The fog of (cyber) war
Cybermilitias, black hat hackers and other non-nation-state bad guys blur the lines on the virtual battlefield.
Computerworld - Analysts and strategists gathered at the Cyber Warfare 2009 conference in London last January were grappling with some thorny problems associated with the cyberaggression threat. One that proved particularly vexing was the matter of exactly what constitutes cyberwarfare under international law. There's no global agreement on the definitions of cyberwarfare or cyberterrorism, so how does a nation conform to the rule of law if it's compelled to respond to a cyberattack?
Back in the U.S. trenches, drawing up a legal battle plan is indeed proving to be extraordinarily complex. Those definitions are especially elusive when you consider that no one can even be sure who the potential combatants are.
"There is some real work that needs to be done, not only in the U.S., but globally, to think about what is a use of force or an act of war in cyberspace," says Paul Kurtz, a partner at Good Harbor Consulting LLC in Arlington, Va., and a former senior director for critical infrastructure protection on the White House's Homeland Security Council.
The need to establish global norms about what is acceptable behavior in cyberspace, he says, is complicated by the fact that "the weapons are not just in the hands of nation-states. They're essentially in everybody's hands."
"Laws of war would forbid targeting purely civilian infrastructure," adds Steven Chabinsky, senior cyberadvisor to the director of national intelligence. "But terrorists, of course, don't limit themselves by the Geneva Conventions."
Time, effort and expertise
Further fogging up the battlefield is the fact that it's nearly impossible to identify all of the potential targets. It is possible to conduct a threat assessment, however, and there appears to be general consensus in the cyberdefense community that the biggest threat in terms of scale is presented by nation-states.
"Cyberattacks which seek to manipulate [an adversary's] critical infrastructures would take more time, effort and expertise than mere data theft," says Kenneth Geers, U.S. representative to the Cooperative Cyber Defense Centre of Excellence in Tallinn, Estonia. "But computer network defenders should understand that time, effort and expertise are resources that militaries and foreign intelligence services often have in abundance."
Analysts and former intelligence officials, including Kurtz, say that, not surprisingly, China and Russia top the list of countries with highly developed cyberwarfare capabilities. Kurtz also named Iran and North Korea as countries with known cyberwarfare aspirations.
While Chabinsky declined to be specific because of concerns about compromising intelligence-gathering methods, he affirmed that the U.S. has identified "a number of sophisticated nation-state actors who we believe have the capability to bring down portions of our critical infrastructure." Fortunately, he added, "we don't think they have the intent to do so, [since] our country would respond accordingly, and not necessarily symmetrically through cyber means."
- 18 Hot IT Certifications for 2014
- CIOs Opting for IT Contractors Over Hiring Full-Time Staff
- 12 Best Free iOS 7 Holiday Shopping Apps
- For CMOs Big Data Can Lead to Big Profits
- Slideshow: 5 ways to lock down your mobile device
- Slideshow: 10 mistakes companies make after a data breach
- How to rob a bank: A social engineering walk through
- Which smartphone is the most secure?
If you think getting it right from day one is always what matters, you probably haven't been following technology too closely.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Mitigating DDoS Attacks with F5 Technology
- This document examines various DDoS attack methods and the application of specific ADC technologies to block attacks in the DDoS threat spectrum while...
- The DDoS Threat Spectrum
- Bolstered by favorable economics, today's global botnets are using distributed denial-of-service (DDoS) attacks to target firewalls, web services, and applications, often simultaneously.
- Defending Against Denial of Service Attacks
- By utilizing end-user interviews, this whitepaper explores a deeper understanding of DDoS defense plans and reveals the knowledge gaps around the Denial of...
- Strategic Solutions for Government IT
- This paper outlines why F5 is the optimum partner to help achieve the levels of security, performance and availability that are vital to...
- The Six Main Steps To Structured Analogy
- The role of structured analogy software is to automate the data extraction and processing work, provide visualization of the historical context forjudgments and... All Government IT White Papers
- Modernizing SAP environments with minimum risk - a path to Big Data Hear from top IDC analyst, Richard Villars, about the path you can start taking now to enable your organization to get the benefits...
- The Power of the Citrix Mobility Solution, XenMobile Does everything become a smartphone? Or does the smartphone begin to do everything? How can we afford to support BYOD? Rather, how can...
- BYOD Happens: How to Secure Mobility How to navigate the journey of securing mobility, including the BYOD corruption of IT, the top ten mobility strategies, and the mobility management...
- Fighting Fraud Videos: IBM Intelligent Investigation Manager Short videos about IBM Intelligent Investigation Manager (IIM) for Fraud. IIM optimizes the investigation of fraud for customers across many industries in both...
- IBM Intelligent Investigation Manager: Online Product Demo Intelligent Investigation Manager optimizes fraud investigation and analysis and it dynamically coordinates and reports on cases, provides analysis and visualization, and enables more...
- All Government IT Webcasts
Does your organization offer extensive benefits, cool perks, competitive salaries, opportunities for training and advancement? Then get it recognized!
Nominate your company or another deserving organization for Computerworld's 2014 Best Places to Work in IT list now through Dec. 12, 2013.