2.9 Cyber Wars

The Internet is a public place, and someone innocently shopping on eBay will share the line with major corporations, banks and financial institutions, government organizations, the military, the security forces, criminals, hostile governments, other shoppers and citizens exchanging emails, tweets and a host of other services. Nothing prevents traffic from being lost, scrambled or sent into the wrong hands beyond a relatively simple set of network protocols and auxiliary security measures.

Given that the Internet is used for such a diverse and conflicting range of purposes, it's not surprising that security is now an area of potential conflict. What need is there to launch missiles or blow up buildings when installations can be shut down in seconds and organizations paralyzed by simply breaching their Internet security? What was once a theoretical possibility is now an urgent reality, and attacks thought to originate from China and North Korea suggest that the next war could very well be fought online. All major institutions have suffered security breaches at one time another, and these seem only to become more serious as expertise and money are devoted to their analysis. {1}

Today's threatscape is constantly changing, adapting to countermeasures and continuing to successfully pursue various missions ranging from identity theft, to criminal and nation-based corporate espionage, and, in the case of a worm called Stuxnet, to sabotage. {3}

Today's Reality

Many trends are making Internet security more problematic:

1. Increasing numbers of people are using the Internet.
2. The Internet has become more diffuse (and security porous) with the move from mainframe computers to PCs, mobile devices and smart phones.
3. Hacking tools are becoming more sophisticated: even novices can use them to devastating effect. {2}.
4. Malware is increasing in extent, type and effectiveness.
5. Computer literacy is increasing, and so is peer pressure to 'break into systems for fun'.
6. Distinctions are becoming blurred: teenage hackers, criminal organizations and governments themselves are blending into an amorphous but serious threat to everyone who uses the Internet. {1}

Companies

Companies are increasingly at threat from: {8}

1. Malware, malicious code that can destroy programs and data.
2. Loss of laptop or mobile device: data, even encrypted, can fall into the wrong hands and cause embarrassment, legal proceedings or worse.
3. Phishing: emails purporting to come from trusted organizations can elicit passwords, bank details, etc.
4. Unprotected networks and wireless Internet networks: sensitive information or customer data breaches can be phenomenally expensive.
5. Disgruntled insider/employees: information can be stolen and systems sabotaged.
6. Industrial espionage, not only from Russia and China on the USA, but from the USA on Europe and China. {39}

Security systems need to be installed {9} and rigorous procedures followed.

When companies step into the public arena, however, and upset sectors of public opinion, reprisals pass into cyberwar with security breaches by hackers and denial of service attacks. {10}

Government Organizations

The problems faced by private companies are much increased with government organizations. By their very nature and political associations, such organizations must offend some of their own countrymen and become a target for hostile government attention. {11}

A March 2011 Market Research Media report suggests that the US Federal Cybersecurity market is valued at $55 billion and will grow at about 6.2% p.a. {12}

The market is driven by:

1. Ever-increasing number and severity of cyber attacks.
2. Dramatic expansion in computer interconnectivity.
3. Exponential increase in the data flows and computing power of the government networks.
4. Perception that the United States is dependent on information technology.
5. Developments in the existing cyber security approaches and technologies.
6. Emergence of new technologies and approaches.

The Military

The military envisage cyberwar as a real war, {2} not a shutting down of installations but a cyber attack on such installations prior to war by conventional means. The installations run the command and control systems, manage the logistics, enable the staff planning and operations, and form the backbone of the intelligence capabilities. Most command and control systems, as well as the weapon systems themselves, are connected to the Global Information Grid (GIG) or have embedded computer chips. Airplanes constantly receive and send targeting information. Air Defense and Artillery are guided by computers systems, adjusting their fight to Global Positioning System (GPS) updates to reach their target. Indeed the Intelligence Surveillance and Reconnaissance (ISR) systems gather so much information that the challenge becomes one of sifting through to find the most important data. Today's infantry has communication gear, GPS, tracking devices, cameras, and night vision devices. Computer chips are used throughout, and any production holdups would be serious. Loss of GPS satellites would also critically remove many advantages on the battlefield. {3}

Cyberwar would impact on the very principles of war, namely objective, offensive, mass, economy of force, maneuver, unity of command, security, surprise, and simplicity. {3} Acknowledged probes and attacks on US military installations include:

1. Moonlight Maze: started in 1998 against the Pentagon, National Aeronautics and Space Administration (NASA): possibly originated in Russia.
2. Solar Sunrise: started in 1998: originally thought to be Iraqi but in fact came from 'a couple of kids in California'.
3. Titan Rain: discovered in 2003, against the DoD and Defense Industrial Base: assumed to be at state level.
4. Buckshot Yankee: a 2008 worm attack introduced through thumb drives on DoD networks: thumb drives were discontinued on such networks.

Military installations are subject to the same threats as other systems: malware, denial of service, insider activity, etc. Besides imposing the usual security measures, the US Military is exploring or undertaking:

1. Agreements or understandings with other powers through organizations like Computer Emergency Readiness Teams (CERT), Department of Homeland Security (DHS) and NATO.
2. Cyber arms control, adopting the mutual destruction model that saw the world through the cold war.
3. Cyber treaties under the auspices of the UN.
4. A Cyberspace Policy Review that creates organizational bodies and responsibilities to put practical policies in place.

