The Coming Cyberwars
What do you do if a foreign government attacks your country’s computer systems? In America we apparently throw a lot of money down a hole and then the guy theoretically in charge of defending our networks quits.
Anyone who has followed the news knows this is not a hypothetical question. For example, two years ago when Russia invaded Estonia there was a concurrent denial of service attack across the Internet on Estonian servers. This attack caused communications difficulties that may have affected the Estonia response to the invasion (not that there was ever very much they could do) and even reportedly disrupted such things as ATM transactions (See Russia’s Cyberwar on Estonia)
Recently, a story has been circulating that the Russians have admitted to being behind the Estonian attacks (See Russian politician: ‘My assistant started Estonian cyberwar’). There’s less to this story than meets the eye, though. Sergei Markov, a Russian government official, claimed recently that a deputy (who he conveniently refused to name) of his was outside Russia at the time the war began and started the cyber attacks entirely on his own, as a “reaction from civil society.” Apparently this was meant to indicate that the attacks had nothing to do with any official strategy but were a spontaneous uprising of the proletariat against the reactionary forces etc. etc.
In other words, it sounds like typical old-fashioned Soviet propaganda and just doesn’t pass the smell test. Unless the Russians really want the world to believe that low grade government functionaries often have access to destructive botnets that can be turned against any country that happens to annoy them?
This odd little piece of noise might make someone wonder what their own country is doing to protect their systems in the event of cyberwar. In the U.S. we have some news relevant to that question. Namely, in a resignation letter dated March 5, 2009 (letter), Rod Beckstrom, director of the National Cybersecurity Center (NCSC) pointed out some flaws in the current cyber defense structure. Like, the NCSC received only 5 weeks of funding in 2008. And like the NCSC doesn’t actually have a headquarters yet. According to the letter, offices were found and are ready to be rented but the NSA wanted them located on Langley Air Base – basically under the NSA’s thumb – instead.
The timing of this resignation seems strange, seeing as how the still very new Obama administration is in the midst of re-examining national cyber defense strategy (along with everything else. Did I mention it’s a new administration?). It seems likely that Beckstrom either didn’t think his job would survive the re-examination or thought it would but did not want to work under the situation that was going to come out of it (controlled by the NSA?). Or someone made him a really good offer. There’s no way to say from the information given. Keep an eye out for where he turns up next.
For reporting on Beckstrom’s resignation see Cybersecurity Chief Resigns at the Wall Street Journal. Over at DefenseTech there’s a bit of commentary that laments that the United States seems to be without a strategy for protecting the country from cyberwar and makes some good recommendations for changing that poor state of affairs (A Ship Without a Captain).
The Bush administration and the Clinton administration before it both seemed to suffer from an inability to define what they were protecting. Do we protect just the military and intelligence assets from network based attacks? What about public ones like Department of Defense websites? Does that count? And then there’s infrastructure protection. If someone hacked into the computers controlling Hoover Dam (That’s assuming there are computers at Hoover Dam. I don’t know. I’ve never been there) they could cause a disaster! And what about the Dow Jones … never mind. But there are LOTS of computer systems that control important things that should be protected.
Politics will make choosing what to defend and what not to defend very difficult. Case in point: A few years ago, I was involved a push to organize and document backup policies (I was the lead backup administrator, not a decision-maker in this process). In order to prioritize backups, managers throughout the company were asked to choose exactly which servers were business critical and which were not. Not too surprisingly (though it was incredibly frustrating at the time) EVERY server was designated business critical by someone. Apparently, all the managers had the same thought: If it’s not critical, it’s expendable. And no one wanted to be the manager of something expendable.
The same logic has certainly complicated the job of prioritizing national defense, not just in the cyber area.
To complicate things more, a recent publication by the Chinese People’s Liberation Army lists 15 modalities of what they refer to as unrestricted warfare (again, read more at the indispensable DefenseTech). The list basically reads like a list of zones where the writers believe a society could be destabilized and includes several that would be influenced by cyberwar. These include economic warfare, financial warfare (yes, they’re different), information warfare, network warfare and technology warfare. It isn’t necessary to consider the Chinese our enemies to find much to think and worry about in this document. The Chinese military has long engaged in some very creative thinking about war and reports such as the one mentioned here undoubtedly are read around the world.
Where does that leave the U.S. right now? Up the creek without a strategy. Turf fighting (with the NSA in the lead, according to Mr. Beckstrom), money and politics have interfered with any sort of coordinated protection plan. We have great strength in individuals and companies that are leading the way in studying cyberdefense (I attended a class just last night!). We have very capable people and a lot of technological know-how.
Hopefully, we’ll even get around to applying it in time.
Update
More about the NSA fighting for cyber defense turf: NSA Chief Continues Bid to Take Over Cybersecurity
By resigning it appears Mr. Beckstrom has abandoned the field to the very people he didn’t want to have it.
LinkedIn
Technorati Favorites