the Profession of it
Cyber attack—the other side of cyber defense—deserves
a more open discussion than it has been getting.
DeFend OUr netWOrKS!” is the new rallying cry in a time of rising concerns over cyber vulnerabilities. Malware, Trojan horses, computer
system weaknesses, network vulnerabilities, intrusions, data theft, identity
theft, malicious botnets, and critical infrastructure protection are under constant discussion. Computing professionals are called on daily to help with
these problems. Cyber defense is the
topic of hundreds of conferences and
research papers every year.
photogrAph by depArtMent of defenSe / cherIe cullen
By contrast, cyber attack, the flip
side of defense, has been a touchy subject. Many people feel queasy when
they hear their governments want to be
in a position to launch cyber attacks.
Most public discussions of cyber attack
tend to focus on the “bad guys” (
unauthorized individuals with malicious
intent) who launch the attacks and the
methods they use—all for the purpose
of developing better defenses. Governments are quiet about not only their
cyber attack methods and operations,
but also the policies they follow. This
secretiveness has fueled many fears
that governments are up to things the
citizens would disapprove.
Yet there is a growing international
public discussion on cyber attack, promoted in part by reports of government
activity in the area. The U.S. Department of Defense established the U.S.
Cyber Command earlier this year to coordinate the cyber defense of military
networks and to direct military cyber
Defense secretary Robert Gates addresses the audience with Gen. Kevin Chilton, commander,
u.s. strategic Command, and Gen. Keith alexander, commander, u.s. Cyber Command, during
the activation ceremony of u.s. Cyber Command on fort meade, mD, may 21, 2010.
attacks. Other militaries are doing the
same. Security experts Richard Clarke
and Robert Knake believe that cyber
attacks and cyber war are already under way. 1 Massive denial-of-service attacks against government sites in Estonia in 2001 and Georgia in 2008 led
to charges that Russia was engaging
in cyber warfare. China was blamed
for infiltrating and stealing sensitive
data from Google’s network and other
targets in 2009. Many believe that cyber espionage by government intelligence agencies is widespread.
There is an important role for com-
puter professionals in the discussions
and other activities in this area. To
point the direction, we will use a re-
cent report on cyber attack from the
National Research Council. 3 The re-
port, which addresses the technical,
policy, legal, and ethical dimensions
of cyber attack, makes important dis-
tinctions that are useful to frame the
discussion. While written for the U.S.,
it discusses the issue in a way that re-
lates to many countries.
Cyber attack and exploitation
Cyber attack refers to deliberate
actions against data, software, or
hardware in computer systems or
networks. The actions may destroy,
disrupt, degrade, or deny access.