By Daniel Udo-Akang, Ph.D. Candidate,
The world has changed. Prior to September 11, 2001 attacks on the United States, many people around the world were expressing doubts about the capability of terrorists. The 9/11 attacks undoubtedly changed the mindset of Americans and the global approach to homeland security. It caused the discussion and deliberation on terrorism to gain a renewed attention. In the aftermath of 9/11, the U.S. Congress overwhelmingly authorized the President to use all necessary force against nations, groups and individuals responsible for the tragic events.
President George Bush encouraged Americans, the law enforcement and intelligence professionals to take advantage of varieties of technology to circumvent the capabilities of terrorists. Modern technology has turn out to be the state’s worst enemy. Events at home and abroad are interconnected and move very quickly, driven by rapid technological change and international communications. The emergence of the Internet and other technology resources has defiled the secrecy of intelligence and intelligence tools around the world. For example, modern cell phones and iPAD are built with cameras, Internet, electronic communicator, text message, and electronic mail capabilities using satellite transmissions to communicate information to every corner of the world, defying intelligence eavesdropping and wiretapping.
Although modern technology has brought with it many blessings and comfort, the conveniences have come with devastating consequences. Information technology, and indeed, the cyberspace drives business and enhance terrorism. Business transactions, government operations, homeland security, and national defense of any nation are conducted in the cyberspace. The growth of Internetworking systems, devices, and operations indicates that cyberspace is an indispensable tool embedded into an increasing number of industrial and organizational capabilities. Thus, the security of the cyberspace is an extraordinary challenge. In the past two decades, threats to cyber systems have continued to rise dramatically. Every country is acting to reduce its vulnerability to cyberspace exploitation. Yet, malicious cyber activities targeting computers and networks associated with nations’ critical infrastructures have become an irresistible warfare.
Cyberwarfare and Cyber Medium
Warfare is not just about shooting and bombing; it is also about the offensive and defensive fight for information, fight to defend the network, fight to protect the data, and fight to gain an information edge. Cyberwar is one of the most challenging national security threats to many nations. A researcher, Dr. Ivan Goldberg, defined Cyberwarfare as “the offensive and defensive use of information and information systems to deny, exploit, corrupt, or destroy, an adversary’s information, information-based processes, information systems, and computer-based networks while protecting one’s own. Such actions are designed to achieve advantages over military or business adversaries.”
Richard Clark’s (2010) Cyber War literature defined cyberwarfare as “actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption.” Although the protection of cyberspace has become a vital national interest for many nations, the maneuvering and manipulation of cyberspace by code crackers and cyber terrorists pose growing concern to military and business stakeholders. In the United States, the 9/11 attacks and the Pearl Harbor attacks on military installations on December 7, 1941, raised concerns that a large-scale cyber terrorist attack may likely occur in the foreseeable future. The network is constantly under attack. The Internet has experienced an escalated expansion in cyber economy with widespread automation of financial transactions, industrial distributed control, and the storing and sharing of information, data, and highly sensitive documents in the network. Similarly, the emergence of integrated financial systems, automated payments, and money transfer systems have given rise to cybercrime. In addition, the explosion in information storage and sharing has spawned cyber espionage against government and cyber-attacks against organizations and businesses around the world. Unfortunately, as an asymmetric warfare, there is no limit to cyber power. Rather, cyberspace is its own virtual medium and attacks are enabled by the exploitation of the vulnerabilities left by the domain designers and/or owners. The emergence of countless software and technology vulnerabilities, including numerous attacking vectors make the prevention of cyber terrorism a difficult task. Cyberwarfare involves major players and actors, such as terrorists, nations, political groups, and social activist, and other nonstate actors. Actors are always aiming to inflict destructive and catastrophic attacks upon their enemies. Such attacks may include launching of sophisticated intrusions to penetrate and exploit critical infrastructure networks of their adversaries.
