Enable breadcrumbs token at /includes/pageheader.html.twig

Faceless Enemies Claim Sovereignty on Internet's Borderless Battlefield

Computer networks are essential to global productivity and collaboration. They also are weapons: More harm is possible from a network attack than from a machine gun, according to experts gathered in London to discuss cyberwar.
By Beverly Mowery Cooper, SIGNAL Magazine

 

At TechNet International, Georges D’hollander, general manager, NATO Consultation, Command and Control Agency, explains that cyberspace today is defined more by social than technical issues.

Computer networks are essential to global productivity and collaboration. They also are weapons: More harm is possible from a network attack than from a machine gun, according to experts gathered in London to discuss cyberwar.

Cyberspace is the global nervous system, explained Raul Rikk, who heads the cybersecurity department for Trustcorp Limited, but cyberspace also is a new dimension of warfare. “You have to have a license to own a gun, but not so for computers,” he emphasized. The Internet is an incubator for criminal and terrorist activity, agreed Vice Adm. Harry B. Harris Jr., USN, commander, U.S. 6th Fleet; commander, Striking and Support Forces NATO; Joint Force Maritime component commander, Europe; deputy commander, U.S. Naval Forces Europe; and deputy commander, U.S. Naval Forces Africa, speaking just before the start of the two-day Technet International conference, held October 28-29.

The pace of cyberattacks is increasing, and those with harmful intentions are finding unique ways to infiltrate not only computers connected to the Internet but also computers that never were connected to the online world. Stuxnet, a computer worm that targets critical industrial infrastructure, was an entirely new type of attack. Tony Roadknight, technical architect, Nexor, called the worm a cyber missile, not just cyber mayhem. Part of the attack had to include individuals with infected media who accessed the closed system. The ability of the worm to target only certain systems and then hide the changes has made tracking its source, or even its purpose, difficult.

Complicating the effort to protect systems is the reality that cyber has no borders. The necessary solutions are global in scope, and all personnel from government and industry—in uniform, business suit or lab coat—must work internationally together, Adm. Harris stressed. “No one nation is as good as a coalition willing to work together,” he added. Still, international laws and the rules of combat make fighting a cyberwar a challenge for individual countries as well as for organizations such as NATO. All are struggling with defining the ethics of cyberwar in the context of the invisible face and unlimited flexibility of the attackers, who often move seamlessly across global networks using technology to mask their identities.

 

It is difficult to determine who the actors are in cyberspace, cautions Zalmai Azmi, senior vice president, Cyber Solutions Group, CACI International. Criminals take advantage of the anonymity, he said, explaining that the Internet provides a tremendous platform for money laundering and for almost 40 percent of jihad recruitment.

The enemy changes its face every day, reiterated Zalmai Azmi, senior vice president, Cyber Solutions Group, CACI International. “The pace of change of technology is forcing our direction. Security, privacy, compliance and legal issues need to be addressed.” The actors originally were individuals hacking for fun, but now the list includes companies conducting espionage on each other, as well as criminals and terrorists, he explained.

Mobile capabilities such as smart phones, which were designed for personal, not enterprise, level use, are proliferating into new applications, Azmi acknowledged. “Now troops receive battlefield awareness through Droids. Almost all Marines are connected this way, although they don’t always have the access to Wi-Fi they need,” Azmi said.

A former FBI chief information officer, Azmi pointed to the information vulnerability that exists throughout the cyberworld as a growing concern. “How do you know that a chip is not compromised in manufacturing?” he questioned, explaining that the supply chain can be the starting point for malicious programming tools.

“Wi-Fi hot zones can be hijacked, and now all your information could be going through the box of bad guys,” he elaborated. Insider threat, both unintentional and intentional, is another vulnerability. Other nefarious tools he described include botnets, which are like zombies in a system, furtively waiting for instructions to do something, and malware, for which there are as many as 130 incidents per day.

Because of the complexity of these malicious tools, it is difficult to crack the technology, Azmi allowed. As a result, he stressed the need to defend against cyberattacks with more than just technology. For example, it is necessary to look at the policies, “which are 100 to 200 years old and don’t apply to the digital world,” he explained. The work force is also of concern. The United States has seen a 40 percent drop-off in software engineers, and 60 percent of the remaining software engineers are from other countries who are educated in the United States and then return to their homelands, according to Azmi. To create a strong cyberdefense, he believes partnerships are essential among the intelligence community, Defense Department, civil government and the private sector. As much as 90 percent of the infrastructure is in the private sector, but the government does not engage there as it should, he said.

Not all security requires a technology solution. Azmi related that a 2009 study showed that 94 percent of the incidents studied could have been avoided with simple low-level security.

Much debate continues about the use of Facebook and other social media sites, as they can be fertile ground for malicious cyber activities. Rear Adm. Christopher J. Parry CBE MA, fellow of the Charted Management Institute, associate fellow, Royal United Services Institute/Chatham House, explained that terrorists use Second Life for mission planning.

Mikko H. Hypponen, chief research officer, F-Secure Corporation, said he does not have a personal Facebook account because “you never know who is gathering information on you.” He spoke of friends he knows who have posted their detailed vacation plans as well as other personal information that could tip off criminals, and he questioned the rationale of people who accept friend requests from people they do not know, especially from people who do not include a picture.

Cyber poses a whole series of new questions often against an opponent “who is more comfortable with Facebook and MySpace than we are,” explains Maj. Gen. A.J. Raper, CBE, Defence Strategy and Solutions. “Cyber brings us out of the realm of tangible and breaks the notion of a frontline,” he reported.

