The cyber minefield
In late January, the Royal Air Force found that it had been the target of a cyberattack in which hackers forwarded e-mail messages from multiple facilities to an IP address somewhere in Russia. The attack, which was an e-mail worm, forced the British Ministry of Defence to shut down e-mail servers to prevent the worm from spreading and sending more sensitive data.
Like the virus that struck the Defense Department's Global Information Grid late last year — an attack that was apparently introduced by a USB thumb drive or other removable media — the attack is notable because of its scale and that it was made public. The networks of DOD and its coalition partners are under constant attack, and the attackers steal sensitive data with frightening frequency.
As Brian Robinson and I report in this month's special report, data theft is hardly the only threat – and nailing down the responsible parties for attacks is difficult at best. Cyber warfare is the most asymmetric form of warfighting — a single person or small group can wreak havoc on the economies of whole countries and compromise the effectiveness of military operations. Attackers have advantages over defenders and can strike from anywhere in the network-connected world. Deterrence is difficult, if not impossible, and there are many legal and political barriers to taking decisive action against systems involved in a cyberattack.
But cyber warfare is a two-edged sword. It also offers an opportunity for intelligence, reconnaissance and surveillance because the military can use software to collect information about potential adversaries, monitor discussions in cyberspace and attribute real-world activities, such as last year's terrorist attacks in Mumbai. Voice-over-IP traffic was reportedly detected and used to help trace the coordination of the attacks back to Pakistan.
With China aiming to establish a dominant military presence in cyberspace and exploit it for national gain, it's never been more crucial for DOD, the federal government and private industry to collaborate in defending networks and building a capacity for information sharing on cyber threats. As Mark Gerencser, vice president of Booz Allen Hamilton, said recently, the United States’ cyber operations have been like a football team trying to play soccer. To effectively address the cyber threat, we need to change the way we play the game and collaborate across organizational lines.
My interview with Gerencser is part of the online companion to this month's special report on defensesystems.com.
Confronting the attacks on DOD network assets will require more automation and better enforcement of information assurance policies. But the only way to neutralize cyberattacks as a weapon is for better, centralized coordination and information sharing on threats. And that's going to require more than technology.
Sean Gallagher is senior contributing editor for Defense Systems.