When President Bush recently asked Congress to direct $152 million into cybersecurity programs in 2008, he was reacting publicly to the increasingly high-profile security breaches occurring both in the U.S. and around the globe.
A literal cyberwar broke out on April 27, 2007, when government in Estonia decided to move a Soviet war monument from the nation’s capital, the Baltic seaport of Tallinn, to a military cemetery. Estonia’s ethnic Russians then proceeded to violently protest, leading to a vast array of Internet attacks that deface Estonian websites, replacing the pages with Russian propaganda or bogus apologies. Estonians claim that some of the first attacks came from computers affiliated with the Russian government. (The Russian government denies this.) But many of them came from thousands of private citizens furious at Estonia. Instructions on how to launch denial-of-service attacks against Estonian websites have been floating around Russian sites. Botnets — ad hoc networks of computers commandeered by viruses unbeknownst to the computers’ owners — have also been brought to bear in the Russian-Estonian “cyberwar”. All of this resulted in the congestion and obstruction of the websites of the president, the prime minister, Parliament and other government agencies, disrupting Estonia’s biggest bank (Hansabank had to shut down its online banking network) and the websites of Estonian newspapers. The blockade cost Estonia the equivalent of billions of dollars. The suspects (if and when there are any) have not been caught and/or prosecuted.
Mihkel Tammet, Director of Communications and IT of Estonia’s Ministry of Defence was quoted as saying, “These attacks were not aimed at ruining our databases or stealing our information. They were assaults on the service industry and our nation’s infrastructure.” Which means that is qualified as being a real cyberwar, or at least a “cyber-assault.”
The hacking assaults in Estonia in May 2007 were followed by intrusions in Britain’s Whitehall and the Pentagon in October. In late October 2007, the defense ministers of NATO countries met to firm up the organization’s first policy relating to cyber attacks on member states’ critical national infrastructure.
Interestingly, Marine Corps General James Cartwright, former commander of the Strategic Command, now Vice Chairman of the Joint Chiefs of Staff, asked Congress early in 2007 to consider legislation giving permission for the Department of Defense (DOD) engage in its own offensive cyberoperations.
Certainly the defensive aspects of cyberwar are being taken seriously by the military. For example, in a building at Lackland Air Force Base near San Antonio, Texas, a “Network Warfare and Ops Squadron” monitors cyberspace for any intimations of hacker infiltration, viruses, malware, or network-congesting spam that could affect some of the 650,000 computers used by the Air Force. If something is found, the group instantly investigates every problem and then calls upon specialized software to deal with the problem.
Certainly it has become evident in recent years that it doesn’t take much to destabilize a business or a whole country from afar. Any critical infrastructure now relies on computers, and computers, to be really useful, must be tied into networks. Once that happens, any vital system becomes a target of opportunity for terrorists, adversary nations, criminal organizations, and non-state actors. The original small-time teenage hackers are still out there, bless their souls, but they’ve been completely overshadowed by larger, more organized and more menacing forces.
Disrupting the information infrastructure of a transportation or finance system is even more effective than disrupting the physical infrastructure. Why blow up a power grid, when you can disrupts the computers controlling the grid, which will have the same result? Add to that disrupting railroad shipments, disrupting airport tracking systems, or disrupting… well, you get the idea. It’s possible for a sufficiently technically-savvy hacker/cracker to disrupt anything.
And that brings us to President Bush, who wrote to House Speaker Nancy Pelosi (D-CA (News
)) requesting that $152 million of existing funding at the Department of Homeland Security and the Federal Bureau of Investigation be redirected to boost these agencies’ cybersecurity programs. Two-thirds of the money ($115 million) would go to a program called “Einstein” administered by the U.S. Computer Emergency Readiness Team. Like the Air Force group mentioned above, Einstein monitors participating agencies’ network gateways for anything that could be euphemistically described as “unwanted data traffic.”
Allan Paller, director of research at the SANS Institute, told Jason Miller (of FCW.com) that the $152 million Bush seeks is merely for “public consumption” and that the remainder will be in “the black budget, which is secret.”
As in the Air Force scheme, note how automation (artificial intelligence, pattern recognition) can only take us so far. Real humans have to examine suspicious data traffic. Perhaps the distant (or not-so-distant) future will resemble the movie Brazil somewhat, wherein all traffic is funneled through an automated front end and finally a call center populated by humans, so that a user’s attempt to access a “questionable” or “forbidden” site will result in a little box popping up, inside of which your friendly local “Web Toll Guard” appears, asking you why you want to access such and such a site, or sternly admonishing you, in Orwellian style, to stay aware away from “controversial” locations on the Internet.
Such massive, detailed monitoring (automated or otherwise) will probably initially affect the speed at which the world’s users can surf the web, though the “peeking into packet” technology, like all technology, can improve over time to the point where it’s simply an invisible background process.
Maybe it already is?
Richard Grigonis is an internationally-known technology editor and writer. Prior to joining TMC (News - Alert) as Executive Editor of its IP Communications Group, he was the Editor-in-Chief of VON Magazine (News - Alert) from its founding in 2003 to August 2006. He also served as the Chief Technical Editor of CMP Media’s Computer Telephony magazine, later called Communications Convergence (News - Alert), from its first year of operation in 1994 until 2003. In addition, he has written five books on computers and telecom (including the Computer Telephony Encyclopedia and Dictionary of IP Communications). To see more of his articles, please visit his columnist page.