Risk
1/17/2013
04:25 PM
Connect Directly
RSS
E-Mail
50%
50%

Uncertain State Of Cyber War

Just what does "cyber warfare" mean? We're still figuring out tactics and capabilities.

Military agencies worldwide are right in the middle of figuring out the tactics and capabilities that will be critical in any future cyber war. So far, any conflicts are playing out behind the scenes, with only the rare accusation or public request for technology giving a glimpse into what offensive attacks between countries might look like.

Even what counts as "cyber warfare" remains an open question. Many cite as the first-known example of such operations the distributed denial-of-service (DDoS) takedowns and hijacking of government and business websites in the country of Georgia in 2008, at the same time as Russian military operations on the ground.

But there's scant proof that the Russian government launched or sponsored online attacks against Georgia, according to many security experts, including Robert David Graham, CEO of Errata Security. "There's no evidence the cyber attacks were by the Russian government, or that they were anything more than normal 'citizen hacktivism,'" he said in a blog post. It's notable that this supposed first-ever cyber war served no clear military purpose. Attackers compromised informational government websites, not critical infrastructure systems or military networks.

To be fair, even the would-be practitioners of cyber warfare -- namely, the U.S. military -- are themselves soliciting input on what offensive computer system attacks might look like, either on their own or in conjunction with physical operations and kinetic attacks.

Last year, for example, the Defense Advanced Research Projects Agency (issued a call to tech vendors for "cyberspace warfare operations" capabilities, as part of what Darpa dubs Plan X. Darpa seeks a broad range of capabilities, from a scripted counterresponse to a cyber attack to IT infrastructure that could be hardened to withstand attacks.

Similarly, the Air Force Life Cycle Management Center last year called on contractors to submit concept papers for "cyberspace warfare operations" capabilities, including "cyberspace warfare attack" and "cyberspace warfare support."

Capabilities on the Air Force wish list include "employing unique characteristics resulting in the adversary entering conflicts in a degraded state." In other words, why blow up an enemy's tank if you can instead somehow infect and kill the tank's electrical system?

Who else is bolstering their cyber war capabilities? Iran is a strong candidate, and in April 2012, the VP of the American Foreign Policy Council, Ilan Berman, told a U.S. House committee that Iran has been boosting its cyber warfare resources in the wake of online attacks against the country. The attacks include Stuxnet, malware blamed in 2010 for trying to attack power plant infrastructure. U.S. officials have accused the Iranian government of sponsoring DDoS attacks against U.S. banks. China has reportedly mobilized its own cyber army, and Russia last year launched a recruitment drive to find the country's best hacking minds, seeking people versed in "methods and means of bypassing antivirus software, firewalls, as well as in security tools of operating systems," the newspaper Pravda reported.

But while governments don't face the same legal problems that companies do when considering offensive attacks, they do face the same major intelligence challenge: accurately tracing an attack's true origin, a process known as attribution. While small-time cybercriminals may leave tracks, government-backed professionals will go to great lengths to hide what they're doing -- or perhaps, pin blame on another enemy.

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
boredaussie
50%
50%
boredaussie,
User Rank: Apprentice
1/22/2013 | 3:19:30 AM
re: Uncertain State Of Cyber War
For the sake of presenting another opinion, I'll share my view.

While it is unlikely that the Russian Government directly perpetrated the Georgia cyber attacks, I believe that there was a level of state involvement (with Estonia too, but we'll leave that to one side). The timing of the main thrust of the cyber attacks coincided with the advance of Russia's force that had massed on the northern border of South Ossetia. The cyber attacks were in concert with the ground force. The much talked about stopgeorgia.ru that is oft-pointed to as evidence that nationalistic hackers perpetrated the attacks without government direction was not set up until the following day. The site was obviously not necessary for the coordinated cyber attack that occurred alongside the ground invasion.

The other side of this is the strategic. The article described the cyber campaign as serving "no clear military purpose". That isn't the case. The Russian information campaign was advanced - winning the war of public (and world) opinion was important. They wanted to paint Saakashvili as a bellicose warmonger. Russia's information campaign was important - the military flew 50 journalists to South Ossetia shortly before war broke out to cover the coming conflict from the Russian perspective. On the other hand, journalists in Georgia were unable to share their side of the conflict effectively. Some foreign news websites were blocked and the cyber campaign led to a difficulty in communicating the Georgian message. In this way, the cyber campaign fit into a broader Russian info-war campaign. That was the strategic value.

I'd recommend the US Cyber Consequences Unit's report on the conflict as further reading on the topic for anyone interested.
John Foley
50%
50%
John Foley,
User Rank: Apprentice
1/22/2013 | 9:59:44 PM
re: Uncertain State Of Cyber War
"Uncertain," "open question," "scant proof" are the words used here to describe cyber war in these early days. That's unlikely to change anytime soon -- the players and their motives, techniques, and outcomes will remain fuzzy. But it's clear that the US military, and no doubt other national defense agencies, are shifting focus from cyber defense to offensive capabilities. Some say the threat is extreme -- Leon Panetta warned of a "cyber Pearl Harbor" -- while others say such talk is overblown. I'm in the camp that believes the threat is real. Good to know that DARPA has Plan X. Hopefully the Pentagon has Plan A and Plan B too.
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0972
Published: 2014-08-01
The kgsl graphics driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly prevent write access to IOMMU context registers, which allows local users to select a custom page table, and consequently write ...

CVE-2014-2627
Published: 2014-08-01
Unspecified vulnerability in HP NonStop NetBatch G06.14 through G06.32.01, H06 through H06.28, and J06 through J06.17.01 allows remote authenticated users to gain privileges for NetBatch job execution via unknown vectors.

CVE-2014-3009
Published: 2014-08-01
The GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.0 through 11.0 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 does not properly handle FRAME elements, which makes it easier for remote authenticated users to conduct ph...

CVE-2014-3302
Published: 2014-08-01
user.php in Cisco WebEx Meetings Server 1.5(.1.131) and earlier does not properly implement the token timer for authenticated encryption, which allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCuj81708.

CVE-2014-3534
Published: 2014-08-01
arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACE_POKEUSR_AREA requests, which allows local users to obtain read and write access to kernel memory locations, and consequently gain privileges, via a c...

Best of the Web
Dark Reading Radio