Saturday, December 01, 2012

The Cyber Wars in Cyber Space

On October 1st I purchased a new cell phone from the company that was once considered an American icon, AT&T. Little did I know that one week later, on October 8th, a Congressional report would warn that the Chinese manufacturer of that phone posed “a threat to U.S. national security interests.” Did the purchase expose me to the possibility that my use of that phone would aid and abet a threat to my country?

Fortunately, that same report, issued by the House of Representatives Intelligence Committee, could find no direct evidence the phone manufacturer, Huawei, has acted to compromise the security of any of its clients. However, suspicion still exists, since Huwawei’s primary business is the manufacture of high-end computer networking switches. A switch views all the digital data that passes through it. If you control the switch, you could manipulate it so that it makes a copy of the data and sends it elsewhere, or you could change the data en route to benefit your agenda. A hidden mutation could enable the switch to trigger a complex virus or worm to initiate cyber warfare.

Few are aware that Huwawei is the largest telecommunications equipment maker in the world. Wikipedia reports that, “In the U.S., Huawei has been challenged due to concerns of United States security officials that Huawei made telecommunications equipment is designed to allow unauthorized access by the Chinese government and the Chinese People's Liberation Army.”

Those fears have been raised based on the fact that Ren Zhengfei, the founder of the company, served as an engineer in the Chinese army in the early 1980s, plus the impression that the army is powerful enough to persuade any Chinese company to do its bidding. Similar challenges and suspicions regarding Huawei have been raised in the United Kingdom, Canada, Australia, and India.

The concerns addressed about Huawei are symbolic of the much greater anxieties about the potential growth of cyber warfare. Wikipedia defines that term as follows: “Cyber Warfare refers to politically motivated hacking to conduct sabotage and espionage.” In his 2010 book Cyber War, Richard Clarke, the American security expert, defined cyber warfare as “actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption.”

There is general agreement that as implied in Clark’s definition, before a cyber attack is considered warfare, there must be some physical damage incurred (destruction of infrastructure) or at a minimum it must involve disruption. The most chilling part of Clark’s book is his central argument that while the United States has developed the capability to conduct an offensive cyber war, we have virtually no defense against the cyber attacks that he says are targeting us now, and will continue in the future.

Past wars have been associated with four domains: those conducted on land, on sea, in the air and in space. But we are now in a digital world so dominated by computers that a fifth domain has been established––Cyberspace. In this new arena, cyber crime is rampant, cyber espionage is flourishing, and while numerous cyber attacks have occurred, cyber warfare, as defined by Clark above, has primarily involved disruption rather that physical damage. Arguments abound as to exactly what is damage and what is disruption. For example, does the Stuxnet worm’s sabotage of Iran’s enrichment centrifuge program constitute physical damage resulting in centrifuges going wild, or did the worm merely disrupt Iran’s move to uranium enrichment?

It seems that it is a well-known secret that Stuxnet was initiated by Israel, probably aided by the United States. But what happens if a nation state is not involved? As of this writing (late November), and possibly even by the time you read this, the following information from the Huffington Post was not well publicized:

“NOV. 19, 2012 - JERUSALEM -- A concerted effort of millions of attempts to cripple Israeli websites during the Gaza conflict has failed, Israel's finance minister said Monday, claiming that the only site that was successfully hacked was back up within minutes.” The article continued. “The online group Anonymous, and other protesters have barraged Israel with more than 60 million hacking attempts, according to the finance minister, all but one of the attacks has been fended off, and that one knocked a website offline for only 10 minutes.”

The targets included the Israel Defense Forces, the prime minister's office, Israeli banks, the Tel Aviv city government, airlines, infrastructure, and business sites. These efforts ere considered well-coordinated denial-of-service attacks. That’s the type of cyber attacks that test a country’s vulnerability, including our own.

The U.S. National Defense Council reported, “The architecture of our Nation’s digital infrastructure, based largely upon the Internet, is not secure or resilient. Without major advances in the security of these systems or significant change in how they are constructed or operated, it is doubtful that the United States can protect itself from the growing threat of cyber crime and state-sponsored intrusions and operations.”

Nation states that are most likely to initiate cyber attacks on the U.S. are China, Russia, and Iran. Like us, all three are boosting their ability to wage cyber war, however, the most troublesome is China. In November, a special U.S.-China Economic and Security Review Commission reported to Congress the following: “China continues to develop its capabilities in the cyber arena. U.S. industry and a range of government and military targets face repeated exploitation attempts by Chinese hackers as do international organizations and nongovernmental groups including Chinese dissident groups.”

The report provided numerous specific examples of Chinese intervention in U.S. business companies, and government agencies including the Department of Defense. It stated however that “from a government standpoint, perhaps the most significant example of malicious Chinese cyber activity exposed in 2012 was when the National Aeronautics and Space Administration (NASA) reported it was the victim of 47 ‘‘advanced persistent threat’’ attacks, 13 of which successfully compromised agency computers. Intruders stole user credentials for more than 150 NASA employees and gained full functional control over networks at the Jet Propulsion Laboratory.”

The dangers we face from cyber war intrusions are outlined in an August article in the Huffington Post severely criticizing Congress for failing to pass legislation that would have gone a long way to resolve this problem. Citing the types of threats we face it read: “We no longer have Cold War problems. It's hackers, working either for rogue states or terrorist organizations. At some point, they will disrupt not just our military's computers, which will be bad enough, but also the computers upon which all Americans depend: computers that run our nuclear power plants and electricity grid; computers that deliver our drinking water; computers that manage our hospitals, banks, and every corporation large and small.”

The article maintained that, “As originally conceived, the bill would have created security standards for computers that run the nation's critical infrastructure including transportation, water systems and the electrical grid. In addition, it gave the federal government the power to make sure those standards were met.”

Although strongly endorsed by the Obama administration, according to the Post, objections to the bill centered on government intrusions in privacy issues. The Post points out this issue could have been deliberated and resolved, maintaining that, “Some of our esteemed lawmakers had no desire to make the legislation better. They simply wanted to kill it, but for all the wrong reasons. Conservatives and their financial backers in the Chamber of Commerce didn't even mention the cyber security bill's looming privacy threats. Rather, they focused on trumped-up allegations that the bill would be a burden to American corporations.”

Recognizing that the problem was too critical to wait for Congressional action, in early October, the Secretary of Defense, Leon Panetta, frustrated by Congressional inaction said the United States faces a growing threat of a “cyber-Pearl Harbor”, and is drafting new rules for the military that would allow pre-emptive digital attacks. He warned that foreign hackers had the potential to take down the country’s power grid, financial networks, and transport system. He emphasized that “An aggressor nation or extremist group could gain control of critical switches and derail passenger trains, or trains loaded with lethal chemicals. They could contaminate the water supply in major cities, or shut down the power grid across large parts of the country.”

About ten days after Panetta’s comments, in a direct confrontation to the failure of Congress to pass cyber warfare legislation, and in a move indicating unequivocal acknowledgement of its potential dangers, President Obama intervened by issuing a new presidential cyber warfare directive. It lays out specific ground rules for how and when the U.S. military can carry out offensive and defensive cyber operations against foreign threats. It basically provides secret policy details how military units may be used to launch offensive cyber operations in the wake of online attacks against the United States.

What a relief. Now I know if my new phone is hacked due to a corrupted Huawei switch, our military will have the power to retaliate. Check that out China––you want cyber warfare, that’s what you’ll get.


Post a Comment

<< Home