Thursday, March 20, 2008

Deterring Cyberwar and Cyberterrorism...

Two security-related news articles were prominently published this week - one by the New York Times, the other by the Wall Street Journal - which, when taken together, reveal a lot about America's overall approach to dealing with national security issues in cyberspace.

The Times article describes how the Cold War strategy of deterrence is re-emerging in the fight against terrorist groups like Al-Qaeda. "To counter efforts by terrorists to plot attacks, raise money and recruit new members on the Internet, the government has mounted a secret campaign to plant bogus e-mail messages and Web site postings, with the intent to sow confusion, dissent and distrust among militant organizations, officials confirm."

On a different note, the Wall Street Journal article (only available for a fee, but covered by DailyTech and Fox News as well) reports on the cyberwarfare that China has initiated against the United States. The Defense Department cites numerous successful attacks in the last year originating in China, including shutting down Homeland Security networks and hacking into the Pentagon email system used by the offices of Defense Secretary Robert Gates.

To be sure, these stories deal with two separate issues - deterrence against cyberterrorists on the one hand versus cyberwarfare against a nation-state on the other. However, taken together, what do they reveal about America's overall approach to dealing with national security issues in cyberspace?

For starters, there is an implicit recognition that we need to defend against both targeted attacks against specific installations as well as larger network-wide threats in distributed environments. Cyberwars are not unprecedented. Last year, for example, Russia was accused of launching distributed denial-of-service (DDoS) attacks against Estonian targets. But Fox News is correct in its assessment that "that attack was against the civilian Internet infrastructure: the ISPs and banks, for example, not the Estonian military or government. Such attacks... are fundamentally different from targeted hacks against specific installations. It's the difference between war and espionage." American policy needs to protect its cyber assets from both.

Additionally, a crucial distinction must be made between cyberterrorism and cyberwarfare. This is directly related to the previous point. Cyberterrorism involves outright destruction of narrowly defined targets, while cyberwarfare takes on a more espionage-like tilt, seeking to disrupt, rather than destroy, cyberspatial targets, often with the sole aim of obtaining information. Neither is necessarily more damaging from a security standpoint than than the other, however, in any given case, America's defensive tactics must be narrowly tailored to suit whichever of these types of threats it is addressing.

While most of these issues are still in their embryonic stages of development, it is nevertheless quite clear that a cyber arms race, complete with a spiraling escalation of sophisticated tools and strategies, is already underway. As cyberwars and cyberterrorism proliferate, and as governments and other institutions try to deal with them, it will only be a short matter of time before we reminisce with nostalgia back to the simple times when the only thing network administrators and IT managers had to worry about was a few rogue computer hackers.


Post a Comment

<< Home