How To Define Cyberwar

One of the things that keeps intelligence and military leaders from sleeping soundly is the problem of cyberwar and its subsets, cyber-espionage, cyber-sabotage and what most people call “hacking,” which isn’t something that only teenagers do from their parents’ basements.

For years, there has been a continuous string of attempted penetrations of US military, intelligence, defense contractor and related networks. It now occurs literally thousands of times a day. The Chinese “Titan Rain” computer attacks began in about 2003 and continued for at least three years, penetrating networks and stealing valuable defense secrets.

This kind of attack has at least two purposes. The first is espionage. Cyber-attacks, let’s not use the term “hacks” because the term sounds innocent, have penetrated unclassified Pentagon email systems. One attack, probably by China, reportedly succeeded in stealing all or part of the design for the F-35 fighter. Knowing what our intelligence community knows, without being detected, would be a huge advantage to any opponent (and even some friends).

The second is to disable or even take control of anything the attackers can penetrate. The computers in most cars can be penetrated and controlled so that the brakes can be jammed on or the engine turned off. So can power companies and everything else that is computer-controlled.

Far scarier is the fact that we are being forced by the cyberwar capabilities of our adversaries to protect military and intelligence satellites that we rely on for everything from secure communications to navigation and reconnaissance (i.e., espionage). The F-35 itself is the target of cyberattacks because of the enormously complex software that runs the aircraft. If a cyberattack penetrated the F-35, the damage that could be done might range from crashing the aircraft to causing damage to every other aircraft or satellite. There is no limit to the damage that can be done.

In April 2015, Adm. Mike Rogers, commander of US Cyber Command and director of the National Security Agency, told Congress that the level of cyber-threats was growing and that whatever we were doing to deter cyber-attacks wasn’t working. He said, “We’re at a tipping point. We need to think about: How do we increase our capacity on the offensive side to get to that point of deterrence?” Unsurprisingly, not much has been done since then to improve our deterrent and offensive capabilities and doctrines of operation.

One problem is that the intelligence and military agencies look to Congress to authorize and help define those efforts. Sens. Mike Rounds, South Dakota Republican, and Angus King, Maine Independent, have taken a step toward that by introducing S-2905, a bill to define what kind of a cyber- attack would amount to an act of war.

But the bill does nothing more than punt the question over to the executive branch, requiring it to come up with a definition of when a cyberattack would be regarded as an act of war. 

Congress has defined the term before. Title 18 US Code Section 2331 defines an act of war in the context of terrorism. It deals with attempts to influence or coerce the civilian population and to control or affect the conduct of government. In the context of cyberwar, a new definition needs to be created.

There are some fundamental concepts on which it should be based. We should be familiar with them from the “Stuxnet” computer worm used (by us? the Israelis? Together?) to attack the Iranian Natanz nuclear facility in about 2010. It caused many of its uranium enrichment centrifuges to run out of control, disabling or damaging hundreds of them. It was obviously justifiable in either nation’s national security interests, and doing so covertly was justifiable in preventing open war.

But the Stuxnet attack, whomever did it, was an act of war, and gives rise to applicable principles.

First, to qualify as an act of war the action must be undertaken by a “belligerent party” capable of fighting a war, be it a nation or a non-state actor such as a terrorist group.

Second, the action must cause either significant physical damage to people or property or it must disable, control or otherwise prevent the proper functioning of a computer system or systems essential to national security or public health and welfare.

Under this standard, any cyberattack that, for example, disabled or polluted a city’s water supply would be an act of war. So would attacks on our satellites or on our military or civilian aircraft that succeeded in disabling or controlling them.

There is clearly room for refining that standard to meet the nation’s defense and civilian needs. Congress needs to do more than the Rounds-King bill, and this is a good place to start.

Congress also needs to act to bolster both our cyber-deterrent and offensive cyber-forces. One veteran warrior I spoke to put it this way: If anyone attacks our defense or intelligence networks, or our vital civilian networks, we should immediately and automatically seek out the origin of the attack and counter-attack with a complex virus or Trojan horse that could disable the originating computer network.

It’s more than a year since Adm. Rogers’ warnings. It’s unlikely, to the point of impossibility, that anything will be done to remedy this situation before the November election. It doesn’t matter what happens to the Rounds-King bill. But it matters a great deal that our offensive and defensive cyberwar capabilities could easily fail for lack of presidential and congressional attention.

Ein News:  http://bit.ly/1toyBur

 

« Cyber Insurance Report 2016 (£)
Tor’s Developer Leaves After Lurid Sexual Allegations »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

SureCloud

SureCloud

SureCloud is a Governance, Risk and Compliance (GRC) and Cybersecurity Solutions provider.

NUS-Singtel Cyber Security R&D Lab

NUS-Singtel Cyber Security R&D Lab

NUS-Singtel Cyber Security R&D Lab conducts research into predictive security analytics.

Secure India

Secure India

Secure India provides Forensic Solutions that help Government and Business in dealing with prevention and resolution of Cyber related threats.

CISPA Helmholtz Center for Information Security

CISPA Helmholtz Center for Information Security

The CISPA Helmholtz Center for Information Security is a German national Big Science Institution within the Helmholtz Association. Our research encompasses all aspects of Information Security.

SafeBreach

SafeBreach

SafeBreach's platform simulates hacker breach methods across the entire kill chain to identify breach scenarios in your environment before an attacker does.

SafenSoft (SnS)

SafenSoft (SnS)

SafenSoft delivers high-efficiency, low-impact proactive protection against malware, insider threats, and confidential data leakage.

Enigmatos

Enigmatos

Enigmatos is an Israeli based Automotive Cyber Security company. We provide solutions to the ever growing threat of vehicle hacking.

AU10TIX

AU10TIX

AU10TIX’s smart forensic-level ID authentication technology links physical and digital identities, meets compliance mandates, and ensures your customers know their trust and safety come first.

Have I Been Pwned (HIBP)

Have I Been Pwned (HIBP)

Have I Been Pwned is a free resource for anyone to quickly assess if they may have been put at risk due to an online account of theirs having been compromised or "pwned" in a data breach.

Romanian Tech Startup Association (ROTSA)

Romanian Tech Startup Association (ROTSA)

Romanian Tech Startups Association is an umbrella organization that aims to promote, support and represent the interests of tech startups in Romania.

Open Source Security Foundation (OpenSSF)

Open Source Security Foundation (OpenSSF)

OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all.

N2K Networks

N2K Networks

N2K Networks is the world’s first “news to knowledge” network. The news to knowledge network is how you stay at the cutting edge in a rapidly changing world.

Censinet

Censinet

Censinet provides the first and only third-party risk management platform for healthcare organizations to manage the threats to patient care that exist within an expanding ecosystem.

Liquis Inc.

Liquis Inc.

Liquis, founded in 2002, is one of the largest facility decommissioning services companies in the U.S.

Vector Choice Technologies

Vector Choice Technologies

Vector Choice Technology Solutions has a long standing reputation in cyber security consulting since 2008.

ClearFocus Technologies

ClearFocus Technologies

ClearFocus Technologies provides advanced cybersecurity services that secure our nation’s most sensitive assets.