March 1, 2008  

Flashpoint: The cyber challenge

Cyber attacks are growing in number and sophistication

It is no secret that modern warfare is increasingly dependent on advanced computers — and no country’s armed forces are more reliant on the digital age for information superiority than those of the U.S. This is both the American military’s greatest strength — and potentially its greatest weakness.

Today, the Pentagon uses more than 5 million computers on 100,000 networks at as many as 1,500 sites in at least 65 countries worldwide. Not surprisingly, potential adversaries have taken note of America’s slavish dependence on information technology.

The Defense Department suffers tens of thousands of computer network attacks annually. Although the department is understandably cautious about revealing the success of these attacks, some of the cyber assaults allegedly reduced the military’s operational capabilities. The Pentagon reportedly logged more than 79,000 attempted intrusions in 2005 — the most recent publicly available data. About 1,300 of the attacks supposedly were successful, including the reported penetration of computers linked to the Army’s 101st and 82nd Airborne and 4th Infantry divisions. Foreign cyberspace operations are a threat that is here and now — and cannot be ignored.

Cyberspace operations, which include computer network attack, exploitation and defense, are not a new national security challenge. Cyber warfare was all the rage in the late 1990s but has faded in importance since 9/11, not surprisingly, in comparison to the threat of terrorism and the wars in Iraq and Afghanistan.

Cyber operations appeal to many state and nonstate actors, including terrorists, because they can be low-cost, low-risk and highly effective, and provide plausible deniability for the attacker, who can route operations through any number of surrogate servers across the Web en route to its target. Talk about “low-DNA” operations.

Malicious code can launch viruses, crash networks, corrupt data, collect intelligence, spread misinformation, and interfere with vital friendly military and intelligence operations, including command, control, communications, navigation and logistics. In essence, if it is wired to the Web, it is potentially vulnerable.

According to McAfee, an Internet security company, about 120 countries are involved in developing the ability to use the Internet as a weapon, not only against government networks, but also against soft targets such as financial markets and even critical civilian infrastructure. Although it is impossible to say how many raids go undetected, cyber attacks have grown increasingly sophisticated. The threat has grown from the work of curious hackers to premeditated government-sponsored operations that embrace a variety of security-related purposes.

No country is seemingly more active in cyberspace than China.

ARMY OF HACKERS According to Pentagon sources, most attacks on America’s digital Achilles’ heel originate from the People’s Republic of China (PRC), making Chinese cyber operations an issue that deserves close attention. The PRC is serious about cyberspace and has made the development of cyber capabilities a top national- security priority. China’s military planners recognize that the United States’ reliance on computers is a potential strategic weakness ripe for exploitation. The People’s Liberation Army (PLA) has reportedly incorporated cyber warfare tactics into military exercises and created schools that specialize in it. The Chinese military is also hiring top computer-science graduates to develop its cyber warfare capabilities, literally creating an army of hackers.

According to an annual report of the congressionally mandated U.S.-China Economic and Security Review Commission (USCC): “The Chinese realize that they cannot win a traditional war against the U.S. and are seeking unorthodox ways to defeat the U.S. in any such conflict … while building up their military power to eventually match or exceed U.S. military capabilities in East Asia.”

China’s plan is to develop asymmetrical warfare weapons, including so-called “assassin’s mace weapons” that will allow the PRC to balance America’s existing military superiority in Asia. These weapons include cyber tools for use across the electromagnetic domain. According to the USCC, the PLA’s cyber warfare hit list is expansive, including “forward-based command, control, communications, computers and intelligence (C4I) nodes, airbases, aircraft carriers, and sea- and space-based command-and-control platforms.”

Describing what could be called a new “arms” race — this time in cyberspace — a Pentagon assessment states that China’s military regards offensive computer operations as “critical to seize the initiative” in the first stage of a conflict.

Beginning in 2003, Chinese cyber reconnaissance has become so common in the Defense Department computer networks that the Pentagon created a program, which became known as “Titan Rain,” to collect data and work the problem.

Industrial espionage against government and private defense research, development and production efforts is also a priority for Chinese cyber spies, cutting costs and time in support of Beijing’s massive effort to build up its military and develop a world-class defense industry.

It is not just the U.S. the Chinese have in their cyber sights. Over the past year, the United Kingdom, France and Germany have pointed an accusatory finger at China for attempting to infiltrate — or successfully penetrating — their diplomatic or defense establishment’s computer networks. Beijing is also looking for cyber dominance over other key potential regional rivals, such as New Delhi, Moscow, Seoul, Tokyo and cross-strait rival Taipei. China’s increasing aggressiveness and ability to infiltrate the computer networks of key countries is setting off alarms across the security establishment, and rightfully so.

UNRULY RUSSIA Russia is believed to be developing significant cyberspace capabilities, too. Indeed, in April 2007, a massive cyber attack on the tiny Baltic state of Estonia by Russian hackers demonstrated how potentially catastrophic a pre-emptive digital strike could be on a developed nation. Pro-Russian hackers, some likely associated with the government, attacked numerous Web sites in neighboring Estonia — one of the world’s most wired countries — to protest the controversial removal of a Soviet war memorial located in the capital, Tallinn. The hackers brought down government and other Web sites, including the office of the president, the parliament, political parties, banks, news organizations and communications firms, using denial-of- service attacks, in which a server is bombarded with so many bogus requests for information that it overloads and crashes.

Some of the attacks came from botnets — chains of perhaps thousands of zombie computers that have been hijacked by the malicious code of cyber pirates and linked together to take part in raids, often generating large volumes of spam, with or without their owners’ knowledge.

Interestingly, a number of Estonian commentators wondered whether their defense ministry should have called on NATO to invoke Article V’s collective defense provision. An interesting point, but for the moment, NATO does not seem to view cyber attacks as a military action.

Estonia has not been the only victim of an alleged Russian cyber attack. Moonlight Maze is the name given to series of coordinated attacks on Pentagon computers going back to the 1990s that may have originated in Russia, possibly compromising sensitive national security data.

The Russians see cyber dominance as central to warfare. At a recent conference, a senior Russian general said victory in future conflicts will be decided by suppressing the opponent’s military and state institutions through information technologies.

But it is not only major powers that are using cyberspace to advance their political-military objectives. Terrorists are all over the Internet, too. They use the Web to recruit, communicate, share information (such as bomb-making), relay threats, seek publicity for their cause, spread propaganda or gather publicly available information for target development. Terrorists also effectively use the Internet for fundraising — from both witting and unwitting donors. Terrorists, like cyber criminals, will use Web scams such as phishing to obtain private information such as passwords, while acting as a legitimate entity, to line their pockets.

The Internet offers terrorists a multitude of advantages in waging their unconventional warfare: mobility, flexibility (if hacked or shut down by an Internet service provider), world-wide coverage with huge potential audiences and high-speed communications. Some Islamist hackers have promoted the notion of carrying out electronic jihad against infidel civilian infrastructure, economic and military targets. Serious attacks in which cyber terrorists take innocent lives via the Web in an effort to advance their cause may become reality in the future.

In testimony to Congress in March 2007, Gen. James Cartwright, commander of U.S. Strategic Command, said: “America is under widespread attack in cyberspace. … [T]he magnitude of cost, in terms of real dollars dedicated to defensive measures, lost intellectual capital and fraud, cannot be overestimated, making these attacks a matter of great national interest. Unlike the air, land and sea domains, we lack dominance in cyberspace and could grow increasingly vulnerable if we do not fundamentally change how we view this battle space.”

State-sponsored and terrorist cyberspace efforts provide a cautionary tale to U.S. and other policymakers. Although many governments have devoted significant resources to cyber security, recent intrusions clearly demonstrate cyberspace vulnerabilities.

A digital Pearl Harbor is by no means a certainty. But cyberspace is increasingly important to American national security — and complementary to the broad spectrum of modern warfare. The time to take heed of this challenge is now.