While acknowledging the potential security issues of sites such as Facebook, Adm. Harris did not shy away from supporting its use by those in the military. “We must allow access to social networking sites. Our young people are digital natives. You must figure out a way to have open connectivity while at the same time keeping it secure.”

The challenges of information sharing extend far beyond the world of social networking and are faced on the battlefield as well as in government and business. The requirements for more information that is accessible, visible and delivered faster are universal. So is the need for information that is trustable and understandable. Striking the right balance between information sharing and information security is key, according to Lt. Col. Srikant Mantravadi, USAF, chief of cyberspace integration requirements, Air Force Space Command. “Apply leverage at the seams of organizational boundaries and build in understanding of mission, impact and improvement,” he added.

Cyber has a seam with real life, and we have to get that right, Adm. Parry added. “As much as 11 percent of the world’s economy is on the dark side,” he expressed. This includes corruption, institution penetration, cybercrimes, gang activities, Russian Business Network crimes, business breaches, botnets, hybrid irregular activity and portable interruption devices.

 

Cyberspace is a complicated environment to define, but a panel of experts moderated by Cdre. Robert Howell, RN (Ret.), AFCEA Europe general manager, offered insights into understanding the boundaries. The panel included (l-r) Lt. Col. Srikant Mantravadi, USAF, chief of Cyberspace Integration Requirements, Air Force Space Command; Mikko H. Hypponen, chief research officer, F-Secure Corporation; Patrick Ciganer, director, Transparency Initiative, U.S. Department of Energy; and Raul Rikk, head of the cyber security department of Trustcorp Limited.

Cyber survivability is nowhere near as survivable as it should be, given the threat, Adm. Parry stressed. Cyber is a law-free zone, and security and survivability are in their infancy. Capability is leading the thinking, but a strategy of “mutually assured disruption” is not easy because no link exists between strategic, operational or tactical in the cyberworld.

This makes forming an international team to fight a cyberwar difficult. It would have to be in the context of international warfare, and development and agreement of laws would be hard, according to Maj. Gen. Jaap Willemse, RNLAF, assistant chief of staff, Consultation, Command, Control, Computers and Intelligence, Supreme Allied Command Transformation. Right now, NATO’s only role in providing a cyberdefense is to send advisers if asked, the general explained. What is needed is joint research, shared capability development, near-real-time information exchange and intelligence.

Integration of battlespace and cyberspace has never been openly discussed within NATO. But cyberattack also could be part of a kinetic attack, according to Georges D’hollander, general manager, NATO Consultation, Command and Control Agency. “Is it not one domain integrated de facto?” he asked. Exploiting cyber to coordinate with kinetic is something we do not understand, he continued.

But command and cyber must be integrated into the development of battlefield strategy, related Brig. Nigel C. Jackson, MBE, fellow of the Institution of Engineering and Technology. He explained that the commander and his principal staff must understand cyber. It must be brought to life as an enabler, not as a technical activity only. “We are already in a constant cyber confrontation,” he warned. Integration must be achieved between national and military capabilities, and imaginative development is required.

The flow of bits and bytes does not end at the computer, D’hollander reminded the audience, but it carries on to command and control, power companies, utilities, banks and cellular telephones. “Cyberspace is part of the operational environment, and the populations we seek to influence are part of cyberspace as well,” he explained.

Both military and industry are targets of cyberattack, so D’hollander called for coordination between the two. Firewalls cannot protect attacks from inside, and outside penetration will be effective from time to time. A coordinated approach, which includes multinational collaboration from the start with tools that are common across nations, is needed. Integrating cyber into the operational repertoire remains an intellectual challenge, because cyberspace today is defined as more of a social than a technical issue. Information sharing and integration of cyber are about more than just technology. “Networks are improving, but internally we still struggle with the trust of sharing information,” he related.

Offensive cyber activities are a controversial topic and lead to new ethical and legal challenges. If attacks are coming from other government entities, Roadknight asked, “Should pre-emption be precluded? Are offensive means a form of defense?” According to Air Cdre. Bruce Wynn, OBE, RAF (Ret.), currently a consultant, “The determination of whether or not a cyber weapon is an act of war—or just a weapon—depends on where you are and what the effect the attack had on you.”

NATO has no offensive capability nor plans to develop any. To stop the attacks, the risk must increase until the attacker reconsiders, and factors that contribute to that include criminal prosecution, diplomatic isolation and cyber isolation. But Joel Ebrahimi, solutions engineer, Bivio Networks Incorporated, questioned, “How can you deter people from attacking when, if they know what they are doing, the chances of catching them are slim to none?”

The word deterrence has a nuclear connotation, but Maj. Gen. Glynne Hines, CF, director, NATO Headquarters Consultation, Command and Control Staff, proposed that perhaps it has a different meaning in the cyberworld. Cyber deterrence is the demonstration that the alliance is capable of functioning regardless of a cyberattack. While the capabilities may be damaged, the alliance is capable of continuing on.

Gen. Willemse stressed that the NATO role for cyberdefense cooperation should leave any offensive action to the individual nations but that, “We simply cannot keep cyberdefense in national or organizational stovepipes.”

In concluding the conference, Cdre. Robert Howell, RN (Ret.), the general manager of AFCEA Europe, expressed the sentiment of many in attendance: “I will leave here a little frightened, but better informed of the challenges.”