Cyberwar. It's very definition is cause for controversy among security specialists. Some argue (like this entry in the Journal of Strategic Studies) that the term is misleading, as there are no cyber security incidents that can qualify as "war" on their own. Others, like the U.S. government, have recognized cyberspace as a "new domain in warfare" and to underscore the point, the U.S. Air Force is now requesting technology concept demonstrations for "cyberspace warfare operations". And last summer, the Pentagon released its official plan for operating in cyberspace ( see John Joyner's analysis, "The next battlefield: Cyberspace and military readiness").
Regardless of the "official" definition, it's hard to argue that there is an increasing amount of cyber security incidents that seem to point at being orchestrated or sponsored by nation states to further their agendas:
- The cyber security attacks on Georgia blamed on Russia "cyber criminals" in 2008 during the South Ossetia war.
- The Stuxnet worm, dubbed "the Hiroshima of our time" by some, allegedly created by a joint US-Israel operation targeting Iran's Natanz nuclear facilities in 2010.
- Reports of hacker groups linked to China's Army breaching a number of governmental organizations, including the Immigration and Refugee Board of Canada, the International Republican Institute (IRI), the European Union, and many more in 2011.
- The recent malware attacks on Saudi Aramco (the world's biggest oil producer, based in Saudi Arabia) and at RasGas (a Liquefied Natural Gas company based in Qatar) that could be a copycat attempt to evoke memories of the "Wiper" attacks on computer systems in the Middle East (that eventually led to the discovery of the "Flame" malware).
The list goes on and on, with incidents ranging from the infamous "Operation Aurora" attacks on Google and other companies, blamed on the Chinese government, to Iran boasting of having the world's second-largest cyber-army. One common denominator of all these incidents is that they can be safely classified as Advanced Persistent Threats, where the attackers appear to possess very large amounts of resources, such as incorporating multiple zero-day vulnerabilities (as in the case of Stuxnet) or staging complex multi-stage attacks (such as breaching RSA in order to later attempt an attack on Lockheed Martin and other users of RSA's stolen information).
What we are witnessing can probably be more accurately described as a Cyber Cold War. Just as the Cold War between the United States and the Soviet Union featured little direct military action, this Cyber Cold War so far has not produced incidents with enough hard evidence that could escalate to military responses. Unlike conventional military incidents, placing responsibilities on cyber security incidents can be very tricky and appropriate responses to such incidents could prove to be even trickier. And just like the previous Cold War, there is plenty of espionage and sabotage involved.
Perhaps the most worrying development in this scenario for security professionals is the cyber arms race that can be exemplified by the lucrative market for zero-day exploits. Researchers willing to sell these exploits to the highest bidder (usually not the vendor that can create a patch) and governments hoarding them to use against their "enemies", create a situation where the average user is kept vulnerable to maintain the value and usefulness of these "weapons".
The cards appear to be stacked against the security professionals tasked with protecting their organization's sensitive assets, facing adversaries with potentially vast resources at their disposal. Hopefully however, all these incidents can serve to raise awareness that we need to be prepared. Defending against these threats is no more different than securing our networks against the traditional cyber crime and hacktivists that have gained the spotlight in recent years. IT and security pros are innovative, resourceful, and more than capable of facing these challenges.
There has been a lot of hype about the threat of cyber warfare and the potential for harming critical infrastructure, with some officials saying it is already upon us, and other experts disputing that conclusion ("Think Again: Cyberwar" by Thomas Rid, Foreign Policy). Do you agree with the Cold War analogy? Take the poll and choose the closest "answer" that reflects your attitude, and feel free to explain more in the comments.
I am a technology specialist with over 10 years of experience performing a variety of corporate IT functions, including desktop and server operations, application development, and database administration. My latest role is in information security, focusing on multiple areas including log management and security incident investigation and response.