When Geeks Make War
Cyberwar and related issues have been in the news lately. Since the cyber attacks on Estonia during the Russian invasion of 2007 (see here and here) the topic is popular. Maybe even almost sexy.
Since there are lots of news articles lately (mostly without much substance, but there are a few links at the bottom of this post if anyone’s interested) I’ve been giving the subject some thought. The first thing I think about it is that fears are somewhat overblown. To date, I am not aware of even one confirmed case of a cyber attack actually killing anyone. That’s what war is about, remember. Even in Estonia, the cyber attacks were much less of an issue than the Russian tanks.
This doesn’t mean cyberwar can’t cause problems, including problems for the military. Cyber attacks can be used to target communications, to block (or alter) global positioning systems (see this report) and possibly change the behavior of critical infrastructure items like dams and nuclear power plants. In the near future it may be able to cause traffic jams or accidents, make hospital systems go haywire, redirect ships and planes and many other potentially devastating things. At least those are some of the potentials. Fortunately, none of that potential has yet been reached.
Yet.
The second thing I think about cyber attacks is, how do you make sure to get the most (virtual) bang for the buck? Not, how do you know if your yber attack worked, but how do you know how well it worked?
In non-cyber war, there is always uncertainty about results. The enemy doesn’t send you an email saying, “That last bombing raid killed 47 people, wounded 24 more and crippled 11 tanks. Thanks for the memories.” So you have to estimate results. In the cyber world, as with nearly everything else computer related, there is probably the chance to acquire and analyze much more data than in the real world.
Simple example. The enemy has a web site (it can be any enemy. Doesn’t even have to be countries at war. Companies can do cyberwar, too. It’s cheaper than regular war, you know). It’s a site that they use to get updates on emergency procedures. So if you bring it down, there will be increased confusion when the emergencies happen. They could be physical emergencies (tanks) or cyber emergencies (every traffic light in the country has just been turned green and then the controlling computer frozen).
The attack is going to be a denial of service attack. We want the web site to be unavailable. That’s great. Lots of people know how to do DoS attacks. But how many people probe the web site response times every 10 seconds for a week, starting before the attack and continuing until it is over? Hackers might be satisfied with “We brought the sucker down, dude!” But warriors need to know how far down (did it freeze completely or was it just really slow?) and for how long. They may also want to see exactly when the enemy responses begin to kick in (router rules can often be used to mitigate this kind of attack) and alter the attack method to compensate,or maybe abandon it and devote the resources to another target.
See, cyberwar isn’t just hacking for your country. It’s WAR.
Being a lifelong computer geek, I find this idea of measuring the effect on the targets extremely interesting. Just for something to do (that’s just a figure of speech. I have plenty to do!), I designed a small program to repeatedly get the load time from a web site and log it to a database, with a running analysis of how much it is degraded from some pre-determined baseline (cyberwar requires reconnaissance just like regular war) with (fake) recommendations to add servers to the attack stream if the load time is too fast.
Web site load time is the easy metric. How much email has been degraded takes much more sophisticated measures. Tracking the damage done by targeted viruses and trojans (oooooh! Cyber “bio” war!) is going to be more interesting. Malicious code of that kind can be programmed to”phone home” but that increases the likelihood that the victim of the attack will find out where home is and launch a counter attack. Therefore, gathering information must be done carefully.
Information gathering can be done in a lot of ways. There are companies that will gather information from blogs, Twitter and similar web sources to tell you what people think of your company. Such sources could definitely be adapted to gather information about an attack. The trick is having something where you can just enter some attack parameters, rather than re-writing half the code for every attack. This is the computer age. You want to automate as much of the work as possible.
The eventual goal is to combine several of these measures and show a single view of how badly the target has been hurt. A damage dashboard, if you will.
If anyone would like to give me a grant to work on this rather than just theorizing, please get in touch. All offers will be seriously considered. Who knew cyberwar could be so much fun?
Recent cyberwar news links:
- In National Journal, a brief history of the known state of cyberwar today (meaning there doesn’t seem to be any juicy classified info in this article).
- 2009 report from the U.S-China Economic Review Commission. China has a reputation for being a leader in cyber-espionage, mostly for economic reasons, though they are interested in everything.
- Here’s a short item about plans by South Korea to formally get involved in cyberwar (mostly to defend themselves against the North Koreans).
- An intelligent and informed analysis of the possibilities of a strategic cyber attack on the U.S. Hint: The odds aren’t as favorable as they used to be.
That should be enough to get people thinking about what cyberwar means. Personally, I’d like it to mean that I will be gainfully employed (at a very high pay rate) for as long as I want. In other words, I want it to stay fun.
A guy can hope.
linkedin
Technorati Favorites