Posted on | February 14, 2011 | No Comments
Why is the new computer security buzzword CyberWar?
For starters, the term is two inaccurate descriptors: Cyber has a mechanical root, referring to controls and robotics. And War, while an apt word to describe the attack on one country by another, doesn’t apply; the first assault in such a “war” will also be the last. The more accurate term would be National Network Intrusion, and there won’t be a multi-year battle between continents. There will be an attack, and then there will be a response. And that will be all.
If there ever were a true attack by one country on another using the Internet, there will be a trail. They might make a token attempt to muddle it or bounce it through other municipalities, but they will never hide the conduit they’ll have to carve in order to make any signifigant damage to a nation’s infrastructure. Realistically, right afterwards a whoooole lot of bombers, aircraft carriers, and other sharp spear-like assets will respond in kind on the offenders.
But let us say for a moment two imperiums would like to go after each other using the Internet. Say one country was mad at the U.S. over some economic sanctions and wanted to teach them a lesson, appropriately by crashing and erasing some servers in the Commerce Department. They swoop in and launch a Zero Day exploit, very effective against the older machines the government tends to use. Through this they attack the servers and wipe them completely of records, operating systems, and overwriting their hard-drives to the brim with garbage code making recovery nearly impossible.
What does the United States do?
Barring bombers, bullets and battleships, what would the United State’s equally Internetworked response be?
Well the Commerce Department is a critical part of the US Government’s financial infrastructure. Attacking and damaging it would interrupt not only the America’s ability to trade but have a chain reaction that would easily effect hundreds of countries. That assault would be seen as an Act of War, and a traditionally American response would be to eliminate the attacker’s ability to wage war.
To start, they could use the Internet Corporation for Assigned Names and Numbers to disconnect all access to their websites. Before the RIAA started pulling the plug on website domains it accused of trading copyrighted materials, the Internet Corporation for Assigned Names and Numbers was a largely unknown organization. But in November of 2010 it suddenly became obvious that websites could be “kicked” off the Web simply by redirecting their domain names, i.e. www.badcountrysgovernment.bc, to a page that says “This country is at war with the United States. Don’t get caught in the crossfire.”
Then of course there’s the option of directly attacking the country’s utility infrastructure. The Stuxnet worm, a program specifically designed to attack the control system’s of their Bushehr Nuclear Power Plant. It was custom-made to use exploits in Windows and the industrial automation systems of the plant. The worm managed to delay the activation of the plant, preventing any possibility of it producing weapons-grade nuclear material. However, this virus was designed to disable the specific configuration of the plant’s electronics. If those parameters hadn’t been added, it’s possible the infection could have affected all the industrial controls in the entire country. It would then become a Weapon of Mass Destruction to use against a country.
Or perhaps a good ol’ fashioned propaganda campaign? When parts of Georgia wanted to break away (the country, not the state), Russia supported their efforts and there was an attack on the president’s website. President Mikheil Saakashvili’s site was hacked to show a collage of photos comparing him to Adolf Hitler. The public sites of Georgia’s central government, the Ministry of Foreign Affairs and Ministry of Defense were all cracked and put under the control of foreigners just before the real war started. Silencing the voice of your enemy is always a good idea when you want to win international support.
But you have to wonder, who’s going to be orchestrating this new form of warfare for the United States? There are several military centers, for instance the Air Force Network Operations Center. While their capabilities are shrouded in mystery, no doubt they have the ability to detect and trace foreign intrusions like the Iranian and Georgian attacks. As far as offense their actions are more oriented towards a tell-the-President-and-wait-for-cruise-missiles-to-launch approach.
A true “CyberWarfare” response wouldn’t come from the United States military, it’s simply not in their charter. The use networks for communication, not as a medium for fighting. The real cyberwarriors always have been and always will be the Hacker.
I use the term Hacker in it’s strictest sense, those that hack together code and innovate using computers and programming (malicious intruders into banks and highschool grade databases will continue to be called Crackers).
They are the highschool nerds, the underclass underclassmen that operate under the radar. While the football hero military-type will punch your lights out and give you a few love taps to the kidneys, the wronged Hacker will ruin your future creditline, post your personal e-mails on Reddit, and send your mother the porn history from your web browser.
If the same were to happen on an international scale, in addition to a B-52 flight bombing your country back into the Stone Age (Bronze Age, minimum), Hackers can go in before the attacks and undermine your communications networks, destroy your industrial capacity, and smear the reputations of your government, military, and leaders. Perhaps they would even pull out all the stops and attack that state’s banking system, much like a never used plan concocted by the Bush administration before the 2003 invasion of Iraq.
The demeanor of the Hacker is important to consider; these are the individuals who lashed out at major financial institutions as easily as watching a video on Hulu. Making a country hurt, and with government sanction for a change, would be fun!
While CyberWar is possible and some nation might decide to try practicing it against the USA, the reprisal from our military power would make such a move devastatingly dangerous. And even if our armed forces were preoccupied elsewhere, the citizen soldier army of Hackers would prove themselves more than equal to the task of making that country very sorry they ever heard of The Internet.