NEW: Follow the Editorial Staff on
StrategyPage Twitter Link

GROUND COMBAT +

AIR COMBAT +

NAVAL OPERATIONS +

SPECIAL OPERATIONS +

HUMAN FACTORS +

SPECIAL WEAPONS +

WARFARE BY THE NUMBERS +

LOGISTICS +

TOOLS +


Visit StrategyPage's US Cavalry Store
Information Warfare Article Index : Current 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009
 Latest
 News 		  Most
 Read 		  Most
 Commented		  Hot
 Topics

Waiting For Cybergeddon

January 22, 2009: In the United States, the FBI (which is responsible for detecting and investigating Internet based crime) is warning that America is becoming ever more vulnerable to "cybergeddon" (a massive attack via the Internet that would cripple the economy, government and military.) The FBI admits that it has a hard time getting more money for their Internet security efforts. And reason is because the threat is largely invisible. A picture of a nuclear bomb going off, or of enemy tanks and warships ready to attack, makes a much more effective impression on the politicians who dole out the money.

The FBI also wants to get the Department of Defense Internet defense operations more involved in national level defense against network based attacks. But the four services have a hard time agreeing to coordinate their efforts to defend military use of the Internet when under massive hacker attack. Thus the FBI plea for help sort of falls on distracted ears.

There hasn't been a proper, all-out Cyber War yet. There have been lots of skirmishes, but nothing approaching what an all out battle, via the Internet, would be. What would the first Cyber War be like? Let's be blunt, no one really knows. But based on the cyber weapons that are known to exist, and the ones that are theoretically possible, one can come up with a rough idea.

First, there are three kinds of Cyber War possible. Right now, we have limited stealth operations (LSO), as Chinese, Russian, and others, use Cyber War techniques to support espionage efforts. China is the biggest practitioner, or at least they have been caught most often.

Next comes Cyber War only (CWO). This is open use of a full range of Cyber War weapons. No one has done this yet, but it's potentially less dangerous than firing missiles and unleashing tank divisions. It is believed that Russia indulged in this in 2007, when Estonia infuriated the Russians by moving a World War II statute memorializing the Soviet "liberation" of Estonia (which didn't want to be liberated by the Soviet Union.) Russia denied responsibility for the massive Cyber War assaults on Estonia, which nearly shut down the nations Internet infrastructure. Estonia accused Russia of being responsible, and tried to invoke the NATO mutual-defense pact. NATO Cyber War experts went to Estonia, and shortly thereafter the attacks stopped. Apparently Russia got the message that this sort of thing could escalate in something more conventional, and deadly.

Then we have Cyber War in support of a conventional war. Technically, we have had this sort of thing for decades. It has been called "electronic warfare" and has been around since World War II. But the development of the Internet into a major part of the planets commercial infrastructure, takes "electronic warfare" to a whole other level. Cyber War goes after strategic targets, not just the electronic weapons and communications of the combat forces.

A successful Cyber War depends on two things; means and vulnerability. The "means" are the people, tools and cyberweapons available to the attacker. The vulnerability is the extent to which the enemy economy and military use the Internet and networks in general. We don't know who has what Cyber War capabilities exactly, although China and the U.S. have openly organized Cyber War units, and both nations have lots of skilled Internet experts.

Vulnerability is another matter. The United States is the most exposed to Cyber War attack because, as a nation, we use the Internet more than any other country. That's the bad news. The good news is that if an attacker ever tried to launch a Cyber War by assaulting the U.S., it could backfire. This risk has to be kept in mind when considering what a Cyber War might do. Recall military history. The Pearl Harbor attack in 1941 actually backfired on the Japanese, by enraging Americans and unleashing a bloodthirsty response that left Japan in ruins. The lesson of the original Pearl Harbor is, if you're going to hit someone this way, better make it count. If your opponent is bigger than you, and gets back up, you could be in some serious trouble.

