Cyber Warfare – Fear is the Real Threat
Lately cyber warfare has become a popular phrase. I’ve come across reports and news items stressing the importance of protecting ourselves against this vicious threat; however, such coined phrases often make the situation sound worse than it is.
What is cyber warfare?
Cyber warfare is generally understood to mean a foreign nation trying to cause damage or disruption to another country through the misuse of computer systems; however, in my opinion this is no different to a situation that we’re constantly living in.
Cyber warfare is not some hypothetical World War III scenario; it describes everyday reality and I believe that what needs to be done to combat it is what we should already be doing, that is, securing any systems under our care. There is certainly no need for the virtual equivalent of weapons of mass destruction, yet this is exactly what is happening.
Recently the United States Senate approved a plan to provide the President with an Internet Kill Switch. A recent survey conducted by Unisys suggests that 61% of Americans believe the President should have the power to kill off portions of the internet in the event of an attack. To me this effectively means that the President can legally shut down whatever he wants, whenever he wants.
Why whenever?
Because attacks happen all the time. Just look at your server logs, you will see 10 – 20 probes each day, password guessing attempts as well as scans for known exploits. Cyber warfare is not a hypothetical doomsday scenario, it’s everyday life.
Another important point is that an internet kill switch doesn’t make much sense in any case. Starting from the basics, critical systems such as computer systems controlling power plants should not be hooked to the internet. There are proper operating procedures, and critical systems shouldn’t be accessible online by just anyone, they should be segregated to their own closed network. If you require remote connectivity, use dedicated lines. Cutting America off from the rest of the world in the event of someone gaining unauthorized access to the system is both a bad idea and a futile one.
Why futile?
Well, if I am trying to damage the infrastructure in warfare I don’t need a persistent connection to my target, the minute I gain access I am done. I can do all sorts of things, from unleashing malware to simply deleting everything I have access to. This is not a sustained shelling that stops the moment the kill switch is engaged. Such attacks need to be prevented before they have a chance of even occurring. By cutting yourself off after the event just makes repairing things more difficult.
Personally I believe that addressing a threat such as Cyber Warfare is no different to what should be done to protect any country’s infrastructure. Does it matter if the power grid is disturbed because of an attack by a foreign nation or if it is disrupted because a local kid looking for fame tried to gain access and cause damage unintentionally? Of course not.
Ultimately what you’re interested in is a stable uninterrupted service and that’s something you achieve through proactive action, proper designs and effective policies, not through a switch that when pressed will suddenly isolate you from the rest of the world.
Emmanuel makes a valid point. Security should never be a response to an incident but a proactive exercise at preventing incidents from happening in the first place. Cyber warfare is all around us and has evolved from the lone hacker trying to deface a website or bring a server down, to malware creators seeking to make a quick buck by defrauding inattentive computer users, to large scale cyber attacks by groups of individuals, often from a particular country. What really has changed is the scale and scope but not necessarily the methodologies used.
The Kill Switch may be a knee-jerk reaction and a response that cyber terrorists/criminals actually are seeking. If, hypothetically speaking, the US were to cut off the internet, imagine the impact that will have on the business community that DEPENDS on internet connectivity to do business, particularly those who thrive in an e-commerce environment. Cyber criminals want to cause disruption and forcing the president (or anyone in authority) to deploy a Kill Switch will mean they have achieved their target.
I agree completely. We don’t need a tool to use if our systems are attacked, we need solutions to prevent such attacks in the first place. It’s no secret that the government has done a very poor job securing critical network infrastructure, and that should worry us all.
Cyber warfare and cyber terrorism are now more relevant than ever before. With controversy circling China on their supposedly “unintended” pilfering of data over cyberspace, it seems that the boundaries of actual “acts of war” are beginning to blur. What’s the difference between bombing a village, and disabling the water, electricity of a whole city? The stealing of paper documents in the president’s file from stealing file’s from the president’s documents? Information is ammunition, they say. But now it turns out that the information is the gun.
I am not sure I agree Patrick. In the sense that data sniffing is not something that has just started to occur. Occasionally we hear stories, like the one when China redirected some 15% of the world traffic through its server potentially allowing it to spy on that traffic. Maybe it was a simple routing table error like they claim or maybe it was done intentionally. The problem is this is not something new; before this there was the Echelon project created in the 1960s to spy on Russia and subsequently used to monitor Internet traffic. It’s allegedly run by Australia, Canada, New Zealand, the United Kingdom, and the United States and in the 1990s a controversy ensued because journalists claimed Echelon was being used for industrial espionage. Regardless, sniffing is a threat which every business faces, it doesn’t need to be from powerful political entities or terrorists, it can be attempted by hackers, competitors or even your own employees.
