06/13/11

The Fog of Cyberwar: What Are the Rules of Engagement?

Countries are beginning to develop cyberwarfare policies to protect their national interests, but defending oneself in the borderless Internet will prove problematic.

There is speculation among some politicians and pundits that the fog of war will soon extend to the Internet, if it has not done so already, given a recent report that the U.S. Department of Defense will introduce its first cyberwarfare doctrine this month, combined with similar announcements from the governments of Australia, China and the U.K. (not to mention Google’s ongoing cyber spat with China). Less clear, however, are the rules of engagement—such as what constitutes an act of cyberwar as opposed to the cyberattacks that take place on government computers every day and who, if anyone, should mediate such disputes.

Wars have traditionally been waged between nations or clearly defined groups that officially declare themselves in conflict. This has yet to happen openly on the Internet, although such accusations have been leveled against China, Russia and other nations, says Chris Bronk, an information technology policy research fellow at Rice University’s James A. Baker III Institute for Public Policy in Houston and a former U.S. State Department diplomat.

Cyberwarfare is more likely to reflect the wars fought against shadowy terrorist networks such as al-Qaeda as opposed to conflicts between uniformed national military forces. “One thing about war is that, historically, the lines have been drawn and there is an understanding of who the enemy is,” says David M. Nicol, director of the Information Trust Institute at the University of Illinois at Urbana-Champaign. “When a cyberattack occurs against a sovereign state, who do you declare war on?”

The Defense Department is expected to clarify at least some of these gray areas when it releases its cyberwarfare doctrine, the Wall Street Journal reported last month. This would not be the Pentagon’s first foray into managing cyberwar. The U.S. Strategic Command’s U.S. Cyber Command (USCYBERCOM) division has been operational since October and is designed to centralize the administration of cyberspace operations, organize existing cyber resources and synchronize defense of U.S. military networks. What is missing is a clear set of publicly declared rules under which USCYBERCOM will operate, Bronk says, adding, “We can’t say there is a cyber command and then not have rules of the road like you do for other areas of military conduct.”

Other countries seem to be following suit. The U.K. is developing a cyberweapons program that will give ministers an attacking capability to help counter growing threats to national security from cyberspace, the Guardian reported last month. Australia is also on record as saying it will create the country’s first national cybersecurity strategy to confront the growing threat posed by electronic espionage, theft and state-sponsored cyberattack, the Sydney Morning Herald recently reported. Not to be left out, China has also set up a specialized online “Blue Army” unit that it claims will protect the People’s Liberation Army from outside attacks, according to News Track India.

The inability of governments, or any other cybersecurity experts for that matter, to pinpoint the origin of cyberattacks is problematic and boils down to an intelligence problem, Nicol says. “Right now, with the infrastructure that we have it’s very difficult using purely technological means to trace the source of some kind of attack,” he adds. “You can’t just look at the connection between one computer and another because cyberattackers use multiple levels of cutout servers that make it difficult to determine where data is being sent. These computers that do the cutoffs are in foreign countries so there’s little recourse in terms of requesting log files from those computers.”

This lack of clarity is troubling. “We’re nowhere near where our policy makers believe we are or want us to think we are,” says Anup Ghosh, a research professor and chief scientist at George Mason University’s Center for Secure Information Systems in Fairfax, Va. “Internet Protocol (IP) was never designed with strong attribution properties. There’s no connection between an IP address and an individual.”

In cyberspace, it is easy to masquerade as someone else. “As naked as we are insecurity, so is China,” says Ghosh, also co-founder and CEO of cybersecurity technology maker Invincea. “Their security might even be worse than ours, which is pretty sad. It wouldn’t be hard to use China as a jumping-off point if you’re in organized crime or another nation state looking to cause some saber rattling between China and the U.S.”

Much of the U.S.’s current tension with China comes from Google’s claims that recent hacker attempts to steal Gmail user passwords appeared to have originated from China. “Google is a very secure company, so when they are attacked we should stand up and take notice,” says O. Sami Saydjari, a former Pentagon cyber expert who now runs a consultancy called Cyber Defense Agency. At the national level, however, “clearly you want to be able to attribute an attack with a degree of certainty before you respond with military action,” he adds.

Internet agencies such as the Internet Corporation for Assigned Names and Numbers(ICANN) might be a reasonable place to start when trying to improve cybersecurity and avoid international cyberconflicts, but essentially this is a problem requiring input from the U.S. State Department and international policy makers and perhaps even something along the lines of an Internet Geneva Convention, Saydjari says. “One option is to make countries [that are] unwilling to trace the source of cyberattacks coming from within their borders accountable for the results of those attacks,” he adds. “We also need more think tanks in this space such [as] we had during the cold war, where analysts discussed the consequences of nuclear weapons and mutually assured destruction.”