Many analysts in advanced nations have repeatedly discussed the catastrophic impact of a successful cyber intrusion and exploitation of power grids, financial systems, transportation networks, oil and gas processing and storage networks, communication networks, the defense industrial base, water supply and waste water controls, and homeland security infrastructures. The effective operations of these critical infrastructures rely on the Internet, distributed control systems (DCS), supervisory controls and data acquisition (SCADA), and industrial control systems (ICS). Except for undeveloped and third-world countries, the economic prosperity, business processes, and the daily activities of government of any nation depend on the operability and reliability of information infrastructure in the context of confidentiality, integrity, and availability of data in storage, data in processing, and data in transition within the cyberspace. The networks and devices used for managing and processing financial records, hospital records, military records, supply chains, closed and open loops controls around the world also have technical convergence with malicious interface that continuously pose new cybersecurity challenges. The increasing dependence on information systems and uncontrolled access to the cyberspace makes critical infrastructure continuously vulnerable to attacks, vulnerable to disruption, and vulnerable to massive exploitation and physical damage. In a 60 Minutes interview with CBS News on November 8, 2009, former U.S. State Department official Jim Lewis stated that “in 2007 we probably had our electronic Pearl Harbor. It was an espionage Pearl Harbor,” Lewis said. “Some unknown foreign power, and honestly, we don’t know who it is, broke into the Department of Defense, to the Department of State, the Department of Commerce, probably the Department of Energy, probably NASA. They broke into all of the high tech agencies, all of the military agencies, and downloaded terabytes of information.”
Cyberwar and the Actors
Many advanced countries have committed a significant number of resources, including the development of a national strategies to gain offensive capability in cyberwarfare. China, Russia, and the United States have developed doctrines and acquire various tools in preparation for a potential cyber conflicts that may involve the hacking of network of adversaries and exploitation vulnerable domains to launch an attack. In the aftermath of the 1999 accidental bombing of the Chinese embassy in Belgrade, Chinese hackers bombarded U.S. websites in search of sensitive information regarding the attacks. Since then, cyberwar threats have been increasing, with repeated reports of espionage and attempted attack on critical infrastructures. Although those attacks rarely cause large-scale injury, loss of life, or failure of the Internet, extensive compromise and exploitation of top-level databases and national infrastructure have been reported. Estonia became the first nation to experience the crippling impact of cyber-attacks in 2007. Hackers struck down critical national infrastructures networks with a denial of service attacks that affected telecommunication, government, banking and finance activities. Estonia telephone exchanges were down for several hours and the emergency response capabilities were rendered inactive, paralyzed, and useless.
Similarly, in 2008, despite Georgia’s overall low dependence on information technology-based infrastructures, came under cyber-attacks by Russia sponsored hackers. Several websites related to communications, military, finance, and other national infrastructures were attacked by the hackers. The distributed denial of service (DDOS) denied Georgian citizens access to information regarding the existing conventional conflict. Many external media outlets reported that the Russia cyber-attacks on Georgia’s networks of infrastructures were very successful. However, Georgia authorities later discovered that at least 50 network domains associated with communication and other critical infrastructures were vulnerable and had been exploited by Russia hackers. The importance of cyberspace in contemporary warfare cannot be overstated. Many nations have overwhelmingly recognized cyberspace in their nations’ military strategies and tactics.
The past decade has experienced massive cases of cyber-attacks involving reconnaissance and espionage between nations. According to the Department of Homeland Security, the U.S. government computers experienced 5,499 known breaches in 2008, up from nearly 4,000 in 2007 and about 2,172 in 2006. In 2009, hackers in Taiwan launched an aggressive attack on 30 different organizations, including Google and Yahoo headquarters in the United States. The crackers shielded and exploited the organizations undetected, applying multiple levels of encryption with remote code execution, stealing sensitive data and intellectual properties through infected Internet sites. Although the attack was executed from Taiwan, it was anonymously staged through vulnerable systems in mainland China. Network attacks and cyber-related malicious activities for political purposes are becoming increasingly complex and critical to many nations. Many nations and terrorist organizations are developing information security and assurance resources in preparation for the growing threats. According to Beijing Zhongguo Junshi Kexue and China Military Science Journal, Chinese officials have discussed the need to build cybersecurity capabilities and develop cyber tools that will strategically position China for a lead in contemporary warfare. Prior to the announcement of a comprehensive national security strategy in 2010, the United Kingdom’s House of Commons acknowledged that cyber-attacks will remain a key aspect of future warfare and demands a transformative and proactive approach. According to The Telegraph’s Rayment, Britain was bombarded with cyber bombs from 20 foreign intelligence organizations, including France and Germany despite their relationship as allies and members of the European Union. In the aftermath of the attacks, Britain initiated a £650 million cybersecurity projects to protect UK from cyber-attacks.
