Cyberspace: The next battlefield

[InfoSec News <isn () c4i org>]

http://www.usatoday.com/life/cyber/tech/2001-06-19-cyberwar-full.htm

By Andrea Stone
USA TODAY 
06/19/2001 

ARLINGTON, Va.  They don't drive tanks, fly jets or even wear boots.
But the computer technicians hunkered down in virtual foxholes in a
pale yellow building here in suburban Washington might well be the
frontline soldiers in the nation's next war.

They work for the Defense Information Systems Agency, which figures
that future conflicts won't be won by shooting down the enemy's
aircraft but by shutting down its computers.

Today, they defend the U.S. military's 2.5 million computers against
hackers. But they are being trained to guard against computer attacks
by other countries and to launch computer virus invasions that will
bring chaos to a foe's communications networks, financial systems and
power grids.

Military analysts say the United States is one of more than 20
countries girding for this new kind of conflict, known within the
Defense Department as "IW" for information warfare. Last fall, the
Pentagon disclosed that the U.S. Space Command is building offensive
computer weapons to use against adversaries. Until then, the Pentagon
had focused on defensive measures to protect U.S. military computers,
satellites and communications links.

Russia, North Korea, Iraq, Libya, Cuba, Britain, France, Israel and
China also are developing IW capabilities, according to military
analysts. The Congressional Research Service says that China has
assembled a battalion of computer experts to develop offensive viruses
and defenses that some in the Pentagon call "the Great Firewall of
China."

In fact, China is pursuing IW capabilities at least as aggressively as
the Pentagon. It concluded after the Persian Gulf War in 1991 that it
could never defeat the United States in a conventional conflict, so
its strategists decided to target America's heavy dependence on
computers, analysts say.

"The next time you see a major international conflict between two
technologically advanced opponents, you're going to see computer
network attacks," predicts Dan Kuehl, who teaches information warfare
at the National Defense University in Washington.

Why? At a time when political leaders are eager to minimize casualties
and the U.S. public has come to expect bloodless precision strikes,
computer viruses are an enticing and relatively cheap weapon. Analysts
say IW could shorten conventional conflicts or even head them off by
bringing foes to their knees.

IW is not just the stuff of science fiction. The Pentagon has already
used computer weapons. During the Gulf War, U.S. warplanes emitted
electronic jamming signals that disrupted Iraqi air-defense computers
and interfered with their ability to target allied aircraft.

During the war in Kosovo in 1999, U.S. officials considered siphoning
funds electronically from Serbian leader Slobodan Milosevic's bank
accounts but decided not to because of legal concerns, analysts say.
The Serbs launched a crude IW attack: They vandalized NATO Web sites.

Defense Secretary Donald Rumsfeld ranks IW as one of the gravest
national security threats. One of his top priorities is to protect
military computer functions, such as communications, navigation,
weapons targeting, intelligence and logistics.

"We're going to need to have ways to make sure that we can continue to
see, hear and communicate," Rumsfeld said in a recent interview.

Significant obstacles

Cyberweapons could revolutionize war in the 21st century as the
airplane did in the 20th century. But the Pentagon and policymakers
have obstacles to overcome.

One is learning how to defend against viruses launched by attackers
who can hide their identities. If the U.S. Military can't be sure
whether the assailant is a lone hacker or a foreign government, it is
difficult to retaliate.

Another concern is whether IW fits within the legal and ethical
boundaries of warfare because of the potential threat to civilians.
Computer weapons aren't precise enough to limit damage to military
targets. Unlike precision-guided bombs, a virus unleashed to shut down
power in a military command post could spread inadvertently to a
hospital nearby or even cross borders and cause havoc in a neutral
nation.

John Hamre was a strong advocate of beefing up computer defenses when
he was deputy Defense secretary in the Clinton administration. But
he's skeptical about using computers as offensive weapons. "For
warfare, you want high confidence and predictability of outcomes, and
that's very hard to know in cyberspace," he says.

Military officials won't divulge their offensive capabilities. But
analysts say they believe the Pentagon has a formidable arsenal.

"We have powerful tools that we have not used," says Steven Hildreth,
a Congressional Research Service defense analyst. The United States is
the leader in the field, but it doesn't take great economic resources
to develop powerful computer weapons.

Analysts say the U.S. arsenal likely includes malevolent "Trojan
horse" viruses, benign-looking codes that can be inserted
surreptitiously into an adversary's computer network. They include:

* Logic bombs. Malicious codes that can be triggered on command.

