91ɫƬ

Pentagon readies its cyberwar defences

Internet warfare is getting cheaper, easier and more devastating – but the Pentagon is learning how to fight back

Read our related editorial: The toaster did it

CYBER-ATTACKS on a nation’s military and commercial computers have grown a lot more sophisticated since the days of the lone hacker targeting a system’s defences just for the thrill of it.

Nowadays, electronic attacks are increasingly seen as a cheap and easy way for one nation to attack another. “It’s the ultimate bargain hunter’s way of destroying everyone’s way of life,” says Glenn Zimmerman, a cyberspace specialist at the Pentagon. “It may even be free.”

“It’s the ultimate bargain hunter’s way of destroying everyone’s way of life. It may even be free”

So worried are governments by the prospect of an all-out cyber-attack that last month UN secretary-general Ban Ki-moon revealed that cyber-weapons are to be added to the list of arms falling under the remit of the UN’s Advisory Board on Disarmament Matters, which develops policy on weapons of mass destruction. Ban said recent breaches of critical systems represent “a clear and present threat to international security”, since the public and private sectors have grown increasingly dependent on electronic information.

But despite the threat, current NATO war games tend to treat cyber-attack simulations as an afterthought, according to military sources. Now the Pentagon is hoping to change that by developing a centre at which the military can play realistic electronic war games.

Called the National Cyber Range, the centre will mimic not only the hardware that might be used to inflict cyber-attacks, but also the likely behaviours of the people behind the attacks. The centre, being developed by the Defense Advanced Research Projects Agency (DARPA), is part of the US government’s Comprehensive National Cybersecurity Initiative, launched last year.

Until now, cyber-attacks have been relatively limited in scope. In 2006, for instance, Russian hackers, angered by the removal of a Soviet war memorial, launched a sustained denial of service attack on government and business websites in former soviet state of Estonia. In 2007, Chinese hackers attacked US and UK government websites, knocking them temporarily offline, and in 2008 Georgia suffered massive internet outages alongside its military battle with Russia. In January, Kyrgyzstan became the latest victim when its two largest internet service providers were targeted by a denial of service attack from hackers in Russia.

As if such attacks weren’t worrying enough, military and private sector security experts attending a recent claimed attacks can only get worse because our electronic infrastructure is so poorly defended. What’s more, computer scientists do not yet know how to defend critical systems against attacks, says Amit Yoran of NetWitness, an electronic security company based in Herndon, Virginia. “We are largely blind and ignorant of how to protect ourselves against cyber-attacks,” he told delegates. “Advanced threats continue to evade deployed solutions.”

With this in mind DARPA is ploughing $30 million into developing its testing range for cyber-warfare countermeasures, or “cyber sidearms” as it refers to them. The facility will allow teams to engage in lengthy fights in cyberspace using faithful replications of the US military’s global satellite, wireless and landline networks. Many of the range’s functions are classified, but DARPA says it wants it to have a sophisticated “nation-state quality” enemy team against which to test its countermeasures.

Heli Tiirmaa-Klaar, an adviser to the Estonian ministry of defence, says that because a cyber-attack can destabilise a country without sending forces across a border, it is a likely first strike tactic. Russia did just that in the Georgian conflict last summer. DARPA shouldn’t expect that such attackers will use easily fought viruses, says Yoran. “They have fantastic engineering resources and can develop customised and very powerful ones.”

One likely target, says Julian Charvat, a cyber-terrorism analyst with NATO in Ankara, Turkey, is the control systems for power stations, chemical plants and water utilities. These Supervisory, Control and Data Acquisition systems (SCADAs) often lack adequate cyber-defences.

Another risk comes from the fact that western microchip firms have outsourced manufacture to Asia, where saboteurs could design hardware-based viruses into chips. “Our semiconductor devices now need authenticating,” says Zimmerman. That could have a strange corollary: because the internet is to acquire many billions more IP addresses, machines will get internet addresses – leading to fears that rogue chips within, say, fridges, TV sets and cars could launch cyber-attacks.

Ultimately, the best hope lies in organisations like DARPA developing early warning systems for cyber-attacks, says Charles Williamson, a US air force cyberspace analyst at Ramstein Air Force Base in Germany. Convincing military leaders of the urgent need for such a system may not be easy, he admits. “Our biggest threat is senior leaders who think the computer is technologically equivalent to a toaster.”

Read our related editorial: The toaster did it

A cyberterror attack or a fat pipe foul-up?

One Wednesday afternoon in the summer of 2006, the Pentagon lost most of its telecommunications links to the north and central US. Its analysts were frantically scrambling to find the cause of this outage when, 15 minutes later, they also lost all connection with the southern central US, too.

“We thought it was a terrorist attack,” says Glenn Zimmerman of the Pentagon’s cyberspace task force. Thankfully, it proved to be an accidental outage: a construction crew in Kansas City, Missouri, had dug up a bundle of fibre-optic cables with an earth mover, tearing apart 150 interstate “fat pipes” – and all the fibre they used for back-ups. By coincidence an unrelated construction crew in Oklahoma City then achieved a similar feat, breaking 400 more fat pipes. “Together, they obliterated communications for 36 hours,” says Zimmerman.

A “Schmitt analysis” had determined that it was probably not a cyber-attack. Developed by Michael Schmitt, a military law expert at the European Centre for Security Studies in Garmisch, Germany, it assesses parameters like severity, duration, impact and invasiveness of any possible online onslaught.

But even if a Schmitt analysis says an attack warrants a response, the way cyber-attacks can be routed via proxies and botnets muddies the issue considerably, says Charles Williamson of the US air force in Europe. “If Hamas hijacked a server in the US to attack Israel, could Israel hit the US server?” Unfortunately, there is no cut-and-dried answer in international law, he says.

Topics: Computer crime / United States / Weapons