Cyberwarfare

From SI410
Jump to: navigation, search
Back • ↑Topics • ↑Categories


Cyberwarfare refers to politically motivated hacking to conduct sabotage and espionage.[1] It is a form of information warfare sometimes seen as analogous to conventional warfare although this analogy is controversial for both its accuracy and its political motivation. In the United States military, the United States Air Force Space Command is responsible for cyber warfare[2]. Because of the nature of cyber warfare and the extreme difference between it and more 'traditional' forms of warfare the ethics of cyber warfare are very heavily debated.

Cyberwarfare is often used for military purposes

Background Information

Since it originated, cyberwarfare has been defined in many ways. Some of these definitions include:

  • Actions by a nation-state to penetrate another nation's computers or networks for the purposes of causing damage or disruption
  • The fifth domain of warfare

Cyberwarfare has transformed into a very common way to attack other nations in war time today. The U.S. Deputy Secretary of Defense, states that "as a doctrinal matter, the Pentagon has formally recognized cyberspace as a new domain in warfare, which has become critical to military operations as land, sea, air, and space." In May 2010, the Pentagon set up its new U.S. Cyber Command, to defend American military networks and attack other countries' systems.[3] Other nations are quickly following in the United States footsteps to set up national cyber security.

In 2009, President Obama warned that cyber intruders (specifically China and Russia) have probed the United States electrical grids. Motivations behind a cyber-attack on a nation's electrical grid system would include to disrupt the economy, distract from an actual military attack, and create a national trauma[1]. It has been acknowledged that the nation's system is very vulnerable to attack, and as a result, utility companies are treated as a government agency of sorts. A possible solution to addressing these shortcomings would be to implement appropriate security measures during the installation of new Smart Grid systems, that are occurring nationwide over the next decade.

Methods

Espionage

Espionage is the act of obtaining sensitive information from someone for an advantage illegally exploiting said persons or groups, often over the internet. When the opposition finds breaches in the security, they can easily obtain and alter classified information from anywhere on the globe.

Sabotage

The United States military is among the most technologically advanced militaries in the world. Many operations incorporate computers and satellites, normally for some type of communication. These operations are the most vulnerable and susceptible to breaching. Communications can be intercepted by enemies, and enemies can replace messages, with orders of their own. Security breaches have gone far beyond stolen credit card information, and reached the electric power grids, and even the stock market. A recent example of this, was in July 2010, when security experts discovered a malicious software program called Stuxnet that had infiltrated the factory computers of the company Siemens and had spread around the world. The worm was one of the most complex pieces of malicious software to date, exploiting numerous Microsoft security holes, spreading itself in a myriad number of ways, targeting specific hardware control software of a specific brand, and hiding itself insidiously. Around 60% of the infections occurred in Iran, and it has been speculated that not only was Stuxnet the work of a nation state (based on it's complexity) but was intended to disrupt Iran's Bushehr nuclear power plant or the uranium enrichment plant at Natanz.[4]

Motivations

There are vast motivations for nations to partake in Cyberwarfare, these motivations include: Military advantages, civil advantages, and private advantages.

Military

General Keith B. Alexander, head of the United States Cyber Command (USCYBERCOM), recently told the Senate Armed Services Committee, that computer network warfare is evolving rapidly, and there is a mismatch between our technical capabilities to conduct operations and the governing laws and policies. The USCYBERCOM focuses on attempting to find and neutralize cyberattack to defend military networks. This is important because all military operations are documented on a server. If an outside source has access to these classified, secret, and top secret records, the United States will be in grave danger. Not only are all operations documented, but all command and control systems at military headquarters, air defense networks, and weapons systems require computers to operate.

Civil

Potential targets in internet sabotage include all aspects of the Internet from the deepest parts of the semantic web, to the internet service providers and the varying types of data communication and network equipment. Cyber targets in the civilian sector include: servers, information systems, client servers, communication links, desktops and laptops, electrical grids, and telecommunication systems. This is seen anywhere from stealing credit card information to emailing someone a virus to kill an entire computer, to exploiting a large company.

Private

Computer hacking is no new development, and occurs quite often, with quite ease, yet is often overlooked. According to McAfee's George Kurtz, corporations around the world face millions of cyber attacks a day, most don't gain any media attention, or lead to strong statements by victims.