If the U.S. chooses to enter a new war with another country within the next decade, there will be cyberweapons deployed under the guidance of cyberdoctrine to scramble communications and otherwise disrupt the enemy, Bronk says. “I would assume that the cyberattacks that we would consider as acts of warfare would be clandestine in nature, with Stuxnet being an example of how this might happen,” he adds, referring to the highly sophisticated Microsoft Windows computer worm that made headlines last year when it attacked targets in Iran, leading to speculation that it was developed by the U.S. or Israel.

The threat of cyberwar “is like any great security problem; the key is not to either overreact or underreact but [to] have a calibrated response based on the knowledge we hold,” Bronk says. “The problem is our knowledge is very, very limited. This is the infancy of this issue.”

read More : http://www.scientificamerican.com/article.cfm?id=fog-of-cyber-warfare

06/13/11

US & China struggle for global supremacy

A new front is opening up between China and the US in their struggle for global supremacy. Cyber attacks from China seem to be increasing, as exemplified by Google’s recent accusations that it has uncovered a campaign run from inside China to secretly monitor the Gmail accounts of top-ranking US government officials and military personnel, South Korean officers and other users. The hackers allegedly used a phishing campaign to trick users into revealing their passwords. Though the Chinese government has denied the accusations as “a fabrication out of thin air”, the US secretary of state, Hillary Clinton, has described Google’s claims as “very serious”.

Google claimed that the attacks appeared to originate from Jinan — it is home to a military vocational school, the computers of which were linked to a more sophisticated assault on Google’s systems a few months ago. This is the most serious claim of China-based Internet intrusion since a previous incident involving the company last year when it decided to redirect users in mainland China to its search engine based in Hong Kong. The decision put the Internet search giant, which has a huge financial stake in China, on a collision course with Beijing. Google and the Chinese government have clashed repeatedly over the past year. China blocked one of Google’s sites, YouTube, in March last year in an apparent attempt to stop people in China from viewing videos of anti-government protests by Tibetans and Uighurs. The security of commercial networks became a major issue as Google accused China of stealing intellectual property online and compromising the Gmail accounts of Chinese human rights activists.

The latest dispute is happening at a time of heightened sensitivity about cyber disputes and even warfare. Sony suffered an attack from hackers; Lockheed Martin faced cyber attacks that are now being investigated by the FBI; and last month Sony Corporation had to briefly close down its PlayStation network after an intrusion by yet-to-be-identified hackers that put at risk the credit card information of about 70 million users.

Meanwhile, facing criticism from the US, China decided to go on an offensive. In an attempt to divert attention from allegations of online attacks on Western targets originating in China, the Chinese military accused Washington of launching a global “Internet war” to bring down Arab and other governments. In line with this, the Chinese military planners have asked their government to make preparations to fight this “Internet war” which is a product of the new information age. In an article, Chinese military scholars have suggested that China needs to “express to the world its principled stance of maintaining an ‘Internet border’ and protecting its ‘Internet sovereignty’, unite all advanced forces to dive into the raging torrent of the age of peaceful use of the Internet, and return to the Internet world a healthy, orderly environment.”

Facing an onslaught of cyber attacks, the US department of defence has made it clear that cyber attacks by any foreign nation may be considered an “act of war”. And the UK’s latest national security strategy lists cyber attacks as one of the most significant security threats facing the nation. In view of these developments, some are advocating the negotiation of an international “non-proliferation” treaty to counter a new cyber arms race between nations.

China is investing in new technologies for cyber and space warfare, primarily to counter America’s traditional advantages. Beijing has made its intention clear of focusing on the development of asymmetric capabilities that include electronic warfare, shaping the battle space with information dominance and using new technology not available to great powers that modernised earlier. China has been probing the computer networks of its adversaries for some time now, investing heavily in electronic counter measures and envisaging concepts like computer network attack, computer network defence and computer network exploitation. Its industrial and defence espionage is aimed at obtaining advanced technology for economic and military modernisation. China has been giving cyber warfare serious thought and has incorporated it into its military planning and strategy by encouraging civilian computer crackers to penetrate the computer networks of key political and military leaders in countries ranging from the US, Japan and Taiwan, to South Korea and India.

The issue of how governments should respond to or help prevent cyber attacks against private enterprises as well as state assets is one of the most difficult security issues facing policy-makers today. India is no stranger to cyber warfare. China’s penetration into the Indian intelligence apparatus has been growing. The National Informatics Centre, which governs and hosts all government websites, as well as computers of the Prime Minister’s Office, several Indian embassies, the Bhabha Atomic Research Centre and the Dalai Lama’s office were infected by GhostNet, a China-based cyber espionage network. Though this came to light in early 2009, it had been going on for the past several years. The Indian military lacks the expertise and resources to defend the country adequately from concerted cyber attacks even as cyber criminals, terrorists and other nations are getting better at penetrating state and private networks, whether to spy, to steal data or damage critical infrastructure. It is time.

via Phishing ground – Indian Express.