Cyberwar Explained: A Look at the Growing Threat of the Latest Weapon of War
Countries all over the world are scrambling to develop offensive and defensive cyber strategies
By Beth Rowen
Over the past few decades, the nature of war has changed dramatically. Prior to the Sept. 11, 2001, terrorist attacks, the U.S. waged war against enemy nations. After 9/11 the war on terror pitted the U.S. against stateless groups. The latest front finds nation-states unleashing malice not from an IED, missile or firearm but from a computer keyboard. In many respects, cyberwar is potentially more devastating than conventional warfare.
In fact, President Barack Obama called the threat of a cyberattack, "one of the most serious economic and national security challenges we face as a nation." In 2009 he created the Cyber Crime Center under the Department of Defense, which now operates under the Air Force Office of Special Investigations and is called the Defense Cyber Crime Center (DC3), to protect the country's military computer networks and to execute attacks on other nations. Responsibility for government and private protection falls under the Department of Homeland Security. Several other nations have invested heavily to develop both offensive and defensive cyberwar strategies. For example, the European Union established the European Network and Information Security Agency. In addition, China, Russia, Israel, North Korea, and Iran are equipped with formidable cyber capabilities.
What is cyberwar?
Cyberwarfare is the deliberate breaching of an entity's computer system with the intent of stealing intellectual property or financial resources; disabling, wiping out, or manipulating a computer or network; or causing other damage or disruption to a computer-driven system. Targets of such sabotage, subversion, and espionage include "traditional" governmental and military objectives as well as the less-protected civil infrastructure of a country-a target that has the potential to bring modern life to a halt. Our vulnerability lies in weaknesses in software that helps to run banks and other corporations; satellites, power grids, water systems, and other utilities; communication and financial networks, among others.
Governments and businesses around the world have scrambled to implement strategies to intercept and prevent such intrusions with little success. Attackers seem to be two steps ahead of their prey, forcing the victim to be reactive rather than proactive. Defensive strategies do little to prevent an attack. For example, one cannot thwart a virus before its existence is even known. Another major problem with cyberattacks is their unpredictability. Victims can't see them coming?there's no form of radar to pick up pending attacks, cyberweapons are invisible, and attackers are usually anonymous.
Another difficulty lies in retaliation. What is an appropriate response to a nameless, faceless attack that produces no human casualties? It isn't a "you bomb my city, I bomb your city" scenario. In fact, the initial assault is usually not militaristic. But what is so terrifying is the idea that once violated, portions of our infrastructure could be rendered useless; a successful "civil" attack could demand a retaliatory military strike. In this high-speed, largely anonymous new world, retaliation cannot be rushed because a move to military might runs the risk of attacking an innocent target, as a "false flag" attack can be used to place blame on the blameless, with very deadly results.
How does a cyberattack work?
The most basic and arguably most effective cyberattack is the cyber equivalent of cutting a wire, or "denial-of-service" attack, which floods a network with useless traffic designed to cut off the client (computer) from the host (server). Other cyberweapons include malware, such as worms, viruses, Trojan horses, and spear phishing.
China, which is widely believed to have launched dozens of state-sponsored attacks on the U.S. government and businesses, seems to prefer spear phishing as its cyberweapon of choice. In spear phishing, a hacker sends an email, posing as a trusted source, and prompts the recipient to open an attachment. The attachment is actually malware that infects the computer and can allow the sender access to the infected computer. The infected computer can then transfer the malware to other computers in the same network. Malware programs can record a user's keystrokes, collect data, monitor email and instant messaging correspondence, turn on a computer's microphone and record conversations, among other covert maneuvers. Flame, malware introduced in 2007, was disguised as a Windows update. When a user opened the attachment, the malware was installed on the user's computer.
Worms are a form of malware that replicate themselves and spread throughout a computer network. Trojan horses serve an intended purpose but also include a nefarious component that releases a virus or malware on a computer. Most viruses and malware are programmed to abort once detected, making them difficult to trace.
Same motives, different methods
Our capacity for creating new ways to cause havoc and chaos is seemingly infinite. Cyberwar, information warfare, cyberterrorism are different names for a faceless enemy in a new kind of battle that produces not bodies, but panic, fear, and very real devastation. This new frontier poses many risks and unanswered questions-how far will one country go in attacking another? Are terrorists working toward acquiring the skills to launch an attack? Should countries act preemptively if they suspect a crippling attack is imminent? Is a cyberattack an act of war? What is an effective deterrent? What retaliation is appropriate? The questions are many, the answers are not-nor are the worst-case scenarios easy to accept. It's no wonder President Obama called a cyberattack our greatest threat to national security.