How To Define Cyberwar

Uploaded on 2016-06-14 in NEWS-Cybersecurity News, INTELLIGENCE--International, GOVERNMENT-National, FREE TO VIEW

One of the things that keeps intelligence and military leaders from sleeping soundly is the problem of cyberwar and its subsets, cyber-espionage, cyber-sabotage and what most people call “hacking,” which isn’t something that only teenagers do from their parents’ basements.

For years, there has been a continuous string of attempted penetrations of US military, intelligence, defense contractor and related networks. It now occurs literally thousands of times a day. The Chinese “Titan Rain” computer attacks began in about 2003 and continued for at least three years, penetrating networks and stealing valuable defense secrets.

This kind of attack has at least two purposes. The first is espionage. Cyber-attacks, let’s not use the term “hacks” because the term sounds innocent, have penetrated unclassified Pentagon email systems. One attack, probably by China, reportedly succeeded in stealing all or part of the design for the F-35 fighter. Knowing what our intelligence community knows, without being detected, would be a huge advantage to any opponent (and even some friends).

The second is to disable or even take control of anything the attackers can penetrate. The computers in most cars can be penetrated and controlled so that the brakes can be jammed on or the engine turned off. So can power companies and everything else that is computer-controlled.

Far scarier is the fact that we are being forced by the cyberwar capabilities of our adversaries to protect military and intelligence satellites that we rely on for everything from secure communications to navigation and reconnaissance (i.e., espionage). The F-35 itself is the target of cyberattacks because of the enormously complex software that runs the aircraft. If a cyberattack penetrated the F-35, the damage that could be done might range from crashing the aircraft to causing damage to every other aircraft or satellite. There is no limit to the damage that can be done.

In April 2015, Adm. Mike Rogers, commander of US Cyber Command and director of the National Security Agency, told Congress that the level of cyber-threats was growing and that whatever we were doing to deter cyber-attacks wasn’t working. He said, “We’re at a tipping point. We need to think about: How do we increase our capacity on the offensive side to get to that point of deterrence?” Unsurprisingly, not much has been done since then to improve our deterrent and offensive capabilities and doctrines of operation.

One problem is that the intelligence and military agencies look to Congress to authorize and help define those efforts. Sens. Mike Rounds, South Dakota Republican, and Angus King, Maine Independent, have taken a step toward that by introducing S-2905, a bill to define what kind of a cyber- attack would amount to an act of war.

But the bill does nothing more than punt the question over to the executive branch, requiring it to come up with a definition of when a cyberattack would be regarded as an act of war. 

Congress has defined the term before. Title 18 US Code Section 2331 defines an act of war in the context of terrorism. It deals with attempts to influence or coerce the civilian population and to control or affect the conduct of government. In the context of cyberwar, a new definition needs to be created.

There are some fundamental concepts on which it should be based. We should be familiar with them from the “Stuxnet” computer worm used (by us? the Israelis? Together?) to attack the Iranian Natanz nuclear facility in about 2010. It caused many of its uranium enrichment centrifuges to run out of control, disabling or damaging hundreds of them. It was obviously justifiable in either nation’s national security interests, and doing so covertly was justifiable in preventing open war.

But the Stuxnet attack, whomever did it, was an act of war, and gives rise to applicable principles.

First, to qualify as an act of war the action must be undertaken by a “belligerent party” capable of fighting a war, be it a nation or a non-state actor such as a terrorist group.

Second, the action must cause either significant physical damage to people or property or it must disable, control or otherwise prevent the proper functioning of a computer system or systems essential to national security or public health and welfare.

Under this standard, any cyberattack that, for example, disabled or polluted a city’s water supply would be an act of war. So would attacks on our satellites or on our military or civilian aircraft that succeeded in disabling or controlling them.

There is clearly room for refining that standard to meet the nation’s defense and civilian needs. Congress needs to do more than the Rounds-King bill, and this is a good place to start.

Congress also needs to act to bolster both our cyber-deterrent and offensive cyber-forces. One veteran warrior I spoke to put it this way: If anyone attacks our defense or intelligence networks, or our vital civilian networks, we should immediately and automatically seek out the origin of the attack and counter-attack with a complex virus or Trojan horse that could disable the originating computer network.

It’s more than a year since Adm. Rogers’ warnings. It’s unlikely, to the point of impossibility, that anything will be done to remedy this situation before the November election. It doesn’t matter what happens to the Rounds-King bill. But it matters a great deal that our offensive and defensive cyberwar capabilities could easily fail for lack of presidential and congressional attention.

Ein News:  http://bit.ly/1toyBur

 

« Cyber Insurance Report 2016 (£)
Tor’s Developer Leaves After Lurid Sexual Allegations »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Perforce Software

Perforce Software

Perforce helps companies build complex software products more collaboratively, securely, and efficiently.

Nmap Project

Nmap Project

Nmap Project is a Free and open source tool for network discovery, administration, and security auditing.

WatchGuard

WatchGuard

WatchGuard is a leader in network security, secure Wi-Fi, and network intelligence products and services for SMBs and Enterprises worldwide.

Libraesva

Libraesva

Libraesva specialize in Email Security. From Email Security, Phishing Awareness and Email Archiver. We can assist you with any email issues you may have.

Oppida

Oppida

Oppida provides tailored IT security services to help you identify security gaps and assist in finding the most effective remediation.

Bufferzone Security

Bufferzone Security

Bufferzone is a patented containment solution that defends endpoints against advanced malware and zero-day attacks while maximizing user and IT productivity.

Cryptsoft

Cryptsoft

Cryptsoft provides key management and security software development toolkits based around open standards such as OASIS KMIP and PKCS#11.

HKCERT

HKCERT

HKCERT is the centre for coordination of computer security incident response for local enterprises and Internet Users in Hong Kong.

KeyXentic

KeyXentic

KeyXentic Inc. is a professional mobile and data security service provider. We are devoted to design convenient and strong security for user’s data protection and privacy without any compromise.

Sequretek

Sequretek

Sequretek was formed with the aim to “Simplify Security”. We envision a future where enterprise networks are streamlined, secure and simple.

Cybermerc

Cybermerc

Cybermerc's services, training programmes and cyber security solutions are designed to forge collaborations across industry, government and academia, for collective defence of our digital borders.

SafePaas

SafePaas

SafePaas is a leading Enterprise Risk Management Platform. One source of truth for all your Audit, Risk, and Compliance requirements. Complete governance across your systems.

PROW Information Technology

PROW Information Technology

PROW is at the forefront of the technology and digital revolution with a focus and mastery in the cybersecurity, information security and data management realms.

Saffron Networks

Saffron Networks

Saffron Networks is an ISO-certified company. We assure our clients of reliable solutions, specifically with the Security landscape and Enterprise Networking.

Saudi Information Technology Company (SITE)

Saudi Information Technology Company (SITE)

SITE is a forward-thinking enterprise, which aims at revitalizing Saudi Arabia’s digital infrastructure, cybersecurity, software development, and big data and analytics capabilities.

Jot Digital

Jot Digital

Jot Digital is a full-service technology company specializing in digital engineering, application modernization and business transformation.