In 2009, Deibert and Rohozinski of the University of Toronto and Nagaraja and Anderson of the University of Cambridge conducted investigations on cyber espionage that revealed that China had infiltrated over 1,295 government computers in 103 countries, including computers in Dalai Lama’s Tibetan exile centers in London, New York, Brussels, and India. In many instances, the anonymity associated with the cyberspace and the availability of several hacking tools make it difficult to detect network crackers on the Internet. According to a 1996 U.S. Government Accountability Office (GAO) report, the Department of Defense faced 250,000 attempted attacks in 1995. In 2006, the number rose to 6 million and 300 million in 2008 as reported by 2012 Armed Forces Journal. Despite legislations and legal tools enacted by governments around the world, cyber-attacks have been increasing exponentially.
According to Mike McConnell, former Director of National Intelligence, the United States is unprepared for cyber-attacks and the potential and magnitude of such attacks may surpass 9/11. In their book, Richard Clark and Robert Knake discuss the magnitude of “a massive cyber attack on civilian infrastructure that smacks down power grids for weeks, halts trains, grounds aircraft, explodes pipelines, and sets fire to refineries.” According to Clark and Knake, if the United States has the potential to defend the Department of Defense, who defends the rest of the population and critical infrastructures?
Recently, the British Broadcasting Corporation (BBC) reported that Chinese hackers infiltrated and exploited the World Street Journal and the New York Times information system to monitor their coverage of embarrassing corruption stories about Chinese government officials. More and more nations are establishing offensive and defensive cyber war and cybercrime organizations considering numerous hacking technologies, software vulnerabilities, and unique attack vectors.
Cyber weapons are becoming more sophisticated and many nations of the world are taking steps to defend their space, protect the portion of the cyberspace that most directly affect their critical infrastructures and commerce. Many others have taken steps to develop capabilities to meet the challenges of the cyberspace. During a conference on cyberwarfare at Tel Aviv University, Israel Prime Minister Binyamin Netanyahu stated that “although the field is not precise,” Israel must become a world cyber power. In 2010, UK Chief of Defense Staff General, Sir David Richards, emphasized that Britain must devote time, energy, and resources to develop weaponry for cyber warfare and learn various strategies to be able to maneuver in the cyberspace just as in conventional land, sea, and air operations. Contemporary cyber operations involve the use of various IT tools to mount crippling attacks on adversaries with the aim of inflicting denial of service or distributed denial of service (DDOS).
There are common tactics used in cybersecurity assaults, such as deception, intrusion, corruption, and denial. Denial of service attacks such as Smurf, Teardrop, Ping of Death, and Land attacks involve actions that prevent legitimate network users from accessing the network by making the network resources unavailable or by completely deactivating them. A distributed denial of service (DDOS) is always launched from multiple systems with a more destructive and offensive dominance. However, DOS or DDOS and corruption cannot be launched without successful intrusion. Intrusion involves a set of actions used to compromise the integrity, confidentiality, and availability of a network or systems. Such compromise is achieved using techniques such as password cracking, back doors, or social engineering. Social engineering in the modern age is more than just tricking a victim into releasing their password; it also involves the use of Human intelligence (HUMINT) capabilities to source for information about the type of technology used by adversaries. Hackers are always sniffing for vulnerabilities to exploit.
