Web Concepts

Posts Tagged ‘cyber warfare’

It’s even getting a cool name: the “Cyber Red Team.” But the urgency that name implies might not carry over to the force’s actual functions. For the most part, it sounds like the Red Team would simulate threats to manage readiness and response, probe networks for potential security vulnerabilities, assess the damage of cyber attacks against member states, and carry out the occasional denial of service attack.

In other words, it sounds like Cyber Team Red will be a fast reactive force rather than a proactive force meting out cyber punishment to nations that step out of cyber-line. Still, given the difficulty in identifying and prosecuting cyber crimes across international borders, such an international cyber force could go a long way toward enforcing international law/agreements and protecting states that don’t have the resources to mount their own cyber defenses.

[PhysOrg]

This list has actually existed for several months and has been accepted by other agencies like the CIA, and joins the battery of other approved weaponry the DoD can deploy under certain circumstances. But as with the Pentagon’s other tools of war, those capabilities come with restrictions.

One senior official told the Post that placing cyber weapons in the arsenal right next to cruise missiles, airstrikes, and M-16s is “perhaps the most significant operational development in military cyber-doctrine in years.” Indeed, it brings clarity to an otherwise murky area of international military relations where the rules of engagement are somewhat opaque. And, perhaps most notably, it establishes the chain of command.

For instance, it specifies when a cyber attack requires presidential authorization and when it does not. For instance, if the military wishes to plant a virus in a foreign nation’s networks that can be activated later, it needs a presidential nod. But a variety of other activities, including spying on other nations’ cyber capabilities or leaving “beacons” behind to mark vulnerable sites in foreign systems, need no approval from the Commander in Chief.

But the situation is still far from crystal clear. The rules change when the U.S. is engaged in a state of hostilities versus a state of peace with the intended target (outside of a zone of hostility, presidential approval is almost always required). During wartime, a president can pre-authorize commanders to use a range of tools so that they can remain nimble on the ground. And, as in physical warfare, there are a range of mission-specific variables, like collateral damage and potential civilian casualties, that have to be weighed. Says the Post:

Under the new framework, the use of a weapon such as Stuxnet could occur only if the president granted approval, even if it were used during a state of hostilities, military officials said. The use of any cyber-weapon would have to be proportional to the threat, not inflict undue collateral damage and avoid civilian casualties.

Stuxnet is a prime example of the real challenge the Pentagon faces here. The Stuxnet worm is largely thought to have been designed specifically to disable Iranian nuclear technologies. It is also thought to have been created by the United States or Israel. But once loose in cyberspace, the worm did not discriminate, affecting systems in several nations around the world, including the United States.

Therein lies the real cyber warfare challenge. Traditional battlefields are confined to a physical space, and while the repercussions of what happens there can quickly reverberate around the world, the raw physical impact is limited in scope. In cyber warfare, the battlefield is always global, reaching everywhere all the time, and it’s here the Pentagon must aggressively limit the law of unintended consequences.

[Washington Post]

The question now is: what constitutes a cyber attack from a foreign land? Pinning the blame for digital skullduggery on a foreign government (or anyone else for that matter) is often difficult to do with any degree of certainty. The Pentagon is of the opinion that the largest and most sophisticated attacks require state resources, and as such leave a fingerprint of government complicity if not outright support.

But the idea that conventional forces might be launched in retaliation for a cyber attack also conjures thoughts of Bond villian-esque plots to thrust the world into chaos. Could some teenager in Estonia with a knack for coding unwittingly (or wittingly) provoke an armed conflict? And even if a cyber attack was unquestioningly perpetrated on behalf of a foreign state, how does one weigh the appropriate military response?

These are the tough questions that will have to be hashed out in coming months and years as cyber warfare takes a place next to conventional might on the global battlefield. We’ll learn more about the DoD’s philosophy here when the unclassified portion of the document is released, but we do know that the document will push for an international doctrine among America’s allies that dictates appropriate responses to cyber threats.

One popular idea is a doctrine of “equivalence.” If a cyber attack produces death, damage, or some kind of economic or commercial disruption equivalent to what might be wrought by a military attack, it could be considered an act of war and a candidate for military retaliation. As one military official told the WSJ: “If you shut down our power grid, maybe we will put a missile down one of your smokestacks.”

It sounds a bit subjective, but so these things go. The current international system of meting out retaliation and justifying military action is based on a patchwork system of international treaties, some dating back decades, as well as a code of (somewhat)mutually agreed upon international practices and methods. The DoD is heading into uncharted territory from an international framework standpoint, as nothing exists in these earlier treaties and agreements that applies to the digital perils of the 21st century.

