Defense Media Network

Newest Defense Media Network Promotion

How Real Is the Threat of Cyberwarfare?

Official efforts to combat cyber threats – especially the prospect of cyberwarfare – have grown dramatically in recent months.

President Barack Obama plans to name a “cyber czar,” a high-level White House focal point for defending the nation’s computer networks – especially the Internet – from attack. This new office, with neither congressional review nor approval, is expected to wield sweeping powers, far beyond those granted law enforcement and counter-espionage agencies under the much-maligned Patriot Act.

Meanwhile, nearly every government agency at every level worldwide has created an office to identify and counter cyber threats, which are seen as coming from a variety of sources – teenage hackers doing it for “fun,” criminals seeking material for blackmail or sale, non-state terrorists and official (albeit often covert) government operations, some with military objectives, some economic.

The new czar is expected to operate as a deputy assistant to the president from within the National Security Council, with a mandate to set policy for both public and private sector computer networks. However, some administration officials reportedly also are pushing for a strong link to the National Economic Council to deal with public sector issues – without harming international trade – and the Office of Management and Budget.

Add that to effective control over all existing cybersecurity efforts within the Department of Homeland Security, FBI, and assorted individual agencies and the breadth of the new czar’s authority far exceeds the relatively low rank implied by title and organizational position.

Meanwhile, Secretary of Defense Robert Gates is standing up a new Cyber Command to bring all U.S. military efforts to combat online attacks, including state-sponsored cyber warfare, under a single DoD-wide command. CYBERCOM is expected to be headed by a four-star general or admiral, who also will take control of the National Security Agency (NSA) in an effort to reduce “turf wars” between NSA and the military.

How CYBERCOM and a civilian National Office for Cyberspace (the czar) would interact remains somewhat murky.

Meanwhile, nearly every government agency at every level worldwide has created an office to identify and counter cyber threats, which are seen as coming from a variety of sources – teenage hackers doing it for “fun,” criminals seeking material for blackmail or sale, non-state terrorists and official (albeit often covert) government operations, some with military objectives, some economic.

Many top government, academic, and military leaders are convinced every networked computer in the world is vulnerable, probably under attack, possibly already compromised. For them, cyberwarfare is a fact, already in progress and growing exponentially.

Some others, however, believe attack claims are either unsupported or grossly exaggerated and most efforts to combat cyber threats can be linked to greed (making a profit performing an unnecessary service) or power (controlling access to and use of private, commercial, government and military networks).

The preponderance of evidence supports claims of a real, ongoing threat, especially in light of recent reports that both China and Russia have infiltrated portions of the U.S. electric power grid and planted software bombs that could be used to create massive power outages. While no official charges have been lodged by the U.S. government against either nation, Russia also has been accused of cyber attacks against Estonia in April 2007 and Georgia during its August 2008 military intervention there.

Meanwhile, South Korea has accused a special unit of the North Korean military of launching a series of attacks against major South Korean and U.S. government Web sites in July, including the White House, Pentagon and State Department.

The United States and Russia agree cyberwarfare is a likely future – if not current – global battlespace, but have serious differences on both the nature of the problem and how to deal with it.

Russia wants a formal international treaty, similar to the existing ban on chemical weapons, while the U.S. argues negotiating a complex new treaty is unnecessary if international law enforcement groups, including major national agencies, such as the American CIA and FBI and Russia’s FSB, cooperate more closely. Essentially, it is a difference between a defensive approach by the United States versus a Russian preference for constraining the Internet and access to it.

Tangled up in both, however, are questions of censorship, sovereignty, and the fact the worst offenders may not be subject to a treaty, refuse to sign or simply ignore it. While that is a concern with previous treaties on WMDs, cyberwarfare capabilities are far more easily acquired and employed, not only by governments but by terrorists, mobsters and single-issue activists.

While most critical systems are not directly linked to the public Internet, many still remain vulnerable. Most doctors and hospitals have disabled or removed USB ports from their computers, for example, because someone wanting only to recharge an MP3 player could inadvertently transfer a virus into the system.

Many top government, academic and military leaders are convinced every networked computer in the world is vulnerable, probably under attack, possibly already compromised. For them, cyberwarfare is a fact, already in progress and growing exponentially.

Failing to take any action against the reality of attacks that destroy data, crash computers, or potentially disrupt vital public services or government operations is a certain invitation to catastrophe. So is an over-reaction that violates privacy, censors information or stifles innovation.

It also is a case of the genie being out of the bottle – all of these technologies will continue to evolve and spread, increasing the ability of widely separated individuals, who might never have known of each other’s existence a decade or two ago, to join forces and skill sets.

We have come to think of the Internet as a human right, something as pervasive as fast food, as necessary as electricity, but also now so deeply embedded in our everyday personal and business connections that cutting it off or limiting access would create chaos.

Striking a reasonable compromise between too little/too late, over-reaction or failure to act, personal privacy and societal need may be one of the most difficult tasks the human race has faced. Making the wrong choice, in any direction, could – almost certainly would – change civilization in ways few would find acceptable. But making the right choice may require a leap of faith and unanimity of action few can imagine possible.

By

J.R. Wilson has been a full-time freelance writer, focusing primarily on aerospace, defense and high...