The big problem with Cyber War is that there has not been a lot of experience with it. Without that, no one is really sure what will happen when someone attempts to use it at maximum strength. But unlike nuclear weapons, there is far less inhibition about going all-out with Cyber War weapons. That is the biggest danger. Cyber War is a weapon of growing might, and little restraint by those who wield it. Things are going to get a lot worse.

 
submit to reddit
Send Link to a Friend
Next Article MURPHY'S LAW: The Terrorist Supermarket In Pakistan


Email Me When A New Comment Is Made
Show Only Poster Name and Title     Sort in Reverse Order Posted
Gerry       1/22/2009 8:02:30 PM
 
LOL, I think most high schoolers and college students would become absolutely enraged should their internet be made unavailabe. They would join the military in droves to fight the disrupters of their lifestyle. (me too, but I'm too old)
 
Quote    Reply

lurker       1/23/2009 7:31:57 PM
hell, you'd probably get 3/5 people learning how to hack and the development of vigilante hacking groups in the US. I wouldn't be surprised if the military set up a seperate branch dedicated to cyberspace. Where those who want to do their part, but are unfit for military service, can learn to hack etc. Only bad thing is that then you'd see the rise of groups such as anonymous.  Actually, they might possibly become a cyberforce for the free world...(on second thought no, just no way they can).
 
Quote    Reply

warpig    SCADA   4/9/2009 6:46:37 PM
SCADA is the new target set in Total War
 
--------------------------------------------------------
 

APRIL 8, 2009

Electricity Grid in U.S. Penetrated by Spies By SIOBHAN GORMAN

Associated Press

Robert Moran monitors an electric grid in Dallas. Such infrastructure grids across the country are vulnerable to cyberattacks.

WASHINGTON -- Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials.

The spies came from China, Russia and other countries, these officials said, and were believed to be on a mission to navigate the U.S. electrical system and its controls. The intruders haven't sought to damage the power grid or other key infrastructure, but officials warned they could try during a crisis or war.

"The Chinese have attempted to map our infrastructure, such as the electrical grid," said a senior intelligence official. "So have the Russians."

The espionage appeared pervasive across the U.S. and doesn't target a particular company or region, said a former Department of Homeland Security official. "There are intrusions, and they are growing," the former official said, referring to electrical systems. "There were a lot last year."

Discuss

a.. How worried are you that a cyberattack could damage U.S. infrastructure?

Many of the intrusions were detected not by the companies in charge of the infrastructure but by U.S. intelligence agencies, officials said. Intelligence officials worry about cyber attackers taking control of electrical facilities, a nuclear power plant or financial networks via the Internet.

Authorities investigating the intrusions have found software tools left behind that could be used to destroy infrastructure components, the senior intelligence official said. He added, "If we go to war with them, they will try to turn them on."

Officials said water, sewage and other infrastructure systems also were at risk.

"Over the past several years, we have seen cyberattacks against critical infrastructures abroad, and many of our own infrastructures are as vulnerable as their foreign counterparts, " Director of National Intelligence Dennis Blair recently told lawmakers. "A number of nations, including Russia and China, can disrupt elements of the U.S. information infrastructure."

Officials cautioned that the motivation of the cyberspies wasn't well understood, and they don't see an immediate danger. China, for example, has little incentive to disrupt the U.S. economy because it relies on American consumers and holds U.S. government debt.

But protecting the electrical grid and other infrastructure is a key part of the Obama administration's cybersecurity review, which is to be completed next week. Under the Bush administration, Congress approved $17 billion in secret funds to protect government networks, according to people familiar with the budget. The Obama administration is weighing whether to expand the program to address vulnerabilities in private computer networks, which would cost billions of dollars more. A senior Pentagon official said Tuesday the Pentagon has spent $100 million in the past six months repairing cyber damage.

Overseas examples show the potential havoc. In 2000, a disgruntled employee rigged a computerized control system at a water-treatment plant in Australia, releasing more than 200,000 gallons of sewage into parks, rivers and the grounds of a Hyatt hotel.

