Is the U.S. headed for a cyberwar? Actually, yes
http://reviews.cnet.com/1990-3513_7-5021272-1.html
Robert used to think the threat of cyberwar was nonexistent–but he’s changed his mind. Now he believes our country’s information infrastructure may very well be the target of guerilla warfare over the Net. Here’s why.
Earlier this year, I dismissed the idea that the United States would see an all-out cyberwar anytime soon. I have since changed my mind. I still don’t believe we’ll see a large-scale, well-coordinated offensive. But I do think small, spontaneous, politically motivated attacks are possible in the near future.
What changed my mind about the possibility of cyberwar was a series of articles by Giles Trendle, a former war correspondent who now writes about cyberterrorism. In the 1980s, Trendle covered the ground war in Lebanon and became an expert on guerrilla warfare, which is essentially what cyberwarfare is. Although his articles focus largely on the cyberconflict between Arabs and Israelis, it’s easy to see how the same type of attacks could occur elsewhere in the world, too.
Cyberwars are already here
Cyberattacks are already part of modern warfare. In the past two years, malicious users on both sides of the Arab-Israeli conflict have deployed viruses and worms, inundated government sites with huge amounts of e-mail, and launched distributed denial-of-service (DDoS) attacks on e-commerce sites. As part of the Kashmir conflict, an Indian-authored worm, Yaha, created a DDoS attack on the main Pakistani government Web site earlier this year.
One phenomenon Trendle talks about–the so-calledswarm factor–helped change my mind about the nature of cyberwar. The swarm factor describes the unpredictable ability of like-minded individuals to show up at an event, create mayhem, and then disperse. The spontaneous 1999 World Trade Organization riot in Seattle is an example of this. It’s easy to see how, in accordance with the swarm factor, a handful of politically motivated Web sites could act as lightning rods, supplying the tools for malicious users to carry out cyberattacks.
The idea that the United States’ current and future military actions could bring about aggression in cyberspace is not that far-fetched. In a recent article, Trendle cites the number of pro-Palestinian followers who see a unilateral U.S. attack on Iraq as cause to begin attacking U.S. interests online.
Cybersuicide attacks
Trendle also presents evidence that suicide attacks could be a key part of future cyberconflicts. He interviewed a pro-Palestinian hacker who made a pledge to carry out online suicide attacks. While most malicious users act with some caution because they don’t want to be identified, a suicide cyberattack could inflict greater damage because the attacker wouldn’t have to go to the trouble of hiding his or her identity.
Such a low-budget cyberwar scenario is not implausible to the U.S. government. In his video interview with CNET Radio’s Brian Cooley, President Bush’s cybersecurity advisor Richard Clarke admitted that several of our enemies are capable of attacks via the Internet. Clarke said that in the 1980s, Iraq spent hundreds of millions of dollars and employed several thousand people to build an atomic bomb. Engaging in a cyberwar would cost considerably less than that, Clarke continued, and would not require the resources of a nation state.
Advance preparation
How prepared are you–or your company–for such a cyberattack? You can find out at ZDNet’s Digital Defensespecial report. The report includes a test to discover how well you’re protected against malicious users. (If you’re not prepared, you’ll receive links to resources that can help secure your home or office.) In addition, the Digital Defense report shows the results of a comprehensive survey on enterprise security, presents three possible cyberattack scenarios, and offers advice from security experts in government and private industry.
I think we’re still years away from seeing armies of well-funded cybersoldiers plundering through our data resources. But a single malicious user can cause a lot of damage–and a handful of politically motivated script kiddies, pooling their resources, could be even more dangerous. It’s not hard to imagine how that type of individual and small-group action could escalate into a true cyberconflict.
