After Google-China dust-up, cyberwar emerges as a threat

The episode highlighted cyberthreats facing the U.S., but it's not a war -- yet

1 2 3 Page 2
Page 2 of 3

Those views are shared by security experts in both the government and the private sector who see the relentless probing and attacks on U.S agencies and commercial interests as a precursor to something more devastating. The concern is prompting action of sorts in Washington. In just the past month, two major cybersecurity bills have been proposed. One would tie U.S financial aid to a country's willingness to fight cybercrime. The other would strengthen domestic cybersecurity and require the president to work with private industry in responding to a cyber crisis. That's a forgone conclusion, given how much of the nation's cyber infrastructure is in private hands.

A cybersecurity ambassador?

Meanwhile, the U.S. State Department is rumored to be considering the creation of a cybersecurity ambassador for the U.N. That's important, since there's no settled definition of cyberwar, and various nations are already trying to figure out what a cyberwar entails and how it would be declared -- and fought.

The first step to formulating an organized response is to define cyberwar correctly, said Robert Rodriguez, a former Secret Service special agent and founder of the Security Innovation Network. Calling what's gone on in recent years a "cyberwar" only complicates things, he said.

"War connotes huge conflict at a grand level between nations and societies," Rodriguez said.

It also involves the use of military force to essentially destroy another nation's capabilities and will to resist, according to James Lews, director and senior fellow at the Center for Strategic and International Studies. The cyber equivalent of such a conflict would involve a nation using cyber means to attain political ends in another country, said Lewis, who led a commission that developed a set of cybersecurity recommendations for President Obama last year.

"When you look at the number of systems that have been Trojaned or compromised, you could say our cyberbattlefield has been prepped and can be used against us," admits Jerry Dixon, former director of the National Cyber Security Division at the U.S. Department of Homeland Security (DHS).

"However, the adversary has to decide if the intelligence they're getting from our systems and networks is more valuable than attacking them to take them offline," he said. "If they attack and take them offline, they will lose insight into what we're doing."

Making such distinctions is crucial from a strategic response standpoint. "Pronouncements that we are in a cyberwar or face cyberterror conflate problems and make effective response more difficult," Lewis said.

So if the attacks of recent years aren't warfare, what are they?

Spies or criminals?

A lot of what's going on is happening on two levels: cyberespionage and cybercrime on a massive -- and growing -- scale. They aren't new, said Patricia Titus, the former chief information security officer at the Transportation Security Administration who now holds a similar post at Unisys Corp. But the attacks on Google and other companies refocused attention on the scope of the problem, she said.

Many of the recent attacks tended to originate from China, though countries such as Russia and India are also suspect. Specific companies and government organizations are usually targeted through the use of social engineering tricks, advanced reconnaissance and sophisticated malware tools that can quietly penetrate networks and steal data. What's not always clear is whether this kind of economic and military espionage is state-sponsored or carried out by hactivists and opportunists.

1 2 3 Page 2
Page 2 of 3
7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon