The computer attacks Russia allegedly orchestrated against Georgia in Augusthave raised the cyber warfare bar to a new threat level. The cyber assaultthat accompanied Russia’s armed maneuver into its former territory of Georgia escalated to an international event.
The concept of hurting a nation’s technological infrastructure as part of a wider conflict is not new. The extent to which the digital warfare was waged,however, clearly added to a growing concern that has already led U.S.officials to prepare for the next wave of computer warfare.
We now have entered a new age of cyber warfare, one in which attacks are apparently waged by governments for military purposes rather than — or, perhaps, in addition to — high-tech gangs of criminals seeking financial gain. Governments and Internet security firms are quietly gearing up for the potential onslaught. The U.S. government has created a secret computer warfare response team to meet this new international threat.
“We know that the U.S. Department of Homeland Security (DHS) is behinda big initiative on cyber warfare. We’ve seen more governmentreactions each time an incident is discovered. Generally, it takessix to nine months after a new incident to accelerate defensiveefforts. We are slowly getting up momentum. We know that the U.S.government is involved in cyber attacks, but this is being hushed up,”Mandeep Khera, researcher for Web application security securitytesting firm Cenzic, told TechNewsWorld.
Cyber War Primer
DHS statistics in published accounts showed that 37,000 attempted breaches of government and private computer systems were reported in fiscal 2007. Those incidents increased from the 24,000 reported the previous year.
In addition, FBI reports from last year show that 108 countries have dedicated cyber attack capabilities. Groups within China’s government and computer networks based inside Russia have been linked to cyber attacks aimed at various government agencies in the U.S. and Europe.
For instance, for three weeks starting in April of 2007, 1 millioncomputers under botnet control started attacking the Estoniangovernment’s computers in a denial of service (DoS) assault. Followingthat series of digital attacks, NATO provided the Estoniangovernment with help in restoring its computer systems andinvestigating the attacks. Considerable evidence reportedly pointed tocomputers in Russia as the source of the commands; however, Russia’s government hasdenied any involvement.
Computer security experts have theorized that cyber attacks like theones hackers were using for spam and ID theft operations could easily becomeweapons for political and military purposes against governments. What happened in Georgia further supports the notion.
Russia’s apparent effort to shut down Georgian government Web sites in Augustwas one of the most public incidents of cyber attacks by a governmentto date. But what brought down Georgia’s networks wouldn’t have likely shaken the foundations of other governments that place a greater reliance on their IT infrastructures.
“The Georgia attack was more of an annoyance. It didn’t really affectthe government’s response. Small countries like Georgia have no cyberresources. Overly technologically sophisticated countries such as theU.S., the UK, Germany and Japan can protect themselves. The restcan’t,” Patrick Peterson, IronPort vice president of technology andCisco Fellow, told TechNewsWorld.
The effects of Russia’s cyber assault were quickly mitigated. TheGeorgian government relocated its Web sites to U.S. servers, forcing the organizations behind the attacks to cease or else risk a much larger confrontation.
A One-Two Punch
On the surface, the Russia-Georgia confrontation is significant for tworeasons. One, it appears to be the first time a cyber attack was coordinated with aconventional attack. Two, the cyber attack completed and reinforcedthe surface attack.
“The goal was to prove the Georgia government’s weakness andhelplessness. The response may not have been what Russia expected. TheGeorgia government migrated the Web sites to servers within the U.S.This then globalized the attack, pushing Russia into a situation whereit had to press the attack against U.S. servers or stop attacking,”Dominic Fedronic, CTO of digital identity assurance firm ActivIdentity, told TechNewsWorld.
It may very well be that Russia decided not to cross that line thistime. But this raises a new prospect in future disputes, he said: the riskof globalization of cyber war.
The cyber attacks in the Georgia and Estonia incidents have several pointsin common, according to Fedronic. They were extremelydistributed, and they were coordinated. In addition, they used a commontool set, and they originated from Russia and supporters worldwide.
The evidence suggests that the cyber attacks were preceded by extensivepreparation — renting Web resources or confiscating resources throughacquired botnets, Fedronic said. This multi-pronged cyber attackmaximized effectiveness and left defenders with few options to stop the attacks.
“You have to wonder if the cyber attack was deliberately planned bythe government or was a spontaneous reaction to the political unrest.But does that answer matter at all? The fact is, the cyber attackhappened,” Fedronic added.
The initial scale of Russia’s cyber attack against Georgia issignificant. Most Web sites are prepared to handle five to 10 timesthe normal volume of traffic. Government agencies typicallyhave a much higher threshold — as much as 100 to 1,000 times normalvolume, according to Peterson.
“That doesn’t mean that a similar attack could not happen [in theU.S.] if we don’t remain vigilant. Our Web resources are built formassive volume, so the bar needs to be much higher to have a successfulcyber attack,” said Peterson.
The U.S. government has alreadyinvested in protection based on what occurred in previous cyberattacks, he said.
More to Come
Fedronic and other security experts have no doubts that the Russian cyber attack against Georgia is just the tip of the iceberg, and he expects to see similar attacks in the future.
“I think that these cyber attacks will happen, so we need to beprepared for them. Historically, the goal of battle plans has been toshut down the enemy’s commerce and ability to function. The Internethas become the main flow of business and communication,” Fedronicsaid. “It is now clear that the first sign of upcoming warfare will beforays of cyber attacks. Cyber warfare is now a critical part of thepicture.”
Cenzic’s Khera agrees. Cyber attacks have been more common than mostpeople realize, he said.
Smaller attacks of a similar nature are almost common in some hot zones, according to Tom Stracener, senior security analyst for Cenzic. “The attack on Georgia shows an economy of scale,” he told TechNewsWorld. “It was massiveattacks on multiple levels. This is not just a U.S. problem. Hamas andHezbollah have been doing this for years against Israeli Web sites.These types of attacks against opponents’ Web sites are also verycommon in South America. All of this points to a future of widespreadinformation warfare. It is becoming one more big weapon in the wararsenal.”
The U.S. government decided 12 months ago to spend US$30 million toprepare for cyber attacks by establishing the Comprehensive NationalCybersecurity Initiative (CNCI), according to Peterson. Reportedly,CNCI was commissioned by two different executive orders to proactivelyharden government computer systems against intruders rather thanreacting to intrusions after the fact.
“The activities of the CNCI are so secretive that it functions as anunderground agency. Even Senator [Joe] Lieberman, after hounding theadministration for an explanation, only received an official letterthat was heavily redacted, indicating that the CNCI is a super topsecret agency that operates on a need-to-know basis,” Peterson said.
Apparently, Sen. Lieberman didn’t need to know.
“President Bush issued a Presidential Order in January 2008 toauthorize steps for government agencies to react to such attacks,” said Fedronic. “We don’t know many details about what is taking place. The order involvesa great deal of secrecy. But there has been considerable amount oforganization and securing and predicting the number of potentialattack points,” he said.