CYBER OFFENSIVE: Politicians, pundits and security experts disagree as to whether the age of cyber warfare us upon us. That has not stopped countries, including the United States, from making preparations.
Image: COURTESY OF JOHN SOLIE VIA ISTOCKPHOTO.COM
-
The Best Science Writing Online 2012
Showcasing more than fifty of the most provocative, original, and significant online essays from 2011, The Best Science Writing Online 2012 will change the way...
Read More »
There is speculation among some politicians and pundits that the fog of war will soon extend to the Internet, if it has not done so already, given a recent report that the U.S. Department of Defense will introduce its first cyberwarfare doctrine this month, combined with similar announcements from the governments of Australia, China and the U.K. (not to mention Google's ongoing cyber spat with China). Less clear, however, are the rules of engagement—such as what constitutes an act of cyberwar as opposed to the cyberattacks that take place on government computers every day and who, if anyone, should mediate such disputes.
Wars have traditionally been waged between nations or clearly defined groups that officially declare themselves in conflict. This has yet to happen openly on the Internet, although such accusations have been leveled against China, Russia and other nations, says Chris Bronk, an information technology policy research fellow at Rice University's James A. Baker III Institute for Public Policy in Houston and a former U.S. State Department diplomat.
Cyberwarfare is more likely to reflect the wars fought against shadowy terrorist networks such as al-Qaeda as opposed to conflicts between uniformed national military forces. "One thing about war is that, historically, the lines have been drawn and there is an understanding of who the enemy is," says David M. Nicol, director of the Information Trust Institute at the University of Illinois at Urbana-Champaign. "When a cyberattack occurs against a sovereign state, who do you declare war on?"
The Defense Department is expected to clarify at least some of these gray areas when it releases its cyberwarfare doctrine, the Wall Street Journal reported last month. This would not be the Pentagon's first foray into managing cyberwar. The U.S. Strategic Command's U.S. Cyber Command (USCYBERCOM) division has been operational since October and is designed to centralize the administration of cyberspace operations, organize existing cyber resources and synchronize defense of U.S. military networks. What is missing is a clear set of publicly declared rules under which USCYBERCOM will operate, Bronk says, adding, "We can't say there is a cyber command and then not have rules of the road like you do for other areas of military conduct."
Other countries seem to be following suit. The U.K. is developing a cyberweapons program that will give ministers an attacking capability to help counter growing threats to national security from cyberspace, the Guardian reported last month. Australia is also on record as saying it will create the country's first national cybersecurity strategy to confront the growing threat posed by electronic espionage, theft and state-sponsored cyberattack, the Sydney Morning Herald recently reported. Not to be left out, China has also set up a specialized online "Blue Army" unit that it claims will protect the People's Liberation Army from outside attacks, according to News Track India.
The inability of governments, or any other cybersecurity experts for that matter, to pinpoint the origin of cyberattacks is problematic and boils down to an intelligence problem, Nicol says. "Right now, with the infrastructure that we have it's very difficult using purely technological means to trace the source of some kind of attack," he adds. "You can't just look at the connection between one computer and another because cyberattackers use multiple levels of cutout servers that make it difficult to determine where data is being sent. These computers that do the cutoffs are in foreign countries so there's little recourse in terms of requesting log files from those computers."
See what we're tweeting about
4 Comments
Add CommentI basically agree with the views somebody expressed here (http://www.whitehousevoice.com/Kazmarek/Proposals/Security-Communities-Program-States-vs-Government-1133) saying it was much more realistic to develop a policy to counter non-state actors attacks than to focus on the response to frontal attacks from other countries. I agree its a priority to update and develop strategy against cyber-attacks, but do it according to the real threats today. What are the threats today? Well, lets see, we have Wikileaks, Anonymous and so on. Are they backed by another country? Maybe. Is there enough evidence to call that country out and declare it an "act of war"? No, and i don´t think any country will be foolish enough to leave their tracks.....
Reply | Report Abuse | Link to thisWITH REGARDS TO THE CYBERWARS WHOSE ARSENAL IS BEING PREPARED IN EVERY BIG NATION WE NEED TO CONSIDER A MAJOR POINT WHICH IS HIGHLIGHTED IN THE PARA THAT IT IS PRACTICALLY VERY DIFFICULT TO TRACK THE POINT OF ATTACK AS VARIOUS IPS ARE BEING USED AS COVER.SO, PRIOR TO PREPARING FOR THE CYBERATTACK ONE NEEDS TO SEE IF ONE CAN OUTTHINK THE CYBERCRIMINALS.
Reply | Report Abuse | Link to thisThe real danger about preparing for state-sponsored cyber war is in not being ready. Once a state-actor wishes to launch an attack, it is woefully too late to act.
Reply | Report Abuse | Link to thisPearl Harbor anyone? 9/11?
It's vigilance or death. Your choice. Enjoy your peace and tranquility and someday; "I'm sorry Dave, I can't do that."
A network guy once put it quite simply to me: "cut the cable to the ip address the attack is coming from". I have no idea how feasible that is but it would obviously work.
Reply | Report Abuse | Link to this