Risk
10/12/2009
11:49 AM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Cyberwar Readiness Recast As Low Priority

Preparedness for cyberwar should have a place in U.S. defense planning, but resources are better spent on bolstering potentially vulnerable infrastructure, according to think tank RAND.

The U.S. government should not make cyberwarfare a priority investment area, according to a report from public policy think tank RAND Corp.

The report, which was underwritten by the Air Force, recommends that the government focus instead on shoring up defenses of critical infrastructure like the nation's telecommunications networks, banking systems, and power grid that may be vulnerable to cyber attack.

"Operational cyber war has an important niche role, but only that," the report states.

At best, cyberwarfare operations "can confuse and frustrate operators of military systems, and then only temporarily," the report notes. "The salient characteristics of cyberattacks--temporary effects and the way attacks impel countermeasures--suggest that they be used sparingly and precisely. Attempting a cyberattack in the hopes that success will facilitate a combat operation may be prudent; betting the operation's success on a particular set of results may not be."

The report contends that unlike regular warfare, which aims to break down enemy defenses and morale to get the other side to give in, countries often respond to cyber attacks by hardening their defenses and making them less vulnerable to future attacks. "Casualties are the chief source of the kind of war-weariness that causes nations to sue for peace when still capable of defending themselves--but no one has yet died in a cyber attack," the report says.

Further, cyber attacks often have ambiguous sources that make them difficult to retaliate against or could create new enemies if a source is misidentified. And they only temporarily disarm enemies, since computer equipment can easily be replaced.

The report warns that "non-state actors" could jump into the fray. However, it bases few of its conclusions on such scenarios, even though individuals or loose-knit groups tend to be the more obvious ongoing threat on the Internet.

Despite warnings that cyberwar may have a limited role, the report notes that some investment is appropriate.

"Operational cyberwar has the potential to contribute to warfare -- how much is unknown and, to a large extent, unknowable," it says. "Because a devastating cyber attack may facilitate or amplify physical operations and because an operational cyberwar capability is relatively inexpensive, it is worth developing."

The Air Force created a dedicated cyber command earlier this year, which became operational in August. That force includes about 6,000 active duty personnel and is expected to have an annual budget exceeding $5 billion.

Read InformationWeek's first-ever analysis of top CIOs in federal, state, and local government, and how they're embracing new expectations. Download the report here (registration required).

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2382
Published: 2014-11-20
The DfDiskLo.sys driver in Faronics Deep Freeze Standard and Enterprise 8.10 and earlier allows local administrators to cause a denial of service (crash) and execute arbitrary code via a crafted IOCTL request that writes to arbitrary memory locations, related to the IofCallDriver function.

CVE-2014-3625
Published: 2014-11-20
Directory traversal vulnerability in Pivitol Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.

CVE-2014-8387
Published: 2014-11-20
cgi/utility.cgi in Advantech EKI-6340 2.05 Wi-Fi Mesh Access Point allows remote authenticated users to execute arbitrary commands via shell metacharacters in the pinghost parameter to ping.cgi.

CVE-2014-8493
Published: 2014-11-20
ZTE ZXHN H108L with firmware 4.0.0d_ZRQ_GR4 allows remote attackers to modify the CWMP configuration via a crafted request to Forms/access_cwmp_1.

CVE-2014-8767
Published: 2014-11-20
Integer underflow in the olsr_print function in tcpdump 3.9.6 through 4.6.2, when in verbose mode, allows remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR frame.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?