network supremacy. We can expect more attacks like this to 'test' a nation's capabilities both offensively and defensively," Mullen warned.
Despite what could be taken as a Doomsday response over cyber warfare attacks, several nations are banding together to prepare a defensive plan. Part of this plan is to make people and the organizations they run aware of cyber warfare's potential.
"We are making headway. But it is not at the level we should be. There will always be an arms race," Derek Manky, lead cyber threat researcher for Internet security firm Fortinet, told TechNewsWorld.
Preparing for Attacks
Manky is confident that a drill known as "Cyber Storm" will produce meaningful results. The U.S. participated in two Cyber Storm exercises since last year.
Cyber Storm is a series of congressionally mandated exercises aimed at examining the nation's cyber security preparedness and response capabilities. The exercise simulated a coordinated cyber attack on information technology, communications, chemical and transportation systems and assets.
Just last month in Washington, D.C., the U.S. Department of Homeland Security (DHS) conducted what it called the largest cyber security exercise ever organized. The cyber preparedness exercises included federal, state and local governments, the private sector and the international community.
Cyber Storm II included 18 federal departments and agencies, nine states (California, Colorado, Delaware, Illinois, Michigan, North Carolina, Pennsylvania, Texas and Virginia), five countries (United States, Australia, Canada, New Zealand and the United Kingdom), and more than 40 private sector companies. They include ABB, Air Products, Cisco, Dow Chemical Company, Harris Corporation, Juniper Networks, McAfee, Microsoft, NeuStar, PPG Industries and Wachovia.
Security software firm Secure Computing's experts firmly believe that part of the solution to cyber warfare's threat lies in the ability to spot threats before they happen. The company is developing proposals to research methods of choking out malicious software traffic.
"We need to take away the ability to send anything anywhere. Security companies are working on policies and procedures to do this," Phyllis Schneck, vice president of research integration for Secure Computing Corporation, told TechNewsWorld.
The security industry will have the ability in the near future to stop malware-based cyber attacks, she predicted.
"We are trying hard to close the back door but can't always control who owns it. Anyone can send anything he or she wants whenever. Our job is to know who the bad actors are and stop it," she said.