That leaves a lot of room for uncertainty, but what is absolutely certain is the role cyber warfare will play in global conflicts going forward. The British Ministry of Defense announced just this week that it is placing cyber attacks on equal standing with other military conflicts, and that “cyber troops” will deploy with conventional forces in the field and elsewhere to defend critical networks. In that sense, the age of the true cyber warrior is just getting underway.

[Wall Street Journal, BBC]

NASA, DOD, Senate traffic re-routed through Chinese servers last spring, study finds

We don’t yet know what this means — the U.S.-China Economic and Security Review Commission, which released report on the incident today, says it is unclear whether it was intentional or just an accident — but at the very least, it’s one more piece of disturbing evidence showing the U.S. is vulnerable to cyberattack.

The hijacking was reported when it first happened, but this is the first acknowledgement that American government sites were affected. Along with the military and organizations like NASA and NOAA, the redirect affected commercial websites like Dell, Yahoo, Microsoft and IBM, according to ABC News, which broke the story this morning.

It’s not clear what happened to the data once it was rerouted through China Telecom, which is denying any hijack of Internet traffic. It could have been a pure technical error that “advertised erroneous network traffic routes that instructed U.S. and other foreign Internet traffic to travel through Chinese servers,” as the report puts it.

Whether or not this was an innocent mistake, it’s clear the capability to reroute huge streams of data could enable malicious activities. Given Chinese entities’ Internet history, this is not good news. Remember last January’s attack on Google, intended to get human rights activists’ e-mail addresses?

From the report: “This level of access could enable surveillance of specific users or sites. It could disrupt a data transaction and prevent a user from establishing a connection with a site. It could even allow a diversion of data to somewhere that the user did not intend.”

Government officials are claiming their traffic was encrypted. so they have nothing to fear. But when members of Congress are “100 percent certain” the U.S. will suffer a cyberattack, incidents like this should sound the alarm.

And the culprit is likely a nation-state

Researchers studying the worm say it was built by an advanced attacker with plentiful resources — possibly a nation-state. Initially, experts thought it was designed for industrial espionage, but upon examining its code, they now think it was built for sabotage.

Ralph Langner, an expert on industrial systems security, has been studying Stuxnet since it was first discovered at a Belarus-based security firm in June. In a blog post last week, he said the worm was most likely assembled by a team of experts with heavy insider knowledge: “This is not some hacker sitting in the basement of his parents’ house. To me, it seems that the resources needed to stage this attack point to a nation state,” he wrote.

He speculates that the target is Iran’s Bushehr reactor, currently under construction. To reach this conclusion, he partly relied upon a UPI picture of the reactor’s operations plant, showing Siemens PLC software.

Stuxnet has targeted Siemens-operated industrial facilities like power plants and chemical factories. It has spread via USB flash drives and through copying itself to new networks protected by weak passwords, according to a news release from Norman ASA, a network security firm.

As PCWorld explains, once Stuxnet identifies a target, it changes a specific piece of Siemens code that monitors critical operations — “things that need a response within 100 milliseconds.” By changing this crucial piece of code, Stuxnet could cause equipment to malfunction, sabotaging a refinery or factory.

So far, no one has ventured to guess which nation might have built Stuxnet. But PCWorld recalled speculation from last summer that Israeli officials were contemplating a cyber attack on Iran.

Langner wrote that whoever built the worm is going to get caught, because cyber-forensics will eventually smoke them out. They must not care about going to jail, he wrote.

If they represent a nation-state, there might be much bigger things to worry about — could Stuxnet represent an opening salvo in a cyber war?

Alexander is testifying before Congress as part of his confirmation as the new head of US Cyber Command. In that position, he will oversee the protection of the US data infrastructure. In his answers to questions from Congressmen before tomorrow's in-person testimony, Alexander said that the US has responded to threats against the country in cyberspace, but declined to get into specifics. He also added that while military law doesn't specifically authorize a country to retaliate with a cyber-attack, the law implicitly condones the use of retaliatory cyberwar.

In general, Alexander's testimony reflected a policy that treats a computer the same as a rifle in a military context. For him, it's a weapon, and faces the same deterrent, legal, technical issues as a fighter plane, nuclear bomb, or sharpened stick. However, it should be noted that Alexander also gave extensive classified testimony that no doubt went into more specific detail about the US's cyber-deterrence and offensive capabilities.

Still, what Alexander did reveal is mostly new information for the general public, and with live questioning set to begin tomorrow, we should end this week knowing far more about US cyber policy than we began it.

[Associated Press]