By Larry Greenemeier & Sharon Gaudin
Jun 2, 2007
Cyberwarfare: What will it look like, how will we defend against it?
Those questions have taken on new urgency, as the possibility becomes
more real. Recently, the Baltic nation of Estonia suffered several weeks
of distributed denial-of-service attacks against both government and
private-sector Web sites. And late last month, a report from the
Department of Defense said the People's Liberation Army of China is
building up its cyberwarfare capabilities, even creating malware that
could be used against enemy computer systems in first-strike attacks.
To date, there have been no proven, documented cases of one nation
attacking another via cyberspace. Yet cyberwarfare is a chilling
prospect that's treated among most nations with much the same reverence
as Cold War players treated the idea of nuclear winter, mainly because
of the potential large-scale economic disruption that would follow, says
Howard Schmidt, a former White House cybersecurity adviser and former
chief security officer at eBay and Microsoft. This would include
shortages of supplies that could affect both citizens and the military,
The cyberattacks against Estonia primarily targeted the government,
banking, media, and police sites, and they "affected the functioning of
the rest of the network infrastructure in Estonia," the European Network
and Information Security Agency, or ENISA, reported on its Web site. As
a result, targeted sites were inaccessible outside of Estonia for
extended periods in order to ride out the attacks and to try and
maintain services within the country.
Distributed denial-of-service attacks are particularly difficult to
prevent and require a lot of coordination to contain the damage when
multiple sites are hit. In order to weather the 128 strikes launched
against its cyberinfrastructure, Estonia sought help from not only its
Computer Emergency Readiness Team, established late last year, but also
the Trans-European Research and Education Networking Association and
Computer Emergency Readiness Teams in other countries, including Finland
and Germany, according to ENISA.
LET'S GET ALONG
A major hurdle that nations face in defending their critical
infrastructures is working with the entities that control
telecommunications networks, electrical grids, and transportation
systems. This is a significant issue in the United States, given that
the private sector owns more than 85% of the critical infrastructure.
Communication and cooperation between government officials and
private-sector critical infrastructure owners is essential because the
military is more knowledgeable and better prepared to respond to a
cyberattack. "When it comes to information warfare, corporations in
general are no match for a trained intelligence officer," says David
Drab, a 27-year veteran of the FBI who retired in 2002 and is now
principal for information content security with Xerox Global Services.
These officers have an objective, they have resources, and often they
have the element of surprise on their side, he says. Businesses are
ill-prepared to handle these types of attacks.
The Defense Department's annual report to Congress on China's military
strategy says China is building up "tactics and measures" to protect
friendly computer systems and networks. "The People's Liberation Army is
pursuing comprehensive transformation from a mass army designed for
protracted wars of attrition on its territory to one capable of fighting
and winning short-duration, high-intensity conflicts against high-tech
adversaries," according to the report. China refers to that as "local
wars under conditions of informatization," the report says.
But China isn't just developing a defensive cyberwarfare plan. The
People's Liberation Army sees exploiting computer network operations as
critical to achieving "electromagnetic dominance" early in a conflict,
says the report. And China is focused on being able to disrupt
battlefield information systems.
Still, Schmidt says, there are ways to mitigate the prospect of
cyberwarfare. One is for nations to work with their critical
infrastructure owners to bolster security preparedness. This includes
ensuring that software patches are up to date and that access-control
systems--biometric or otherwise--are in place to protect IT
infrastructures from intruders and malicious insiders. Schmidt's other
proposal is less technical and more diplomatic: "Create treaties among
countries that agree to not do this to each other."
Attend Black Hat USA, July 28-August 2 in Las Vegas,
the world's premier technical event for ICT security
experts. Featuring 30 hands-on training courses and
90 Briefings presentations with lots of new content
and new tools. Network with 4,000 delegates from
70 nations. Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on
June 1 so register today. http://www.blackhat.com