Chapter 7

1. Is cyberwarfare a serious problem? Why or why not?

Cyberwarfare poses a unique and daunting set of challenges for security experts, not only in detecting and preventing intrusions but also in tracking down perpetrators and bringing them to justice. The most prominent threats so far include:

·         Successful attacks on the FAA airline system, including one in 2006 that partially shut down air traffic data systems in Alaska.

·         Intruders successfully penetrated the Pentagon’s $300 billion Joint Strike Fighter project and stole several terabytes of data related to design and electronics systems.

·         Cyberspies infiltrated the U.S. electrical grid in April 2009 and left behind software programs whose purpose is unclear.

·         In Iraq, insurgents intercepted Predator drone feeds using software downloaded from the Internet.

·         An act of cyberwar against a critical resource such as the electric grid, financial system, or communication systems would likely be devastating.

2. Assess the people, organizational, and technology factors that have created this problem.

·         People: For cybercriminals, the benefit of cyberwarfare is that they can compete with traditional superpowers for a fraction of the cost of other types of warfare. Because more and more modern technological infrastructure will rely on the Internet to function, cyberwarriors will have no shortage of targets at which to take aim. Users of targeted systems are still too careless about security and don’t do enough to help protect sensitive systems.

·         Organization: The U.S. has no clear policy about how the country would respond toa catastrophic level of a cyberattack. Eventhough the U.S. Congress is consideringlegislation to toughen cybersecurity standards, the standards will likely beinsufficient to defend against attacks. The organization of U.S. cybersecurity ismessy, with no clear leader among intelligence agencies.

·         Technology: While the U.S. is currently at the forefront of cyberwarfaretechnologies, it’s unlikely to maintain technological dominance because of therelatively low cost of the technologies needed to mount these types of attacks.Secret surveillance software can be installed on unprotected systems and canaccess files and e-mail thus spreading itself to other systems. Tracing identities ofspecific attackers through cyberspace is next to impossible, making deniability ofsuspected intruders simple.

3. What makes Stuxnet different from other cyberwarfare attacks? How serious a threat is this technology?

Stuxnet different from other cyberwarfare attack this is because stuxnet the software uses previously unknown tricks to worm its way into industrial control systems undetected, searching for a particular configuration that matches its target—at which point it wreaks havoc by reprogramming the system, closing valves and shutting down pipelines.A new software “worm” called Stuxnet (its name is derived from keywords buried in the code) seems to have been developed to attack a specific nuclear facility in Iran. Its sophistication suggests that it is the work of a well-financed team working for a government, rather than a group of rogue hackers trying to steal secrets or cause trouble. America and Israel are the obvious suspects. But Stuxnet's origins and effects are unknown.

For security reasons SCADA systems are not usually connected to the internet. But Stuxnet can spread via infected memory sticks plugged into a computer's USB port. Stuxnet checks to see if WinCC is running. If it is, it tries to log in, to install a clandestine “back door” to the internet, and then to contact a server in Denmark or Malaysia for instructions. (Analysis of traffic to these servers is continuing, and may offer the best chance of casting light on Stuxnet's purpose and origins.) If it cannot find WinCC, it tries to copy itself on to other USB devices. It can also spread across local networks via shared folders and print spoolers. Stuxnet seemed to be designed for industrial espionage or to allow hackers to blackmail companies by threatening to shut down vital systems. WinCC is a rather obscure SCADA system. And Stuxnet searches for a particular configuration of industrial equipment as it spreads. It launches an attack only when it finds a match.

In each cyberwarfare incident, the governments of the government of the countries suspected to be responsible have roundly denied the charges with no repercussions. The real worry for security experts and government officials is an act of cyberwarfaceagainst critical resource, such as the electric grid, financial system, or communication systems. In April 2009, cyberspies infiltrated the U.S electrical grid, using weak points where computers on the grid are connected to the Internet, and left behind software programs whose purpose is unclear, but which presumably could be used to disrupt the system. The U.S has no clear strategy about how the county would respond to that level of a cyberattack, and the effects of such an attack would likely be devastating.

4. What solutions have been proposed? Do you think they will be effective? Why or why not?

Proposed solutions include the following along with an assessment of their effectiveness:

·         Congress is considering legislation that would require all critical infrastructure companies to meet newer, tougher cybersecurity standards. As cyberwarfare technologies develop and become more advanced, the standards imposed by this legislation will likely be insufficient to defend against attacks.

·         Secretary of Defense Gates ordered the creation of Cybercom, the first headquarters designed to coordinate government cybersecurity efforts. It was activated in May 2010. It will coordinate the operation and protection of military and Pentagon computer networks. It will coordinate efforts to restrict access to government computers and protect systems that run the stock exchanges, clear global banking transactions, and manage the air traffic control system. Its ultimate goal will be to prevent catastrophic cyberattacks against the U.S. Some insiders suggest that it might not be able to effectively organize the governmental agencies without direct access to the President, which it currently lacks.

·         Because spy agencies like the CIA are prohibited by law from acting on American soil, some people are proposing to entrust some of the cyberwarfare work to private defense contractors. There is no effective way for a domestic agency to conduct computer operations without entering prohibited networks within the U.S. or even conduct investigations in countries that are American allies. Preventing terrorist or cyberwar attacks may require examining some email messages from other countries or giving intelligence agencies more access to networks or Internet service providers.