A hot topic in information security is cyberwar, which is the result of attacks in cyberspace. Cyberspace does not only include the Internet, but basically any kind of electronic transaction where information is exchanged. In their book Cyber War: The Next Threat to National Security and What to Do About It, Richard Clarke and Robert Knake suggest that the cyberwar has the potential to shift world military balance, therefore fundamentally changing political and economic relations. However, unlike traditional war with militaries and weapons, cyberwar is much more unpredictable and difficult to track who is attacking. Experts are considering different policies to effectively deter cyber attacks; one option the Pentagon has considered is the offensive strategy. This means preemptive strikes on presumed threats. With this strategy come two challenges: technological competency and legal authority. Of course, today’s technological capabilities will be broadened within months, but experts have pointed out the difficulties in knowing the precise configuration of the enemies’ computer from a remote location. There is added difficultly in targeting one exact computer without affecting others connected to it and therefore arousing suspicion. Another important roadblock in the offense strategy is international law. Does the U.S. have the legal authority to interfere with another country’s networks if it is not at war with that country? There is much debate revolving around the lines of national sovereignty and “covertness” of operations like preemptive strikes. Perhaps the offensive approach is not the best, but it should be interesting to see how the deterrence policy develops from here.
I also found Kim S. Nash's response to the Cyber War book noteworthy. Nash says that it is not only the federal government that should be concerned with cyber attacks, but also the corporations. Oftentimes, businesses simply rely on security software and programs that counter lower level threats. However, industries such as financial services, utilities, and telecommunications, which are the foundations of the United States’ infrastructure, should make additional investments in protecting against more devastating cyber attacks. Nash also argues that many executives have a lax mindset when it comes to matters of security. Until an attack is made and sensitive information is lost, they are not as concerned about such things. This is a critical mistake, and it would be worthwhile to protect the information the company values most, just to be safe. The task then becomes weighing the risks and determining how much protection is necessary and realistic.
Sources:
http://www.washingtonpost.com/wp-dyn/content/article/2010/08/28/AR2010082803849_2.html
http://www.newsweek.com/blogs/we-read-it/2010/04/26/cyber-war-the-next-threat-to-national-security-and-what-to-do-about-it.html
http://www.computerworld.com/s/article/9182783/Richard_Clarke_Preparing_For_A_Future_Cyberwar?taxonomyId=17&pageNumber=1
Posts
This year US has appointed its first "cyber-warfare general." Four-star general, Keith Alexander, was appointed early this year and put in command to combat over the world's computer networks. Although the government was hesitant to officially recognize the serious threat that cyberspace presents, cyberwar is a serious subject that deserves attention.
ReplyDeleteAs this blog post successfully highlights, cyber attacks are a unique and serious concern. Not only are attacks constant, subtle, and from unknown directions, but also technology is consistently changing and improving, requiring a constant and active defense.
Although there is no doubt to the reality of the cyber threat, there are some that believe that this subject is over-hyped. Due to the intangible nature of the cyber world, it is much more difficult to measure the threat and scale of the true cyberwar. Hyperboles are commonly used in order to catch the people's attention and compare cyber attacks to significant historical events, such as Pearl Harbor and Katrina. However, even though these comparisons may be over exaggerations, we must also remember the serious threat that is the cyberwar.
http://www.guardian.co.uk/world/2010/may/23/us-appoints-cyber-warfare-general
http://articles.cnn.com/2010-07-07/opinion/schneier.cyberwar.hyped_1_cyberwar-national-cyber-security-division-amit-yoran?_s=PM:OPINION
In an opinion piece I read recently, the author, David Gewirtz, thinks we (the United States) are on the brink of cyberwar. In an article claiming China to be a cybersecurity threat on both the industrial and military fronts, entitled Is China Gearing Up To Start World War III, (note the title uses the hyperbole PK talks about in his comment) it became clear that not just rogue hackers but the Chinese and Taiwanese governments themselves have actually conducted numerous penetration tests against U.S. computer systems and networks. The article continues on, giving reasons for why the United States should be worried about China starting World War III, and concludes with the idea that the U.S. would ultimately fall victim to China because of their capacity for greater success on the "Cyberwar" front. Gewirtz emphasizes China's "relatively active, organized cybercriminal community, with large groups of people conducting phishing attacks against Americans." While I think this kind of stuff would make a good suspense thriller in the box office, I don't think we are on the "brink" of cyberwar. I would agree with PK, calling it a "reality" but it's more of a reality in the way that the sun eventually dying out is a reality, and less in the way that Gerwitz describes it.
ReplyDeleteBefore reading the blog post, I never even really thought about the idea of "cyberwar". The information security course has opened my eyes that individuals are at risk, but I never thought that our entire nation may be at risk.
ReplyDeleteI'm glad to see that the United States is taking this threat seriously, based on the fact that they have appointed a cyber-warfare general (according to PK). I'm not convinced that China is gearing up for World War III against us, but I do think that terrorists may eventually attempt to launch an attack using technology.
If terrorists targeted our financial institutions, telecommunications, public transportation, etc. they could potentially cause a lot of damage. So even if it is a reality in the way that the sun eventually dying out is a reality (as Cristin suggests), we need to continue to protect ourselves from cyber attacks.