Counterintelligence

Counterintelligence is defined as measures to identify, penetrate, or neutralize foreign operations that use cyber means, as well as foreign intelligence service efforts that breach security.

The reality of cyberwarfare has become very apparent, and since, the United States has taken many precautions to protect the nation from attack.

  • 07 April 2009, The Pentagon announced over $100 million in spending in the last 6 months to repair damage from cyber attacks and other computer network problems.
  • 09 February 2009, the White House announced that it would conduct a review of the nation's cyber security to ensure that the Federal governments cyber security was properly managed.
  • 2009, cyber war was waged against Estonia, NATO established the Cooperative Cyber Defense Centre of Excellence in order to enhance the organizations cyber defense capability.

Reality

  • Cyberattacks on Estonia refers to a series of cyber attacks that began April 27, 2007 and swamped websites of Estonian organizations, including Estonian parliament, banks, ministries, newspapers and broadcasters, amid the country's row with Russia about the relocation of the Bronze Soldier of Tallinn, an elaborate Soviet-era grave marker, as well as war graves in Tallinn.[5]
  • Titan Rain was the U.S. government's designation given to a series of coordinated attacks on American computer systems since 2003. The attacks were labeled as Chinese in origin, although their precise nature and their real identities remain unknown. In early December 2005 the director of the SANS Institute, a security institute in the U.S., said that the attacks were "most likely the result of Chinese military hackers attempting to gather information on U.S. systems." Titan Rain hackers gained access to many U.S. computer networks, including those at Lockheed Martin, Sandia National Laboratories, Redstone Arsenal, and NASA.[6]
  • Moonlight Maze refers to an incident in which U.S. officials accidentally discovered a pattern of probing of computer systems at The Pentagon, NASA, United States Department of Energy, private universities, and research labs that had begun in March 1998 and had been going on for nearly two years. Sources report that the invaders were systematically looking through tens of thousands of files. Files included maps of military installations, troop configurations and military hardware designs. The United States Department of Defense traced the trail back to a mainframe computer in the former Soviet Union but the sponsor of the attacks is unknown and Russia denies any involvement. As of 2003, Moonlight Maze was still being actively investigated by U.S. intelligence.[7]

Ethical Implications

Any type of warfare contains a wide range of ethical implications. Cyber attacks are extremely difficult to trace and thus the use of online anonymity makes it easier for individuals and/or countries to get away with these attacks. The anonymity in the online world makes cyberattacks and cyberwarfare tougher to detect and deal with. The effects of cyber warfare can be extremely detrimental to a business, country, and economy and therefore from an ethical standpoint are extremely controversial, just like all types of warfare.

Because of the many downfalls of cyberwarfare attacks, including the lack of reusability, non-permanent aftereffects, and difficulty in targeting, the military can develop a criteria for identifying cyberwarfare in "ethical" situations. The criteria are still hard to judge because the damage from cyberwarfare is compromised data - which is largely hidden from attackers. According to a formula based on an average of seven factors: severity, immediacy, directness, invasiveness, measurability, presumptive legitimacy, and responsibility [8], the hostility of a cyber attack can be determined. However, the level of hostility does not prevent an ensuing "counter-attacking" phase, which follows most cyber attacks and can end up to be very costly.

Although in situations of challenging ethics, such spamming an oppressive government's website, the damage may not end in exposing its citizens to different kinds of propaganda, but also in corrupting software systems and its connected entities within a network. Despite the apparent "good intentions" of cyber attacks, criminal damage is caused, from any perspective.

See Also

References

  1. 1.0 1.1 Wikipedia:Cyberwarfare
  2. Lackland chosen as cyber numbered Air Force headquarters, 15 May 2009 www.af.mil
  3. "United States Cyber Command." Wikipedia, the Free Encyclopedia. Web. 06 Oct. 2011.
  4. Stuxnet worm 'targeted high-value Iranian assets', Jonathan Fildes, 23 September 2010 www.bbc.co.uk
  5. 2007 Cyberattacks on Estonia
  6. Titan Rain
  7. Moonlight Maze
  8. Rowe, Neil C "Ethics of Cyberwar Attacks" http://faculty.nps.edu/ncrowe/attackethics.htm
Back • ↑Top of Page