Last year, a senior Central Intelligence Agency official, Tom Donohue, told a meeting of utility company representatives in New Orleans that a cyberattack had taken out power equipment in multiple regions outside the U.S. The outage was followed with extortion demands, he said.

The U.S. electrical grid comprises three separate electric networks, covering the East, the West and Texas. Each includes many thousands of miles of transmission lines, power plants and substations. The flow of power is controlled by local utilities or regional transmission organizations. The growing reliance of utilities on Internet-based communication has increased the vulnerability of control systems to spies and hackers, according to government reports.

 

The sophistication of the U.S. intrusions -- which extend beyond electric to other key infrastructure systems -- suggests that China and Russia are mainly responsible, according to intelligence officials and cybersecurity specialists. While terrorist groups could develop the ability to penetrate U.S. infrastructure, they don't appear to have yet mounted attacks, these officials say.

It is nearly impossible to know whether or not an attack is government-sponsored because of the difficulty in tracking true identities in cyberspace. U.S. officials said investigators have followed electronic trails of stolen data to China and Russia.

Russian and Chinese officials have denied any wrongdoing. "These are pure speculations," said Yevgeniy Khorishko, a spokesman at the Russian Embassy. "Russia has nothing to do with the cyberattacks on the U.S. infrastructure, or on any infrastructure in any other country in the world."

A spokesman for the Chinese Embassy in Washington, Wang Baodong, said the Chinese government "resolutely oppose[s] any crime, including hacking, that destroys the Internet or computer network" and has laws barring the practice. China was ready to cooperate with other countries to counter such attacks, he said, and added that "some people overseas with Cold War mentality are indulged in fabricating the sheer lies of the so-called cyberspies in China."

Utilities are reluctant to speak about the dangers. "Much of what we've done, we can't talk about," said Ray Dotter, a spokesman at PJM Interconnection LLC, which coordinates the movement of wholesale electricity in 13 states and the District of Columbia. He said the organization has beefed up its security, in conformance with federal standards.

In January 2008, the Federal Energy Regulatory Commission approved new protection measures that required improvements in the security of computer servers and better plans for handling attacks.

Last week, Senate Democrats introduced a proposal that would require all critical infrastructure companies to meet new cybersecurity standards and grant the president emergency powers over control of the grid systems and other infrastructure.

Specialists at the U.S. Cyber Consequences Unit, a nonprofit research institute, said attack programs search for openings in a network, much as a thief tests locks on doors. Once inside, these programs and their human controllers can acquire the same access and powers as a systems administrator.

NERC Letter

The North American Electric Reliability Corporation on Tuesday warned its members that not all of them appear to be adhering to cybersecuirty requirements. Read the letter.

The White House review of cybersecurity programs is studying ways to shield the electrical grid from such attacks, said James Lewis, who directed a study for the Center for Strategic and International Studies and has met with White House reviewers.

The reliability of the grid is ultimately the responsibility of the North American Electric Reliability Corp., an independent standards-setting organization overseen by the Federal Energy Regulatory Commission.

The NERC set standards last year requiring companies to designate "critical cyber assets." Companies, for example, must check the backgrounds of employees and install firewalls to separate administrative networks from those that control electricity flow. The group will begin auditing compliance in July.

-Rebecca Smith contributed to this article.

Write to Siobhan Gorman at siobhan.gorman@wsj.com

 
 
Quote    Reply





New Strategy - Wargames at Discount Prices
1.Modern Air Power: War Over the Middle East
2.Commander: Napoleon at War
3.Close Combat: Watch am Rhein
4.Gallic Wars
5.Fast Action Battle: The Bulge

100+ Computer and Board games all with free shipping.
 
 
 

StrategyWorld.com© 1998 - 2009StrategyWorld.com. All rights Reserved. StrategyWorld.com, StrategyPage.com, FYEO, For Your Eyes Only and Al Nofi's CIC are all trademarks of StrategyWorld.com Privacy Policy