- Dec 30, 2012
- 4,809
AUSTIN – Information security has never been more front and center than it is now. The recent hacking of the Democratic National Committee; the implications that Russia — a sovereign country — may have been deeply involved; the potential implication it had on a national election; and the accusations, difficulty in establishing proof, and what can be done about it, all form a perfect backdrop for a look at cyber attacks, cyber war, cyber espionage, and general cyber-malfeasance. At South by Southwest, Sean Kanuck laid out a framework for thinking about cyber attacks, the sometimes similar but mostly different form of warfare it can be, and some ways where escalation of this new form of attack can be limited going forward.
Kanuck is a lawyer, ex CIA officer, the US’s first National Intelligence Officer for Cyber Issues from 2011 to 2016, and is currently affiliated with Stanford’s Center for International Security and Cooperation. He framed cyber conflict by defining terms, and comparing and contrasting cyber conflict with traditional armed conflict. To start, he refutes that we should consider cyber war as another domain of war, like land, sea, or air. Cyber is a means to an end, a way to disrupt information flow or processes that depend on it, or to corrupt that information and make it unreliable. Cyber attacks are another form of obtaining a strategic result, not a form of war in and of itself.
Cyber war vs. traditional war
There are many ways in which cyber conflict differs from typical conflicts. An attack can come from anywhere, and it is difficult to tell from where it originated. It’s possible and not immediately obvious, for example, that it could come from a 400-pound hacker in his pajamas in an apartment – but it’s not likely in the case of the best orchestrated attacks. Because of the worldwide, distributed nature of the Internet, it could come from literally anywhere.
The tools used are perishable, designed specifically for the target, and unpredictable. While a bullet is designed to do the same damage to any human anywhere, and it’s predictable what it can do, the tools used to attack an electric grid or steal classified information are different than what may be used to hack a router or internet-connected camera and make them do nefarious things. Using a war analogy, under the Geneva Convention rules of war there are definitions as to what constitutes a legitimate military target. Communications networks (and the internet that runs on it) carry both military and civilian information flow, so there is no separation of target – everything is essentially fair game.
The newest trends in cyber attacks have gone beyond disruptive denial of service attacks on internet sites. Industry and infrastructure like power grids and ATM networks are targets, which could cause large social disruptions. Indirection is heavily used, making it difficult to prove who is behind an attack. Perhaps the most dangerous form is the integrity of information attack – where the network or service is not disrupted, but information is modified, and the target doesn’t know it’s been attacked, as there is no stoppage or sign of disruption. One could see how this, used on financial services or healthcare for example, could be highly dangerous.
Further reading
Kanuck is a lawyer, ex CIA officer, the US’s first National Intelligence Officer for Cyber Issues from 2011 to 2016, and is currently affiliated with Stanford’s Center for International Security and Cooperation. He framed cyber conflict by defining terms, and comparing and contrasting cyber conflict with traditional armed conflict. To start, he refutes that we should consider cyber war as another domain of war, like land, sea, or air. Cyber is a means to an end, a way to disrupt information flow or processes that depend on it, or to corrupt that information and make it unreliable. Cyber attacks are another form of obtaining a strategic result, not a form of war in and of itself.
Cyber war vs. traditional war
There are many ways in which cyber conflict differs from typical conflicts. An attack can come from anywhere, and it is difficult to tell from where it originated. It’s possible and not immediately obvious, for example, that it could come from a 400-pound hacker in his pajamas in an apartment – but it’s not likely in the case of the best orchestrated attacks. Because of the worldwide, distributed nature of the Internet, it could come from literally anywhere.
The tools used are perishable, designed specifically for the target, and unpredictable. While a bullet is designed to do the same damage to any human anywhere, and it’s predictable what it can do, the tools used to attack an electric grid or steal classified information are different than what may be used to hack a router or internet-connected camera and make them do nefarious things. Using a war analogy, under the Geneva Convention rules of war there are definitions as to what constitutes a legitimate military target. Communications networks (and the internet that runs on it) carry both military and civilian information flow, so there is no separation of target – everything is essentially fair game.
The newest trends in cyber attacks have gone beyond disruptive denial of service attacks on internet sites. Industry and infrastructure like power grids and ATM networks are targets, which could cause large social disruptions. Indirection is heavily used, making it difficult to prove who is behind an attack. Perhaps the most dangerous form is the integrity of information attack – where the network or service is not disrupted, but information is modified, and the target doesn’t know it’s been attacked, as there is no stoppage or sign of disruption. One could see how this, used on financial services or healthcare for example, could be highly dangerous.
Further reading
Last edited by a moderator: