CYBEREYE

Cyber war: How close are we to the real thing?

There is little doubt that companies and agencies in the United States are under attack by adversaries, known and unknown, who are targeting IT systems and online resources. Some of the reported incidents, such as those against Google, RSA Security and Lockheed-Martin, are sophisticated and targeted, while others, such as the recent denial-of-service attacks against the CIA website, are trivial and almost benign.

Does this barrage amount to a cyberwar? Probably not — at least, not yet.

“What we’re talking about is theft,” said Dmitri Alperovitch, vice president of research at McAfee. “The hyperbole of cyberwar is overused.”


Related coverage:

Ongoing storm of cyberattacks is preventable, experts say

Cyber Command still struggling to define cyber war


The thefts are a real threat, said Alperovitch, who called them “a massive transfer of wealth in intellectual property unprecedented in history.” But he draws a clear distinction between criminal activity, espionage, hacktivism and acts of war.

Information warfare consultant Charles Dodd, who is chief technology officer of Nicor Global, does not see the distinction so clearly. He does not call recent attacks warfare, but he worries about the possibility of escalation, especially in light of recent reports that the Pentagon is prepared to consider online hacking the equivalent of an act of kinetic war.

The CIA denial-of-service attack, for which the hacker group LulzSec has claimed responsibility, worries him.

“It might be benign, but it shows they have no fear of anyone coming after them,” he said. “These guys are making a very powerful statement to the rest of the world.” Without a meaningful online deterrence capability, the United States could be subjected to an escalating series of cyberattacks that eventually could trigger a conventional kinetic response and lead to a shooting war.

The United States, and any responsible military power, is at a disadvantage in this online cat-and-mouse game. “It is still very much a defensive game,” Alperovitch said. If an adversary seriously targets an enterprise, “the likelihood that they will get in is near 100 percent,” he said.

So far, the United States has been unsuccessful in significantly increasing the risk and reducing the rewards for attackers, regardless of their motives. Despite some recent successes on the law enforcement front, detection and punishment for criminal behavior online is anything but swift or certain. The certain military retaliation that has kept foreign armies and air forces away from our shores is not yet possible in cyberspace because we do not know for sure where attacks are coming from.

“That is a huge problem,” Dodd said. “We do not have a trackback technology today to know who the perpetrator was.” If we respond, “how do we know we’re attacking the correct target?”

Attribution for online activity today is possible, but it relies to a great extent on traditional techniques such as human intelligence, and results are likely to come well after the fact, making a swift and accurate response unlikely.

The bottom line is that offensive tools are limited by the ability to accurately identify targets, and despite cyberwar policies and capabilities, the United States is likely to remain on the defensive in cyberspace for the foreseeable future.

Playing a defensive game is uncomfortable and leaves the country at a disadvantage, but that does not mean security leaders have to be passive. Good defenses can reduce the target area and increase the cost of a successful attack, and improved international cooperation and law enforcement can increase the risks for the bad guys.

Networks need robust cyber defenses in any event, and if they are good enough they can buy the time it takes to make progress on the attribution problem.

 

Reader Comments

Thu, Jun 23, 2011 Stan

To define the action of cyber-terrorists as theft is to deny the fact that the motive is not only to obtain financial rewards, but to obtain government secrets. If government websites are hacked for information, the motive is to obtain those secrets in a "cold-war," scenario to compromise weapons systems, and national defense. Also, strictly defensive measures are inadequate to combat against cyber threats, instead a proactive method to trace and track the source of the threats is the recommended approach. This approach is provided at the authors website: www.newmillenniumwebcenter.com to trace, and track cyber terrorists with network analysis of messages, domain lookups, encryption of data, password generator, SQL Filter to prevent SQL Injection, and Google Mashups to identify the geographical site of the terrorist.

Tue, Jun 21, 2011

While it may be technically true that exfiltration of data from federal systems is "theft", that view is naive and dangerous. When these "thefts" involve weapons information and a shopping list of other information that would generally only be of interest to a foreign government, it is much more than "theft". I believe that many recent compromises are intelligence operations conducted against U.S. interests. Those operations are designed to assess US offensive and defensive capabilities (cyber and kinetic both) and to steal technology with the intent of using that technology against the U.S. in a conflict. This is no more about "theft" than Soviet spies obtaining US government information during the cold war. Ignoring the nature of the threat misguides our responses.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above