How To Define Cyberwar

Uploaded on 2016-06-14 in NEWS-Cybersecurity News, INTELLIGENCE--International, GOVERNMENT-National, FREE TO VIEW

One of the things that keeps intelligence and military leaders from sleeping soundly is the problem of cyberwar and its subsets, cyber-espionage, cyber-sabotage and what most people call “hacking,” which isn’t something that only teenagers do from their parents’ basements.

For years, there has been a continuous string of attempted penetrations of US military, intelligence, defense contractor and related networks. It now occurs literally thousands of times a day. The Chinese “Titan Rain” computer attacks began in about 2003 and continued for at least three years, penetrating networks and stealing valuable defense secrets.

This kind of attack has at least two purposes. The first is espionage. Cyber-attacks, let’s not use the term “hacks” because the term sounds innocent, have penetrated unclassified Pentagon email systems. One attack, probably by China, reportedly succeeded in stealing all or part of the design for the F-35 fighter. Knowing what our intelligence community knows, without being detected, would be a huge advantage to any opponent (and even some friends).

The second is to disable or even take control of anything the attackers can penetrate. The computers in most cars can be penetrated and controlled so that the brakes can be jammed on or the engine turned off. So can power companies and everything else that is computer-controlled.

Far scarier is the fact that we are being forced by the cyberwar capabilities of our adversaries to protect military and intelligence satellites that we rely on for everything from secure communications to navigation and reconnaissance (i.e., espionage). The F-35 itself is the target of cyberattacks because of the enormously complex software that runs the aircraft. If a cyberattack penetrated the F-35, the damage that could be done might range from crashing the aircraft to causing damage to every other aircraft or satellite. There is no limit to the damage that can be done.

In April 2015, Adm. Mike Rogers, commander of US Cyber Command and director of the National Security Agency, told Congress that the level of cyber-threats was growing and that whatever we were doing to deter cyber-attacks wasn’t working. He said, “We’re at a tipping point. We need to think about: How do we increase our capacity on the offensive side to get to that point of deterrence?” Unsurprisingly, not much has been done since then to improve our deterrent and offensive capabilities and doctrines of operation.

One problem is that the intelligence and military agencies look to Congress to authorize and help define those efforts. Sens. Mike Rounds, South Dakota Republican, and Angus King, Maine Independent, have taken a step toward that by introducing S-2905, a bill to define what kind of a cyber- attack would amount to an act of war.

But the bill does nothing more than punt the question over to the executive branch, requiring it to come up with a definition of when a cyberattack would be regarded as an act of war. 

Congress has defined the term before. Title 18 US Code Section 2331 defines an act of war in the context of terrorism. It deals with attempts to influence or coerce the civilian population and to control or affect the conduct of government. In the context of cyberwar, a new definition needs to be created.

There are some fundamental concepts on which it should be based. We should be familiar with them from the “Stuxnet” computer worm used (by us? the Israelis? Together?) to attack the Iranian Natanz nuclear facility in about 2010. It caused many of its uranium enrichment centrifuges to run out of control, disabling or damaging hundreds of them. It was obviously justifiable in either nation’s national security interests, and doing so covertly was justifiable in preventing open war.

But the Stuxnet attack, whomever did it, was an act of war, and gives rise to applicable principles.

First, to qualify as an act of war the action must be undertaken by a “belligerent party” capable of fighting a war, be it a nation or a non-state actor such as a terrorist group.

Second, the action must cause either significant physical damage to people or property or it must disable, control or otherwise prevent the proper functioning of a computer system or systems essential to national security or public health and welfare.

Under this standard, any cyberattack that, for example, disabled or polluted a city’s water supply would be an act of war. So would attacks on our satellites or on our military or civilian aircraft that succeeded in disabling or controlling them.

There is clearly room for refining that standard to meet the nation’s defense and civilian needs. Congress needs to do more than the Rounds-King bill, and this is a good place to start.

Congress also needs to act to bolster both our cyber-deterrent and offensive cyber-forces. One veteran warrior I spoke to put it this way: If anyone attacks our defense or intelligence networks, or our vital civilian networks, we should immediately and automatically seek out the origin of the attack and counter-attack with a complex virus or Trojan horse that could disable the originating computer network.

It’s more than a year since Adm. Rogers’ warnings. It’s unlikely, to the point of impossibility, that anything will be done to remedy this situation before the November election. It doesn’t matter what happens to the Rounds-King bill. But it matters a great deal that our offensive and defensive cyberwar capabilities could easily fail for lack of presidential and congressional attention.

Ein News:  http://bit.ly/1toyBur

 

« Cyber Insurance Report 2016 (£)
Tor’s Developer Leaves After Lurid Sexual Allegations »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

SharkGate

SharkGate

SharGate provide a cloud-based website security solution to protect websites from being hacked.

Authenware

Authenware

AuthenWare delivers the highest level of identity security based on behavioral biometrics.

CS Group

CS Group

CS Group offers a complete range of security solutions from consultancy to security maintenance and from secure infrastructure design to security governance.

NRI Secure Technologies

NRI Secure Technologies

NRI SecureTechnologies is a Cybersecurity group company of the Nomura Research Institute (NRI) and a global provider of next-generation Managed Security Services and Security Consulting.

Blockchain Slovakia

Blockchain Slovakia

Blockchain Slovakia is a non-profit organization that brings together researchers, developers, entrepreneurs, regulators, investors and the public to support blockchain technology in Slovakia.

Approach

Approach

Approach is a leading provider of cyber security consulting and secure application development services in Belgium.

Cyber Covered

Cyber Covered

Cyber Covered provide complete website & data cover with market leading cyber insurance and powerful compliance software in one affordable package.

iSolutions

iSolutions

iSolutions is an official reseller and engineering company of leading products and solutions for cybersecurity and information protection, optimization, visualization and control of applications

Secura B.V.

Secura B.V.

Secura is an independent specialized cybersecurity expert, providing insights to protect valuable assets and data.

ScorpionShield

ScorpionShield

ScorpionShield CyberSecurity is an EC-Council Accredited Training Center, and an On-Demand Service for Cybersecurity professionals.

BIG Cyber

BIG Cyber

BIG Cyber is a specialized Managed Security Service Provider (MSSP) dedicated to bringing military grade cyber security technology to the gaming industry.

Core Sentinel

Core Sentinel

Australia's #1 Penetration Testing Service. Make Your Systems Fully Compliant With Our OSCE CREST/CISA Certified Penetration Testing.

Fireblocks

Fireblocks

Fireblocks is a digital asset security platform that helps financial institutions protect digital assets from theft or hackers.

ExtraHop

ExtraHop

ExtraHop's dynamic cyber defense platform uses cloud-scale AI to help enterprises detect and respond to advanced threats - before they compromise your business.

risk3sixty

risk3sixty

Risk3sixty are information and cyber risk management craftsmen helping build business-first security and compliance programs.

Merlin Ventures

Merlin Ventures

Merlin Ventures is a strategic investor focused on driving growth and value for cybersecurity software companies with market-leading potential.