The Drums of Cyberwar
Nov 17, 2009 10:37 AM PT
The world's increasing reliance on information technology, combined with the growing sophistication of cybercriminals and cyberattacks, is leading to a sort of cyber-cold war, according to a new report from computer security research firm McAfee.
For example, Estonian government and commercial Web sites were hit by a series of denial of service attacks over a period of weeks back in 2007. Technical analysis showed the attacks came from sources in Russia, but the Russian government denied any responsibility and refused to help find or prosecute the suspects, the report states.
In August, tensions between Georgia and Russia overflowed onto the Web when Russians apparently attacked the Web site and blog of an Estonian writing about the problems between the two countries. The attacks denied millions of people around the world access to their Twitter and Facebook pages.
"Those people were collateral damage in the attack on the Georgian blogger," Dmitri Alperovitch, vice president of threat research at McAfee, told TechNewsWorld.
Getting Ready for Cyberbattle
Governments around the world are preparing for future cyberattacks, the McAfee report says. NATO has set up a "Center of Excellence" for cyberdefense in Estonia to study cyberattacks and determine under what circumstances such an attack should trigger NATO's common defense principle. That principle holds that an attack on one member is an attack on all.
In June, U.S. Secretary of Defense Robert Gates announced the formation of the U.S. Cyber Command. This is an organization under the U.S. Strategic Command led by a four-star general that will defend vital U.S. military networks, according to McAfee's report.
The UK government has recently announced plans to create a central Office of Cyber Security to deal with the rising level of online attacks. The office can mount a cyberattack in response to intrusions in extreme cases, the McAfee report states.
Other countries are contemplating similar measures.
The Dogs of War
So far, the hostilities have been confined to cybercrime and cyberespionage and do not amount to war, James Lewis, director and senior fellow of the technology and public policy program at the Center for Strategic and International Studies (CSIS), told TechNewsWorld.
However, countries have probably planned systematic attacks to use in a crisis, Lewis said. The major players are the United States, the United Kingdom, Russia, France, Israel and China, according to Lewis. Turkey, India and Taiwan may also be players, he added.
Other countries are engaged in cyberhostilities also. "I was in a meeting in Malaysia where I was told that there are a number of attacks coming from Indonesia," Randy Abrams, director of technical education at ESET, told TechNewsWorld. "But Malaysia and Indonesia are not at war, so I wouldn't call it 'warfare.'"
Defining when intrusions should be considered acts of war is critical, and McAfee's report lays out four criteria.
The first is the source. Cybersleuths have to ask whether the attack was carried out or supported by a nation-state. Second is consequence -- did the attack cause any harm? Third is motivation -- was the attack politically motivated? Fourth is sophistication -- did the attack require customized methods and/or complex planning?
Determining just who launched a given attack is seldom easy. "One of the problems we have is attribution," McAfee's Alperovitch pointed out. "Also, the weapons themselves are used both by nation-states and by cybercriminals, and separating the two is very difficult."
"It's difficult to attribute activities to a specific country due to the use of proxies and the nature of the public network," said Rick Caccia, vice president of product marketing at ArcSight.
Cybercriminals could have a major role to play in the event of a cyberwar. "Foreign governments use cybercriminals as irregular forces," CSIS's Lewis pointed out. "Left to their own devices, cybercriminals are only going to attack places where they can make some money; when they attack a government, it's usually someone else's idea."
Reworking the Web
The very nature of the Internet lays countries open to cyberespionage and cyberwar. "Networks are more open and porous than before, and that makes attacks easier," ArcSight's Caccia said. "More information is online in those networks and is more valuable, so they are more vulnerable to attack."
That means the Internet may need some amount of restructuring, according to McAfee. "We need to rework the infrastructure of the entire Internet," McAfee's Alperovitch said. "It's not going to be done overnight; it's going to be done piece by piece."
That will be a very expensive proposition, but the cost could be shared among governments, private companies and individuals, Alperovitch said. "The cost of security now is enormous, with people losing billions of dollars, and governments having national security compromised because of this."