ment, attacking critical infrastructure,
and planting malicious software.
Over the last few years, untold incidents may have fallen into these categories, but proving the legitimacy of
attacks is next to impossible. That’s
because hackers hijack computers all
over the world and use them as part of a
botnet to launch attacks. Tracing back
the Internet protocol address doesn’t
necessarily provide insight into who
actually is launching the attack. In May
2007, for example, Estonia’s government Web sites came under attack—
presumably from Russia—after the
government moved a Soviet war memorial. The wave after wave of DDoS
attacks came from IP addresses all over
the world, though many of them originated from Russian-hosted servers.
In October of the same year, Israel
mounted a sneak air attack against
Syria and destroyed a fledgling nuclear
research center deep inside the coun-
try. Some analysts believe that Israel
avoided detection by hacking radar
and other defense systems in Syria and
perhaps additional countries. After-
ward, Aviation Week magazine report-
ed: “The process involves locating en-
emy emitters with great precision and
then directing data streams into them
that can include false targets and mis-
leading message algorithms.”
When Russian troops invaded the
Republic of Georgia in August 2008
the news media diligently reported the
event and analysts pondered the reper-
cussions. But what wasn’t apparent
to many—at least immediately—was
that the battle wasn’t being fought only
with troops and tanks. Several servers
and Web sites operated by the Geor-
gian government, including the na-
tion’s primary government site, were
rendered useless through a steady bar-
rage of DDoS attacks.
Almost immediately, the Georgian
Ministry of Foreign Affairs issued a
statement via a replacement site built
on a blog-hosting service. It read: A
cyber warfare campaign by Russia is
seriously disrupting many Georgian
websites. Meanwhile, Barack Obama,
then a U.S. presidential candidate,
issued a demand that Russia stop interfering with the Web sites. Analysts
and security experts noted that the attacks—mostly originating in Russia
and Turkey—were linked to the Rus-
“Cyberwarfare is
almost certain to
emerge the next time
two technologically
advanced states fight
a major shooting
war,” says Rain ottis.
sian Business Network, a group with
close ties to Russian gangs and the
government.
Meanwhile, the People’s Republic
of China and the U.S. have reportedly
launched cyberattacks against each
other dating back to the 1990s, though
China has taken a lead in developing
cyberwarfare systems, Saydjari says. For
one thing, the government has adopted
a more secure operating system named
Kylin, which provides hardened protection that is not available with Windows,
Unix, and Linux. China has also funneled capital and expertise into developing cyberwar capabilities, including
enlisting patriotic hacker gangs. “They
have acted slowly, patiently, and strategically,” says Saydjari.
The new Battlefield
Although government-sponsored cyberattacks have so far occurred on a
limited basis, the probability of a major cyberwar erupting over the next
decade seems inevitable. In all likelihood, experts say, a cyberassault would
accompany more traditional forms of
warfare, but it could also serve as a way
to wreak economic harm or destabilize
a nation state without a conventional
battle. As Ottis puts it, “In the end, the
aim of war is usually not to kill your enemy but to impose your will on them.”
Scott Borg, director and chief economist of the nonprofit U.S. Cyber Consequences Unit, located in Norwich, VT,
has stated publicly that cyberattacks
can cause “horrendous damage.” Even
a short-lived Internet failure could
have severe repercussions. The cost of
a flight control system crashing or an
electrical power grid fading to black
Cybersecurity
Isolate
Infected
PCs?
Computers infected
with malware should be
disconnected from the internet
to prevent them from harming
other members of the online
community, scott Charney,
corporate vice president of
trustworthy Computing at
Microsoft, said during his
speech at isse 2010. the
proposed measure would
not only prevent the spread
of malware, but also pose
substantial difficulties for
botnets, Charney noted.
Charney’s speech, along with
a simultaneously published
paper, “Collective defense:
applying public Health Models
to the internet,” urged the it
security community to rethink
its approach to cybersecurity
and adopt quarantine measures
similar to those adopted by the
public-health professionals.
“For a society to be healthy,
its members must be aware
of basic health risks and be
educated on how to avoid
them,” Charney wrote in the
paper. “in the physical world,
there are also international,
national, and local health
systems that identify, track, and
control the spread of disease
including, where necessary,
quarantining people to avoid
the infection of others.”
Meanwhile, the U.s.
government is studying a
number of voluntary ways
to help the public and small
businesses better protect
themselves online. the
possibilities include provisions
in an australian program that
enable customers to receive
alerts from their internet service
providers if their computer
is hijacked via a botnet. U.s.
officials are not advocating
an option in the program that
permits isps to block or limit
internet access by customers
who fail to fix their infected
computers. However, Harris
Corporation’s dale Meyerrose,
vice president of Cyber and
information assurance, warns
that voluntary programs will
be insufficient. “We need to
have things that have more
teeth in them, like standards,”
Meyerrose says.