Home Book Review: Cyber War

PostHeaderIcon Book Review: Cyberwar

Assume ... that you are a Syrian anti-aircraft controller.  For six long hours your radar screens have been showing the same dull, uninteresting targets. To the north, the North Korean construction workers at the secret building site, 75 miles from the Turkish border, left for their dormitories hours ago. Time for a glass of tea.

Suddenly the night sky turns to bright daylight. Your command post rocks with the concussions of multiple bomb strikes. Then you hear the departing roar of Israeli military jets, their mission completed. How could this have happened? Your Russian radars seemed to be working perfectly. Yet you saw nothing. Why?

According to the authors, although this actually happened, the Syrian government remained silent. Finally the story emerged from U.S. and British media. Israeli F-15s and F-16s had penetrated Syria's vaunted air defenses, destroyed what all now agree was a North Korean-designed nuclear weapons facility, and escaped, virtually unnoticed – except for the ruined buildings left in their wake.

How did the attackers do it? By penetrating the Syrian defender's electronic communications systems, substituting a “replay” of the previous night's radar picture on the operators' screens, and thus effectively blinding the Syrian defenders without their even knowing about it, until it was too late. Welcome, says Richard A. Clarke, former National Coordinator for Security under four presidents, to “cyberwar”. (For newcomers, the old blow-em-up kind of warfare is now called “kinetic”.)

Today, just about anyone using the Internet has heard of DDOS (distributed denial of service) attacks where the attacker, usually utilizing a “botnet” army of unwitting slave computers made vulnerable by having downloaded a package of malicious software, often from a seemingly benign website, launches a blizzard of electronic communications which overwhelms the target computer and renders it unable to function. One frequent target has been Spamhaus, an eleven-year effort by Englishman Steve Linford to track, log and report spammers – to their great displeasure, of course.

The vulnerability of western society to electronic warfare of this kind is frightening. The Internet isn't just about Facebook and Twitter and email. Air traffic control, the electrical power grid, virtually all banking operations from ATMs through wire transfers, and all other digital telecommunications, right down to the individual motors and lights in buildings and homes runs on signals sent and received through the Internet. Just one malicious batch of code sent to an electrical generating station could cause a turbine-generator set to catastrophically overspeed, destroying both itself and possibly the entire station as well.

As the author explain, the the Internet itself has at least five major “baked-in” vulnerabilities. There are only six major ISP's (internet service providers), Verizon, AT&T, Qwest, Sprint, Level 3 and Global Crossing. They are the “backbone providers”, technically called “Tier 1 ISPs”. Even a simple email communication has to be converted to packets of digital information that flash through router after router – often all the way across the country and back – before reaching your colleague down the street. So if a clever attacker wanted to divert those packets, he/she would have at least two opportunities.

In this way, Internet users can be diverted to a phony look-alike webpages, where information can be stripped off and used for some malicious purpose. Or, as actually happened in February 2007,even top-level domain servers can be attacked in a coordinated DDOS attack. For a first-hand account of the damage this can cause, we need only look at Estonia and Georgia, whose communications systems suddenly went dark during the Russia-Georgia war. The attack, which was later traced to a “spoof” site somewhere in the Pacific, lasted eight hours.

Another vulnerability is the routing system among ISPs, known as the Border Gateway Protocol (BGP), which routes all digital traffic to and through the ISP borders. According to the authors, if a rogue insider working for one of the big ISPs wanted to paralyze the Internet, all he needs to do is hack into the BGP tables and spoof the routing instructions. Chaos will result.

So much for malicious mischief. What about all-out cyberwar between nation-states? How would they defend? Counter-attack? Is it even possible to make meaningful treaties with other potentially dangerous nations? The list of cyber-capable countries is already large, and growing. Russia, China, Iran, even North Korea have such capabilities, and are suspected of having already used them. The U.N. has been working on this since 2005, pulling together a group of 15 nations to explore these issues. [New York Times, July 17, 2010.]

The analogy to kinetic warfare, say the authors, is a good one – except that in cyberwarfare two things are critically different. First, whatever it is, it will happen virtually instantly – no massing of armies, launching of navies, nothing that might arouse suspicion except (if we were lucky) a few chance interceptions of Internet traffic, or discovery of a “logic bomb” previously planted in the software of some critical information system – such as the control system of a nuclear power plant.

And second, when it does happen, it may be impossible for some time to even know where it came from or who was behind it. Using an actual war games example, Clarke describes a hypothetical situation unfolding in the South China Sea, where the Chinese navy is observed by spy satellites apparently preparing to pressure Vietnam to cede its valuable undersea oil and gas fields. The U.S. gamers want to stop the exercise by crashing the PRC navy's Internet backbone, and sending their military an apparently genuine photo of one of their aircraft carriers in flames and sinking – a kinetic reality, given the power of the U.S. 7th Fleet. They hide their tracks by making the attack appear to originate in Estonia, which no one in the PRC would ever believe, but the question remains: who did it?

China retaliates. It triggers its pre-planted logic bombs, knocking out the power grids of Honolulu, San Diego, and Bremerton WA (where the 7th Fleet is located). But the damage isn't contained there – it spreads into Mexico and British Colombia.

Where will it stop? Read the book and find out.  Or visit the author's website at http://www.richardclarke.net. <!-- @page { margin: 0.79in } P { margin-bottom: 0.08in } -->

Could an alert Department of Cyberdefense (if there was one) see an attack coming and take counter-measures before serious damage is done? Clarke predicts that an attacking power (China, for example) would quickly “pull up the drawbridge”, disconnecting itself from the Internet and simultaneously counter-attacking using remote proxies, making the identity of the attacker difficult to ascertain. Further escalation would be almost certain, within hours, or even minutes. The strategies of cyberwar are much the same as for a conventional “kinetic” war, except that everything will happen much, much faster. Will an enemy be deterred knowing the potential of its opponent? How can that potential be demonstrated without triggering a full-scale response? Is “first strike” use justified? The authors explain:

“[C]yber war moves faster and crosses borders more easily than any form of hostilities in history. Once a nation-state has initiated cyber war, there is a high potential that other nations will be drawn in, as the attackers try to hide both their identities and the routes taken by their attacks.... Because some attack tools, such as worms, once launched into cyberspace can spread globally in minutes, there is the possibility of collateral damage as these malicious programs jump international boundaries and affect unintended targets.”

The authors offer five “take-away” points about cyberwar: (1) It is now a realty; (2) it happens at light-speed; (3) it is inherently global; (4) it leap-frogs conventional battlefields; and (5) …. it has already begun.

CYBER WAR, by Richard A. Clarke and Robert K. Knake (HarperCollins, 2010). Highly recommended

Last Updated (Tuesday, 10 July 2012 05:09)