Similar moves are afoot in Russia, China, India, France, Israel, Brazil, South Korea, and Estonia. {3}

In its turn, China has accused the US of cyberwar tactics against its Internet-search engine Baidu, {26} and of meddling in middle east countries. {27}

Constant Battle

Threats are real and ongoing. Some of the best-known attacks:

2000. Mafaboy shuts down major commercial web sites.
2001. Code Red worm hit, designed to conduct DoS against the White House.
2001. Kournikova virus hit.
2003. Titan Rain: probably from China.
2003. SQL Slammer worm reached its peak in three minutes.
2004. Love Letter email attack hit.
2007. First Cyber Storm Exercise: hackers linked to Russian government bring down the web sites of Estonia's parliament, banks, ministries, newspapers, and broadcasters.
2007. Storm Worm infects thousands of (mostly private) computers in Europe and the United States.
2007. Chinese intrusion into British Security Service, and offices of French Prime Minister and German Chancellor.
2008. Operation Buckshot Yankee caused US military to stop using thumb drives.
2008. Databases of Republican and Democratic presidential campaigns hacked by unknown foreign intruders.
2008. Government and commercial web sites hacked in Georgia. 2009. FAA computer systems hacked.
2009. Ghost Net: espionage tools attributed to China implanted on government networks of 103 countries.
2009. Plans for new presidential helicopter found on file-sharing network in Iran. 2009. Conficker worm infiltrates millions of PCs worldwide.
2009. Hackers download data on the F-35 Joint Strike Fighter.
2010. Operation Aurora: Google hacked by China.
2010. WikiLeaks releases US embassy cables.
2010. Stuxtnet worm attacks SCADA devices. {3}
2011. Coreflood Botnet. {37}

There were more than 300,000 reported attacks on US installations in 2010. {13} China claimed nearly 500,000 attacks at its computers in the same period. {28} Both countries are in fact watching and manipulating the activities of their own citizens. {37-40}

Legislation

One obvious approach is legislation to make cyberattacks a criminal offense: {14}

Virginia Computer Crimes Act: 1984

Felony: to use a computer to commit fraud, to maliciously access a computer without authorization, and to damage, copy, or remove files.
Misdemeanor: to use a computer to examine private files without authorization.

Computer Fraud and Abuse Act (CFAA):1986

Felony: unauthorized access to a Federal computer system with the intent to steal or commit fraud or inflict malicious damage.

Electronic Communications Privacy Act: 1986

Electronic communications are private. Unauthorized access to and disclosure of private communications is unlawful.

Communications Assistance for Law Enforcement Act (CALEA) : 1994

Law enforcement and intelligence agencies can conduct electronic surveillance.

Freedom of Information Act: 1996

Guaranteed access to data held by the state. Nine exemptions apply, including state security, commercially sensitive information, medical records, etc.

National Information Infrastructure Protection Act: 1996

Denial of Service (DoS) attacks illegal.

Gramm-Leach-Bliley Act: 1999

Authorized widespread sharing of personal information by financial institutions such as banks, insurers, and investment companies.

Safety and Freedom through Encryption (SAFE) Act: 2000

Relaxed US export controls on encryption.

Computer Security Enhancement Act: 2000

Hacking into federal government systems is illegal.

Electronic Signatures in Global and National Commerce Act: 2000

Allowed electronic signatures in legal documents.

Patriot Act: 2001

Drastically increased federal police investigatory powers, including the right to intercept email and track Internet usage. {25}

Homeland Security Act: 2002

Centralized federal security functions to meet post-cold war threats and challenges.

Can-Spam Act 2003

Created offenses of spamming, hiding the source of spams and sexually explicit spamming not marked as such.

Intelligence Reform and Terrorism Prevention Act: 2004

Promoted a culture of information sharing among intelligence agencies and federal departments. Set up a five-member Privacy and Civil Liberties Oversight Board to protect privacy and civil liberties.

US Safe Web Act: 2006

Increased FTC's financial redress for spamming, Internet fraud and deception. Improved FTC's cooperation with overseas counterparts. Ensured law enforcement authorities were proactive, with perhaps one in four of hackers now working for the FBI. {17}

Most countries have similar legislation. {18}

Cyber Intelligence Sharing and Protection Act 2012

Internet traffic information can be shared between the U.S. government and certain companies.

New Storage Techniques

A partial solution is new storage techniques, like that of Cleversafe, {19} which splits data into 'slices', and stores each slice at a different geographic location. Somewhat similar are Bitvault, {20} Wuala, {21} and the Tahoe Least-Authority Filesystem. {22} All make it difficult to copy information in one swift operation.

Increased Awareness

Two things are currently needed:

1. Better awareness of cyber attack: its realities and preventive measures.
2. A more open debate on cyber security before an unnecessary 'arms race' is foisted on citizens of western democracies. {29} {30} {34}

Questions

1. Cyberwars belong to science fiction. Discuss.
2. How does the US military regard cyberwar, and why?
3. Outline, with the relevant acts, the legislative approach to its dangers.
4. What practical measures could be taken?

Sources and Further Reading

Need the references and resources for further study? Consider our affordable (US $ 4.95)  pdf ebook. It includes extensive (3,000) references, plus text, tables and illustrations you can copy, and is formatted to provide comfortable sequential reading on screens as small as 7 inches.

   Get your eBook here.