Risk
1/17/2013
04:25 PM
50%
50%

Uncertain State Of Cyber War

Just what does "cyber warfare" mean? We're still figuring out tactics and capabilities.

Military agencies worldwide are right in the middle of figuring out the tactics and capabilities that will be critical in any future cyber war. So far, any conflicts are playing out behind the scenes, with only the rare accusation or public request for technology giving a glimpse into what offensive attacks between countries might look like.

Even what counts as "cyber warfare" remains an open question. Many cite as the first-known example of such operations the distributed denial-of-service (DDoS) takedowns and hijacking of government and business websites in the country of Georgia in 2008, at the same time as Russian military operations on the ground.

But there's scant proof that the Russian government launched or sponsored online attacks against Georgia, according to many security experts, including Robert David Graham, CEO of Errata Security. "There's no evidence the cyber attacks were by the Russian government, or that they were anything more than normal 'citizen hacktivism,'" he said in a blog post. It's notable that this supposed first-ever cyber war served no clear military purpose. Attackers compromised informational government websites, not critical infrastructure systems or military networks.

To be fair, even the would-be practitioners of cyber warfare -- namely, the U.S. military -- are themselves soliciting input on what offensive computer system attacks might look like, either on their own or in conjunction with physical operations and kinetic attacks.

Last year, for example, the Defense Advanced Research Projects Agency (issued a call to tech vendors for "cyberspace warfare operations" capabilities, as part of what Darpa dubs Plan X. Darpa seeks a broad range of capabilities, from a scripted counterresponse to a cyber attack to IT infrastructure that could be hardened to withstand attacks.

Similarly, the Air Force Life Cycle Management Center last year called on contractors to submit concept papers for "cyberspace warfare operations" capabilities, including "cyberspace warfare attack" and "cyberspace warfare support."

Capabilities on the Air Force wish list include "employing unique characteristics resulting in the adversary entering conflicts in a degraded state." In other words, why blow up an enemy's tank if you can instead somehow infect and kill the tank's electrical system?

Who else is bolstering their cyber war capabilities? Iran is a strong candidate, and in April 2012, the VP of the American Foreign Policy Council, Ilan Berman, told a U.S. House committee that Iran has been boosting its cyber warfare resources in the wake of online attacks against the country. The attacks include Stuxnet, malware blamed in 2010 for trying to attack power plant infrastructure. U.S. officials have accused the Iranian government of sponsoring DDoS attacks against U.S. banks. China has reportedly mobilized its own cyber army, and Russia last year launched a recruitment drive to find the country's best hacking minds, seeking people versed in "methods and means of bypassing antivirus software, firewalls, as well as in security tools of operating systems," the newspaper Pravda reported.

But while governments don't face the same legal problems that companies do when considering offensive attacks, they do face the same major intelligence challenge: accurately tracing an attack's true origin, a process known as attribution. While small-time cybercriminals may leave tracks, government-backed professionals will go to great lengths to hide what they're doing -- or perhaps, pin blame on another enemy.

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
boredaussie
50%
50%
boredaussie,
User Rank: Apprentice
1/22/2013 | 3:19:30 AM
re: Uncertain State Of Cyber War
For the sake of presenting another opinion, I'll share my view.

While it is unlikely that the Russian Government directly perpetrated the Georgia cyber attacks, I believe that there was a level of state involvement (with Estonia too, but we'll leave that to one side). The timing of the main thrust of the cyber attacks coincided with the advance of Russia's force that had massed on the northern border of South Ossetia. The cyber attacks were in concert with the ground force. The much talked about stopgeorgia.ru that is oft-pointed to as evidence that nationalistic hackers perpetrated the attacks without government direction was not set up until the following day. The site was obviously not necessary for the coordinated cyber attack that occurred alongside the ground invasion.

The other side of this is the strategic. The article described the cyber campaign as serving "no clear military purpose". That isn't the case. The Russian information campaign was advanced - winning the war of public (and world) opinion was important. They wanted to paint Saakashvili as a bellicose warmonger. Russia's information campaign was important - the military flew 50 journalists to South Ossetia shortly before war broke out to cover the coming conflict from the Russian perspective. On the other hand, journalists in Georgia were unable to share their side of the conflict effectively. Some foreign news websites were blocked and the cyber campaign led to a difficulty in communicating the Georgian message. In this way, the cyber campaign fit into a broader Russian info-war campaign. That was the strategic value.

I'd recommend the US Cyber Consequences Unit's report on the conflict as further reading on the topic for anyone interested.
John Foley
50%
50%
John Foley,
User Rank: Apprentice
1/22/2013 | 9:59:44 PM
re: Uncertain State Of Cyber War
"Uncertain," "open question," "scant proof" are the words used here to describe cyber war in these early days. That's unlikely to change anytime soon -- the players and their motives, techniques, and outcomes will remain fuzzy. But it's clear that the US military, and no doubt other national defense agencies, are shifting focus from cyber defense to offensive capabilities. Some say the threat is extreme -- Leon Panetta warned of a "cyber Pearl Harbor" -- while others say such talk is overblown. I'm in the camp that believes the threat is real. Good to know that DARPA has Plan X. Hopefully the Pentagon has Plan A and Plan B too.
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-5395
Published: 2014-11-21
Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3276 and E3236 TCPU before V200R002B470D13SP00C00 and WebUI before V100R007B100D03SP01C03, E5180s-22 before 21.270.21.00.00, and E586Bs-2 before 21.322.10.00.889 allow remote attackers to hijack the authentication of users ...

CVE-2014-7137
Published: 2014-11-21
Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM before 3.6.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) contactid parameter in an addcontact action, (2) ligne parameter in a swapstatut action, or (3) project_ref parameter to projet/tasks/contact.php; (4...

CVE-2014-7871
Published: 2014-11-21
SQL injection vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev36 and 7.6.x before 7.6.0-rev23 allows remote authenticated users to execute arbitrary SQL commands via a crafted jslob API call.

CVE-2014-8090
Published: 2014-11-21
The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nes...

CVE-2014-8469
Published: 2014-11-21
Cross-site scripting (XSS) vulnerability in Guests/Boots in AdminCP in Moxi9 PHPFox before 4 Beta allows remote attackers to inject arbitrary web script or HTML via the User-Agent header.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?