- Worth a thousand words
February 16, 2013
Photography websites that inspire, educate, entertain and amuse.
February 16, 2013
Do you want to know the secret behind the working of a robot or a piano?
- Building magnificent machines
February 2, 2013
Computer enthusiasts are keeping alive the DIY spirit of the generation that kick-started the computer revolution.
- In This Section
- Entire Website
From the Times Of India
- MOST POPULAR
Stuxnet showed the world what a true cyber weapon looks like
A new book on the origins of the Stuxnet worm - it was co-developed by the US and Israel, and directed against Iran's nuclear programme - has brought 'cyber war' out in the open. But the term sits uncomfortably with many experts who complain about the phrase's catchall nature. One of them is Jeffrey Carr who says there will be no such thing as a pure cyber attack. Semantics aside, the Seattle-based Carr - a well-known analyst who lectures at several US military and government institutions - is rather vocal about the increasing reality of nations undertaking large-scale espionage and offensive operations on global networks today. He tells TOI-Crest just how cyberspace has become a new battleground for a host of actors, and not just nation states.
Is it getting increasing difficult to tell the difference between cyber crime and cyber war? Does such a blurring of lines directly pose a threat to national security?
If one looks at the victims then the distinction is easy to make. Attacks against financial institutions and botnet-based attacks (a 'botnet' is collection of compromised computers) that sweep up individuals' online banking login credentials are done by cyber criminals. If one looks at the attackers, sometimes a criminal gang involved in cyber crime will also perform tasks requested of it by their respective government. So while it's not always a black and white issue, there is still a distinction to be made between cyber crime and other types of cyber attacks. As far as the term "cyber war" is concerned, I prefer not to use it, since we've never seen a pure cyber war and I doubt that we ever will. The reason why is because a cyber war, by definition, would be two nation states attacking each other solely through cyberspace. There's no way such a limited attack strategy could succeed without the use of land, sea or air forces.
Are 'stateless', transnational 'hacktivists' (like Anonymous) as much of a threat to national security as they are often made out to be?
I consider Anonymous a moderate level threat. They use unsophisticated attack techniques and almost all of their actions are designed to cause short-term chaos. However, there have been a few cases where Anonymous has caused companies a great deal of damage with real-life consequences. HB Gary Federal (a US IT security firm) was essentially destroyed by them. Their attacks against Sony and Stratfor (a US-based 'global intelligence' company) resulted in law suits against both companies filed by victims whose personal identifying information was exposed online.
How many countries do you think have devoted large resources to setting up advanced cyber warfare and cyber espionage capabilities?
There are over 30 countries that are developing cyber warfare and cyber espionage capabilities. The most sophisticated players in that group include but aren't limited to the US, Israel, France, Germany, Russia, China, Taiwan, South Korea, North Korea, Iran, Pakistan, Turkey and India. Other countries who are currently in various stages of standing up an equivalent to the US military's Cyber Command are Australia, Brazil, Canada, Czech Republic, Estonia, Finland, Italy, Kenya, Myanmar, Netherlands, Nigeria, Poland, Singapore, South Africa, Sweden, Turkey, the UK, and Zimbabwe.
While it's reasonable to assume that all of these countries have conducted espionage operations in cyberspace, only Russia, Myanmar, Iran, Israel and Zimbabwe have used cyber attacks in conjunction with some type of kinetic action to quell internal dissidents or external opposition forces.
Many of those countries have also outsourced or tolerated hacktivist attacks by their own hacker population against other states with whom they have political disagreements (i. e. , Turkey, Sweden, Taiwan, Russia, China, Iran, and Israel).
Could instances like 'Stuxnet' (and other malware like 'Flame' ) trigger a cyber arms race of sorts? Or has Stuxnet already done so?
I think that Stuxnet showed the world what a true cyber weapon looks like, and that if any nation's armed forces aren't already developing similar and/or superior cyber weapons to Stuxnet, then they're being foolish. The cyber arms race has been going on for over a year, but (wellknown New York Times journalist) David Sanger's new book about the Barack Obama and George W Bush administrations' role in creating Stuxnet will certainly add fuel to the fire, in my opinion.
If the US had to attack Iran with conventional weapons, it would, under most circumstances, look to get some sort of international sanction before doing so. Would you push for international, and multilateral, mechanisms or bodies to regulate cyber warfare?
No. I think that a targeted cyber attack with minimal collateral damage like Stuxnet is a far superior option to dropping a bomb on the target. And if it's done covertly against a provocative target that many nations object to, no one would be able to identify the attacker. I think that nation states need to have this capability in their tool kit and I'm opposed to international cyber treaties. If you're looking for an international solution that has positive consequences, I recommend creating more cross-border law enforcement agreements which include Russia and China. Unfortunately neither of those states has supported such agreements in the past.
Will we see more instances of IT majors working - or being forced to work - with national governments in such cyber warfare efforts? Shouldn't they be pushed for some form of public disclosure in such cases?
Probably, yes. Disclosure is always nice but we rarely get it and I doubt that will change anytime soon.
Any broad recommendations you'd like to make to governments? To national CERT (Computer Emergency Response) teams?
Yes. Stop trying to keep other countries out of your network. You've already failed at that. You must instead assume a strategy known as 'presumption of breach'. The key to that strategy is to keep adversaries from accessing and/or removing critical nodes and files in your network while sacrificing those that are non-critical.
Register for Full Access to the Crest Edition
Don't have a Facebook Account? Sign up for Times Crest here.