* Worms. Programs that reproduce themselves and cause networks to
  overload.

* Sniffers. "Eavesdropping" programs that can monitor and steal data
  in a network.

The U.S. Military could use these weapons to trigger disruptions in
enemy territory, such as a shutdown of oil and natural gas pipelines
or a cutoff of phone service, analysts say.

At the same time, an adversary could use these same viruses to launch
a digital blitzkrieg against the United States. It might send a worm
to shut down the electric grid in Chicago and air-traffic-control
operations in Atlanta, a logic bomb to open the floodgates of the
Hoover Dam and a sniffer to gain access to the funds-transfer networks
of the Federal Reserve.

Those kinds of attacks, which would target civilians, probably violate
international law. But computer strikes that destroy or interrupt the
flow of military information would conform to international rules of
war.

For example, U.S. Military technicians could send an adversary's
precision-guided weapons off course by altering signals from the
control system. They could change the enemy's tank computers to
identify "friendly" forces as foes, prompt the enemy to redeploy
forces based on false information fed into its computers and route
truck parts instead of bombs to fighter jet squadrons.

Vulnerable computers

The Pentagon is vulnerable to the same kinds of attacks. About 95% of
its communications are carried over unclassified, commercial networks.

"The (Internet) linkages that take a cybercrime to Amazon and eBay are
exactly the same linkages that would take an attack inside critical
military facilities," says the National Defense University's Kuehl.

The vulnerabilities of U.S. Military and civilian computers are well
known to China.

In 1996, a Chinese military paper told of preparing for "a war of
decisions and control, a war of knowledge, and a war of intellect."

Three years later, two Chinese officers wrote a book that advocated
using cyberattacks against civilian power, transportation,
communications and financial systems. U.S. analysts say the Chinese
are pouring significant resources into developing such capabilities.

For now, the main threat comes from hackers, not hostile nations.
They're trouble enough: 413 intruders broke into U.S. Military
networks last year. That record makes analysts wonder how the Pentagon
will fend off sophisticated attacks from hostile countries.

Although the Pentagon spent $1.6 billion on computer defenses last
year, the General Accounting Office, a congressional watchdog agency,
criticized it in March for having networks "beset by vulnerabilities."

The Pentagon has known for several years that its computers are
vulnerable:

* In 1997, it held an exercise called "Eligible Receiver." Teams from
  the intelligence-gathering National Security Agency (NSA) used
  Internet hacker programs to simultaneously break into nine city
  power grids and 911 emergency systems and 36 Pentagon computer
  networks, says computer consultant James Adams, an NSA
  adviser. Systems administrators detected only two of the military
  attacks, he says.

* In 1998, more than 500 Pentagon computer systems were compromised in
  a series of attacks code-named "Solar Sunrise." The intrusions
  appeared to originate in the United Arab Emirates but eventually
  they were traced through several countries to two California high
  school students and their 18-year-old Israeli mentor.

* Since March 1998, a group of hackers apparently based in Russia has
  broken into hundreds of Pentagon and other government computer
  networks and stolen thousands of unclassified technical files in an
  operation U.S. officials have dubbed "Moonlight Maze." Moscow denies
  involvement, and the culprits are unknown.

Beefed-up defense

The Pentagon recognized that any of those attacks could have come from
a foreign government. And it concluded that it had to raise the
digital ramparts. It formed what is now the Joint Task Force for
Computer Network Operations to coordinate defensive and offensive
information warfare programs. It has asked Congress for a 500%
increase in funding, from $3.1 million to $18.6 million in 2002.

In addition, each service has its own information warfare operations.

The Pentagon also is trying to figure out the legal consequences of
IW. If a foreign government hacked into a bank's computers and stole
billions of dollars, would that constitute an act of war?

"Even as we have challenged the technologists to develop great tools,
we are really challenging the lawyers to find the legal framework,"
says Army Maj. Gen. Dave Bryan, head of the joint task force. "We are
asking for some new rules."

There's also the problem of identifying whether the enemy is a foreign
government, terrorist group or amateur hacker. "Pinning the blame on a
specific group or nation is tough," Adams says.

But these concerns have not slowed a rush by militaries to integrate
this new weapon into their war plans in hopes it will reduce
casualties. Information warfare "doesn't have the same punch as
bombs," Kuehl says. "But if it does offer the possibility to drop the
cost in human life, that's good."



ISN is hosted by SecurityFocus.com
---
To unsubscribe email isn-unsubscribe () SecurityFocus com.