The fog of (cyber) war

Analysts and strategists gathered at the Cyber Warfare 2009 conference in London last January were grappling with some thorny problems associated with the cyberaggression threat. One that proved particularly vexing was the matter of exactly what constitutes cyberwarfare under international law. There's no global agreement on the definitions of cyberwarfare or cyberterrorism, so how does a nation conform to the rule of law if it's compelled to respond to a cyberattack?

Highlighted by TransTracker

Steven Chabinsky, senior cyberadvisor to the director of national intelligence.

Highlighted by TransTracker

While Chabinsky declined to be specific because of concerns about compromising intelligence-gathering methods, he affirmed that the U.S. has identified "a number of sophisticated nation-state actors who we believe have the capability to bring down portions of our critical infrastructure." Fortunately, he added, "we don't think they have the intent to do so, [since] our country would respond accordingly, and not necessarily symmetrically through cyber means."

Highlighted by TransTracker

"I think the primary cyber-risk to our critical infrastructure is from disgruntled employees who have insider knowledge and access," Chabinsky says. "Insider threats can take advantage of the most serious vulnerabilities; in fact, they can create them. Could they sell their capabilities to a terrorist group? Certainly."

Highlighted by TransTracker

"I would say that currently, organized criminal activity provides a more pervasive and damaging threat than organized terrorists," says Mike Theis, who until recently served as chief of cyber counterintelligence at the National Reconnaissance Office (NRO), an agency of the U.S. Department of Defense.

Highlighted by TransTracker

According to former NRO official Mike Theis, terrorists and criminals pose similar threats with respect to illicit profit generation. The following are some examples of activity these groups might aim to perpetrate:

• Theft of personal information that could be used for sale to the highest bidder or on an information exchange.
• Theft of trade secrets, intellectual property or superior business processes. "It could be something as simple as your customer list, but there is usually a lot more of value than that," Theis says.
• Cyberhostage taking. If the contents of your entire hard drive were remotely encrypted by a hacker, would you pay $100 to get the decryption key? Would 10,000 people like you do the same?
• Cyberblackmailing. How much would you pay to prevent your family/customers/competitors/regulators from knowing something that was found on your computer?
• Cyberslaving. The perpetrator installs a back door or "loader" on your machine and sells it to the highest bidder. It would allow the buyer to install any type of software on that machine without being detected. "The last I heard, the average price was still about $1 per machine," Theis says. "It's not uncommon to see machines purchased in blocks of 10,000 or more in order to launch a denial-of-service attack."

"So basically," Theis says, "anything that can be done in the world of brick and mortar has some type of a cyber equivalent."

Highlighted by TransTracker

"There is reason to consider whether some nation-states lack the ability to control organized crime within their borders, lack the resources to control criminals who victimize people and businesses outside their borders, or suffer from corruption in which government officials are complicit in lucrative criminal schemes," Chabinsky says.

Highlighted by TransTracker

Indeed, the role that hackers play on the cyberwarfare stage is widely underestimated. "I think that a big myth is that cybercrime is still about a 15-year-old kid doing Web defacements," Chabinsky says.

In truth, the hacker element is gaining influence worldwide, and that influence is being targeted by governments.

Highlighted by TransTracker

"It seems ludicrous that countries that have stated their understanding of the importance of cyberconflict dominance and have dedicated resources to that effort would not use them in a decisive way, but [instead] would depend on patriotic hackers to just happen to get it right and just at the right time."

Still, governments have every reason to want to strain the limits of credibility, Theis says. "It's a nice myth to perpetuate if you're trying to maintain plausible deniability."

Highlighted by TransTracker