Triggering A Cyber War
Much attention is being given to the threat of a cyber war. Opinions about how close or how far away we are from such an event differ greatly among the experts.
In fact, cyber attacks have been going on for more than a decade, and they are getting worse. What began with individuals, spread quickly to criminal gangs/organized crime, and has now reached the realm of more than 120 nation-states and numerous terrorist groups including Al-Qaeda. In the last several years, the cyber skirmishes have risen in frequency, severity and technical complexity. Given the world’s reliance on computers and networks, the military has been working on electronic warfare for some time. Now it has become a huge concern for defense planners dealing with protection of the critical infrastructure. One way of thinking about it is to imagine ordering a hamburger at McDonalds without a computer being involved. Virtually every part of daily life is touched by computers. There are computers in cars, vending machines, phones, radios and TVs – nothing has escaped the computer revolution.
Given the importance of computers and networks in everyday life, they are now prime targets for extremist and military attacks. All nations are aware of this fact and concerned about protecting their information infrastructure. They are even concerned about the possibility of a “cyber arms race” or “cyber war.”
The U.S. Army’s Cyber Operations and Cyber Terrorism Handbook defines a cyber war as the premeditated use of disruptive activities, or the threat thereof, against computers and/or networks, with the intention to cause harm or further social, ideological, religious, political or similar objectives.
To explore the likelihood of an accidental cyber war being triggered by a lone, rogue hacker, we first must evaluate how difficult it would be for an individual, working alone, to construct a cyber weapon. What resources, skills and finances would be involved? If an individual were planning such an act, could the nation’s defense, intelligence and law enforcement agencies detect the individual actions in time to intercede? One of the senior analysts at Spy-Ops, a company that provides security, intelligence and defense training and consulting, told me that, given there are more than 250 new viruses released monthly, the skills and resources are out there. During my testimony and hacking demonstration before Congress in 2001, I was asked how many people could do what I just presented. My reply was thousands, and I am afraid that number has increased significantly since then. Spy-Ops offers a summary threat matrix in an Intelligence Briefing on Cyber Warfare (see graphic). It indicates how severe the threat of a cyber arms race is and the degree of ease with which a cyber weapon could be constructed.
The cost of a cyber weapon is thousands of dollars if not tens of thousands of dollars. That is a far cry from the millions of dollars spent developing a new bomb or missile. The skills and resources are not controlled and are available. As for intent, there is no shortage of individuals or groups who wish to harm the United States and the likelihood of detecting this plan and foiling it is questionable.
If an individual has the knowledge to create a cyber weapon, they also have the skills to cloak the originating source or location. In fact, a reasonably skilled hacker could attack a government computer, compromise it and make it look like the attack was launched there. If that were to occur, it would be hard to believe that it was someone else using our computers. Even a self-published pamphlet called “Secrets of a Super Hacker” is available on eBay for just 99 cents. For these reasons and more, we know that a lone, rogue hacker could launch an attack that could spiral out of control and escalate to a full blow cyber war. A computer is a weapon waiting to be loaded and used. It’s important to wake up to this threat and take immediate action to reduce the risk that cyber weapons pose to peace and stability.
Kevin G. Coleman is a senior fellow with Technolytics and a Kellogg School of Management Executive Scholar. He is a 15-year veteran of the technology industry hailing from Netscape, CSC Consulting and Deloitte & Touche.
Summary THREAT MATRIX
|Resource Availability||5||HIGH: Widely available. It is not very hard to obtain a computer, program development tools and an Internet connection.|
|Skills/Knowledge||3||AVERAGE: Moderately available. Advanced computer science and programming skills are all that are required to construct a cyber weapon. That, plus the significant amount of information that is available online.|
|Financial Burdon||1||LOW: Very Limited Financial Investment. Spy-Ops estimated that a cyber weapon could be developed for as little as a few thousand dollars.|
|Likelihood of Detection||1||LOW: Given the limited staff required coupled with the wide availability of materials and limited financial investment, these activities would be very difficult to detect.|
|Intent||5||HIGH: Numerous groups as well as disgruntled individuals have the motivation to construct and release a cyber weapon.|
|1 = LOW 2 = LIMITED 3 = AVERAGE 4 = MODERATE 5 = HIGH|
What Are CYBER WEAPONS?
Cyber Weapons (CW) pose a significant threat to a nation’s ability to protect itself and to wage war. In the past few years, the research and development of cyber weapons has increased substantially.
Cyber Weapons include: electronic countermeasure, defense shields against electronic attack, infrared decoys, angle reflectors, false-target generators, root kits, malicious code, transient electromagnetic devices, Trojans, spyware, back-doors in commonly used software, autonomous mobile cyber weapons, keyloggers, botnets, viruses, worms and many other exploitation techniques.
The threat posed by cyber weapons is very real, and attacks can come from anywhere and at any time. In 2007, cyber attacks were launched against sensitive government sites in Britain, France, Germany, the United States and Estonia. Many knowledgeable sources believe that Al-Qaeda has been building their capabilities and conducting reconnaissance for an Internet attack possibly with some other physical attack.