To cut it short, I think these are all attacks that one should already be protecting against regardless of terrorism.
I have to agree with Emmanuel about data sniffing being as old as data itself. The access to the proper tools to sniff out particular and critical points of data are now just a purchase away, if you know where to look. However, Patrick makes a good point about the boundaries of actual real-world warfare beginning to blur. However, I still think we’re leagues away from equating data theft with bombing a village.
Incredibly interesting tidbit about the president and his rumored “kill switch”. Although I can see the tangible security benefits of having a human-issued override for the internet in general, putting it under the sole power of a single individual (president or not) seems to be a frightening concept.
Am I the only one getting the feeling that it’s like having access to a nuclear warhead, but this time, the only viable targets are completely online?
It certainly is a frightening concept and personally I am not so sure about its value either. Chances are by the time you know you need to use such a kill switch it will be too late and all you’ll be doing is hindering yourself and your infrastructure.
It depends how widespread such a kill switch will affect obviously but to be really effective I would imagine such a kill switch would need to isolate all of America from the rest of world. In terms of destructiveness it would probably be more then a nuclear warhead. At least it’s environmentally better since flipping the switch back will at least get things back to normal without any harmful radiation lingering for years to come.
As cliché as it may sound, I do agree that fear is a real threat when it comes to any sort of far reaching endeavor (and in our case, security). Fear can prove to be both paralyzing and demoralizing, pushing us to take on security practices that may prove to be too drastic, impractical and in the end; highly ineffective. Although the fear of being attacked and exploited is a common motivation to be better secured, the motivation should neither be crippling or counterproductive.
It’s hard to believe that over 61% of Americans approved of a single individual to have full control and authority on the internet. Whether he’s the local server maintenance guy or the President of the United States, I don’t believe any single individual should have access to that much power. Granted, it’s a measure for international security, but isn’t a bit ridiculous to be surrendering such blatant liberties for the sake of security?
@warren
I can understand the analogy, but I think comparing an internet kill switch to a nuclear warhead is a bit of an exaggeration. If you think about it, the purpose of an internet kill switch is to prevent further damage during a cyber attack on the nation’s online infrastructure. This manages to working functions intact while the attacker is kept at bay by other systems (which may or may not be physical). It isn’t an act of retaliation by any means. It’s simply a defensive mechanism.
@Cheryl – You’re right it needs to be a balance. The importance here is perspective really. Cyber warfare for me is losing that perspective and taking the existent threats to a whole new level that is really not necessary.
@Elbert Gelton – I agree. No one person / organization should have such power. The infrastructure should ultimately be able to defend itself. Personally I do not believe centralized intervention is needed. If some of the IT infrastructure is under attack it should be quite capable of defending itself even by cutting outside access if required. It should be the victim that controls the response to the attack however.
@Gary – I am not sure I can agree with you. You’re right in that it’s a defensive mechanism and not an offensive one or a retaliation, but I am not so sure that it prevents further damage. Obviously I don’t know when such a system is going to be developed (if ever) but unless it’s nationwide I doubt it will be effective. Disconnecting the US from the rest of the Internet provided it is indeed nationwide will, in my opinion, be more damaging then any attack. Furthermore it introduces a huge security risk in that anyone intent on disrupting IT operations in the US need only launch an attack to trick the victim into triggering the kill switch. In essence a clever attacker intended on disruption might achieve his goal by exploiting the country’s response to an attack rather than depending on the success of an attack, which in most cases is pretty limited.
The question is rather if there is no other alternative to the Internet kill switch. This is just too brutal – are we that powerless to need it? Or as Emmanuel Carabott points in the last comment: “Disconnecting the US from the rest of the Internet provided it is indeed nationwide will, in my opinion, be more damaging then any attack.” In other words, the use of this not-so-hypothetical kill switch will do more damage than hackers could inflict! This is simply ridiculous!
@Bruce Personally I cannot think of any scenario in which such an action will ever be needed. Even in organizations that do not have skilled security personnel, in the case of an attack they will still easily be able to disconnect themselves from the Internet should it come to that; they don’t require the whole country to block Internet for them.
I can only assume that the reasoning behind such an idea is that if the country is under attack by a foreign country who have infiltrated key government/military infrastructure and are actively stealing confidential information and the victims aren’t taking action (possibly because they have not realized the theft is occurring) a central government agency might be tasked with monitoring that no confidential data is being stolen, and therefore could hypothetically take swift action rather than having to contact the victims and mobilizing them to act. However, if this is indeed the case, it would still be an overkill. I would imagine that if they can detect such action, then they can block it too; no need for a wide net.