Security

Has the next Cold War already begun in cyberspace?

Alfonso Barreiro likens the current state of cyber warfare measures and counter-measures to a Cold War. Could it escalate? Is it all hype? Take our poll.

Cyberwar. It's very definition is cause for controversy among security specialists. Some argue (like this entry in the Journal of Strategic Studies) that the term is misleading, as there are no cyber security incidents that can qualify as "war" on their own. Others, like the U.S. government, have recognized cyberspace as a "new domain in warfare" and to underscore the point, the U.S. Air Force is now requesting technology concept demonstrations for "cyberspace warfare operations". And last summer, the Pentagon released its official plan for operating in cyberspace ( see John Joyner's analysis, "The next battlefield: Cyberspace and military readiness").

Regardless of the "official" definition, it's hard to argue that there is an increasing amount of cyber security incidents that seem to point at being orchestrated or sponsored by nation states to further their agendas:

The list goes on and on, with incidents ranging from the infamous "Operation Aurora" attacks on Google and other companies, blamed on the Chinese government, to Iran boasting of having the world's second-largest cyber-army. One common denominator of all these incidents is that they can be safely classified as Advanced Persistent Threats, where the attackers appear to possess very large amounts of resources, such as incorporating multiple zero-day vulnerabilities (as in the case of Stuxnet) or staging complex multi-stage attacks (such as breaching RSA in order to later attempt an attack on Lockheed Martin and other users of RSA's stolen information).

What we are witnessing can probably be more accurately described as a Cyber Cold War. Just as the Cold War between the United States and the Soviet Union featured little direct military action, this Cyber Cold War so far has not produced incidents with enough hard evidence that could escalate to military responses. Unlike conventional military incidents, placing responsibilities on cyber security incidents can be very tricky and appropriate responses to such incidents could prove to be even trickier. And just like the previous Cold War, there is plenty of espionage and sabotage involved.

Perhaps the most worrying development in this scenario for security professionals is the cyber arms race that can be exemplified by the lucrative market for zero-day exploits. Researchers willing to sell these exploits to the highest bidder (usually not the vendor that can create a patch) and governments hoarding them to use against their "enemies", create a situation where the average user is kept vulnerable to maintain the value and usefulness of these "weapons".

The cards appear to be stacked against the security professionals tasked with protecting their organization's sensitive assets, facing adversaries with potentially vast resources at their disposal. Hopefully however, all these incidents can serve to raise awareness that we need to be prepared. Defending against these threats is no more different than securing our networks against the traditional cyber crime and hacktivists that have gained the spotlight in recent years. IT and security pros are innovative, resourceful, and more than capable of facing these challenges.

Your take?

There has been a lot of hype about the threat of cyber warfare and the potential for harming critical infrastructure, with some officials saying it is already upon us, and other experts disputing that conclusion ("Think Again: Cyberwar" by Thomas Rid, Foreign Policy). Do you agree with the Cold War analogy?  Take the poll and choose the closest "answer" that reflects your attitude, and feel free to explain more in the comments.

About

I am a technology specialist with over 10 years of experience performing a variety of corporate IT functions, including desktop and server operations, application development, and database administration. My latest role is in information security, fo...

4 comments
ProfessorLarry
ProfessorLarry

Malicious software that are essentially espionage tools, such as DuQu or Flame, are typical of cold-war spy tactics translated into cyberspace, but Stuxnet was as close to a guided-missile launch as cyberspace can offer. The fact (confirmed by multiple sources) that it was a government-sponsored project clinches the categorization. We can now say with some confidence that the work was a cooperative effort of a multinational cyber-tactics team that included Israel's Mossad and IDF Unit 8200 and the U.S. NSA/CIA and DHS Idaho Labs among possibly other players, along with the German BND and Siemens providing support. State-sponsored targeting aside, the biggest long-term threat is not so much from highly-skilled government teams but from ad hoc efforts by less-talented independents who recycle, reuse, and re-purpose components and techniques released by nation states. Pieces of Stuxnet are already being cobbled together into new attacks. The toolkit of cyber-warfare code just keeps growing. If the U.S. electric grid or natural gas distribution systems are vulnerable (and they absolutely are), an attack is not as likely to come from another nation state, but from cyber-terrorists of one stripe or another. The techniques required for some possible attack scenarios are quite sophisticated and require quite a bit of inside knowledge, such as in the Stuxnet attack on Iran or the Stuxnet-style attack on U.S. electric power in my novel, [b]Web Games[/b]. Others, however, are frighteningly simple to construct and carry out. Terrorists have the advantage that they do not need to get everything exactly right to cause chaos, and they do not need to worry about collateral damage, which is part of the intent of wreaking havoc. Crude bombs are much easier to build than smart bombs, and crude malware is easier than precision-targeted vectors like Stuxnet. --Prof. Larry Constantine (pen name, Lior Samson)

VytautasB
VytautasB

Yes, a "cyber cold war" of sorts is underway and getting worse as can be seen from the increased tempo of discovered attacks. Have to consider that there is probably much underway that is yet to be or may never be discovered. What is worrying is that if this is a problem of malicious activities of states there is very little attention being given at the international level. This issue needs to be taken up more actively by international organisations where states are represented. It is not enough for these organisations to focus on cybercrime and terrorist use of the Internet.

Mike_th
Mike_th

this is becoming a bit like the arguments over "What is Air Power" until about 1942. Electronic tools have been used to observe and report for a long time. at what point does a knife change from a cooking tool to a weapon? it is all in how the tool is used. if the knife is cutting food it is a tool. if the knife cuts a person it is a weapon. so, if an electronic tool attacks someone or something belonging to someone else it is a weapon. the damaging of another countries Internet, Banking, Power, Communications, or Nuclear Refinement are all attacks. Radio Jamming has been in use for a very long time. if the Radio Jammer is strong enough the receiving radio can be damaged. if someone reroutes all web site traffic to a Banks web site would that not be an attack? so why wouldn't the tools used for the attack be called weapons. during an air war attack communications, and power generation sites are hit with bombs. what if, these systems were disabled using electronic tools. wouldn't the tools used to disable the infrastructure sites be called a weapon? if the site is blown up, that is an attack taking days to repair. if the site is unavailable for 2 hours wouldn't that also be an attack? just like a knife can be a tool or weapon, programing code can be a tool or a weapon. it just depends on how item is used.

JCitizen
JCitizen

because I've been in a "cyber-war" since 2006. The threatscape changes by the minute. If one isn't anticipating the next move by this reality, you can find your self in hot-water very quickly. For some targets of opportunity by these criminals; I'm not sure even I am up to snuff in defeating their purpose; my clients literally start showing signs of PTS, once they see how thoroughly frustrating this fight can become!