Over the past two decades, the cyber terrain has experienced attacks and major disruptions immediately after Robert Tappan Morris of MIT launched what was considered the first major Internet attack in 1988. The high profile “worm” infected thousands of computers and disrupted Internet connectivity that caused the U.S. Defense Ministry to isolate their gateway. Since then, we have had destructive attacks like Mellissa, ILOVE YOU, Agent.btz, Chernobyl, Black hole, Code Red II, Klez, Koobface, Gozi, LEAP-A, Sasser, Conficker, Flame, and Stuxnet. Looking at these weapons in progressive advancement, Melissa worm was launched in 1999 with the capability to replicate, create copies, and overload the cyberspace to the extent that Bill Gate raised concern about the proliferation of the disastrous worm. In 2000, the ILOVE YOU bug had the capability to replicate to new versions, destroyed business servers with an estimated loss in billions of dollars. In the twenty-first century, more sophisticated and destructive weapons have been developed and launched. In 2008, Agent.btz was capable of destroying top-secret information of the worldwide joint intelligence communication system according to Washington Post. Prior to Agent.btz virus, Code Red II was launched to inflict DDOS on Computers in the White House and with a unique ability to leave a “back door” open on vulnerable computers for a re-strike. Before the emergence of aggressive flame virus, Chernobyl destroyer invaded networks in the Middle East and Asia with payload capability to damage motherboards and BIOS of many computers. In 2012, the Flame worm became the most sophisticated and active virus that had the capability of shielding itself from detection, activate computer camera, capture screen images, encrypt, and transfer the images undetected. Many destructive cyber weapons have been launched in the past 6 years, such as Conficker that posed significant threat to the extent that Microsoft offered a $250,000 reward to bring the code writer to justice. Although Flame was considered the most sophisticated worm, many analysts described Stuxnet as a “cyberwar-caliber malware” with larger control and command structure written to invade distributed control systems (DCS), programmable logic controllers (PLCs), and Supervisory control and data acquisition (SCADA) systems.
The launch of Stuxnet had a partial success in 2010 due to irreconcilable and incompatible protocol between the window-based spy malware and customized Siemens network protocols at the destination. Looking back to Estonia and Georgia experience, including many successful attacks around the world, the destructive capability of cyber weapons calls for preparedness, training, and development of adequate countermeasures.
Cyberspace has become a powerful force for socioeconomic transformation but it is also a medium for a new type of warfare and criminal activities. Organizations all over world found the Internet as the most reliable and productive medium on which to conduct business. Yet, in 2009, businesses around the world experienced an estimated $1 trillion revenue loss due to cybercrimes according to Elinor Mills 2009 CNET report. In advanced countries, the national security, economic prosperity, and the functioning of government depend largely, if not completely, on cyberspace infrastructure. The operations of critical infrastructure rely heavily on information technology infrastructures that are vulnerable to exploitation by hackers. The same cyber infrastructure and devices used for processing banking and financial records, energy data, supply chain data, health records, homeland security records, defense data, transportation information, and industrial automation parameters have faced dramatically increased malicious attacks. The convergence and interdependencies of these infrastructures were evident in 2003 failure of a single Ohio power plant with a complete black out of the entire Northeast United States and nearby portions of Canadian national power system. Many countries – United States, China, UK, France, Israel, Russia, Germany, and some developing countries have publicly announced cybersecurity units as part of their defense and homeland security strategy. The enemies of the cyber space include states and non-states actors with sophisticated and highly trained hackers. Unfortunately, the Internet is a public access network and the anonymity inherent in the cyberspace make hackers to act undetected.
However, many nations have developed a central gateway to monitor connectivity and traffic but others are continuously vulnerable to cyber weapons. Although governments like the United States have developed a defense strategy within the cyber war defense unit, its ranking in defense capability and cyber dependence is relatively low compared to Russia, Iran, China, and North Korea. However, its offensive capability is comparatively high. The Internet connectivity in China, North Korea, Iran, and Russia is operated by the government and can be disconnected from the global cyberspace within a few minutes if crises erupt. Most critical systems in China are operated either manually or with proprietary control systems. Due to anonymity of the cyberspace, Internet savvy countries have always taken advantage of weak nations to stage an attack in order to hide their tracks. Cyber protection is becoming increasingly challenging with the development of high profile weapons, infiltration of hackers, complexity of network connectivity, and growing vulnerabilities. Thus, the changing face of attacks and the sophistication of weapons in the last two decade have placed cyber-security at the forefront of homeland defense policy.
Northcentral University, Prescott Valley, Arizona aa
Adjunct Faculty, American Military University, West Virgina
(Teaching: Cyberwarfare; Counterterrorism)