Cyber War
Cyber warfare is a real threat. It is a form of attack that can deliver significant advantages in cases of traditional physical warfare. It is an asymmetric stateless attack that can greatly magnify the effects of terrorist attacks.
Imagine the level of fear that would have been present had the September eleventh attacks been coupled with a cyber attack that significantly impaired communications and news dissemination. As horrific as the day was, a significant increase in the uncertainty surrounding what was going on nation wide would have amplified the sense of terror and powerlessness.
The documented cases of Cyber attacks have been carried out by cyber criminals who use their botnets and resources for dual purposes. The way to stop Cyber attacks is not to build defenses against them, but rather to enact laws and treaties that allow Cyber crime to be effectively combated. If the Chinese government did not have tame cyber criminals to perpetrate and take the blame for the attacks on Google, they probably wouldn’t have happened.
The difficulties of attribution and the asymmetric nature of these types of attacks makes them very tempting to use. If an international body were empowered with jurisdiction over cyber crime that crossed borders, then spammers’ botnets could be shut down and taken off the table as a form of shadow aggression. Clamping down on cyber crime would lead to the deamateurisation of cyber warfare. Thus, cyber war would be raised to the level of conventional war and would become something that fits in the existing framework of international relations.
On Saturday at Defcon I saw two great talks on Cyber War; Kim Jong-Il and Me: How to Build a Cyber Army to Defeat the U.S. by Charlie Miller and Cyber[Crime/War] Charting Dangerous Waters by Iftach Ian Amit.
Charlie Miller’s talk gave a very informative arm waving attempt to quantify the resources required and the damage that could be done if a state were interested in causing as much global destruction as possible through a purely digital sneak attack. The main policy take away is that governments really should care about the national security implications of infosec because large scale bad things are solidly in the realm of the plausible.
Iftach Ian Amit’s talk was more grounded in reality and discussed the real cyber warfare attacks that have occurred and their link to organized crime. The main policy take away is that the best way to limit future cyber war risks is to start seriously fighting organized cyber crime now. Specifically by engaging in multilateral cyber crime treaties that create the jurisdictions and organisations necessary to disrupt and prosecute cyber criminals.
