Cyberwarfare: World War III or Exaggeration?
In a traditional sense, there are four domains of war: land, sea, air and space. However, some now believe there is a fifth domain: cyberspace.
Imagine you are midflight on an excursion across the country when every plane in the sky looses contact with air traffic control. Imagine the chaos that would ensue and the lives that would be lost.
Or consider another scenario in which outsiders shut down tech-reliant Wall Street, or worse, interrupt stock exchanges worldwide. What if hackers could disrupt the electrical grid, compromise military technology or disable oil refineries and gas pipelines?
Some call it gross exaggeration, sensationalism and even fearmongering. But to many, the threat is very real. These scenarios could all, theoretically, be accomplished if enemies were to implement so-called "logic bombs," a piece of code intentionally inserted into a software system that can set off a malicious function when specified conditions are met.
And it has happened before. In Estonia in 2007 and Georgia in 2008 cyberattacks shut down most of the country's websites, including those of the parliament, ministry of foreign affairs, banks and newspapers. Many blamed the Kremlin for the attacks, but they could only be traced to independent Russian cybercriminals.
More recently, an attack was launched on Google, Adobe and dozens of other high-profile companies using never-seen-before tactics that combined encryption, stealth programming and an unknown hole in Internet Explorer, according to anti-virus firm McAfee. The primary motive for the attack, Google concluded, was to hack into the email accounts of Chinese human rights activists.
A more frightening example of a potentially devastating cyberattack involved the U.S. military. In 2008, an infected flash drive was inserted into a U.S. military laptop at a base in the Middle East. The bug spread undetected on both classified and unclassified computer systems, exposing highly sensitive information to an unknown adversary. As Deputy Secretary of Defense William Lynn wrote in the October issue of Foreign Affairs, "this previously classified incident was the most significant breach of U.S. military computers ever."
It is hard to believe, but something good did come from that attack: the formation of the United Sates Cyber Command (Cybercom), which was established in May and reaches fully operational status this month. A division of the United States Strategic Command, Cybercom is led by four-star Army General Keith Alexander and enlists 1,000 elite military hackers and spies to safeguard the U.S. military's critical information systems.
In another move to protect America in the cyberspace, the Senate Committee on Homeland Security and Governmental Affairs introduced a cybersecurity bill in June called Protecting Cyberspace as a National Asset Act (PCNAA). The bill has been likened to an internet "kill switch" because it grants the president the power to disable private sector or government networks in the event of a cyberattack that is capable of causing massive damage or loss of life.
Also in June, the National Security Agency announced it was launching a program dubbed "Perfect Citizen." The initiative would rely on a set of sensors deployed in computer networks for critical infrastructure such as the electric grid, nuclear power plants, subway systems and air traffic control networks.
These security measures come as a relief considering many publications have recently reported that U.S. intelligence officials have grown increasingly alarmed about what they believe to be Chinese and Russian surveillance of computer systems that control the electric grid and other U.S. infrastructure.
Not everyone agrees about the severity of the threat, however. Bruce Schneier, a security expert and author of several books on internet security and cryptography, says "the entire national debate on cyberwar is plagued with exaggerations and hyperbole." Whatever the case, it is better to be prepared than suffer the consequences of a cyberdisaster that not only has the potential to derail business, but could expose the military and major U.S. infrastructure to drastic interruptions or, worse, paralysis.
Emily Holbrook is editor of Risk Management.