By Jim Tiller, Vice President, Security Professional Services, North America, BT Global Services

Cyberwar is not your typical hacker attack.  The difference — cyberwar is when a cyberattack is launched or condoned by a country, as opposed to being performed by a group, such as a terrorist group or cyber-criminals performing acts of vigilantism or some skewed version of patriotism.

A cyberwar is considered a “hack” – using the term very loosely – by a nation, government, and/or military to harm other countries.  Granted, the lines are very blurry, especially when governments permit cyber-criminals to operate in their country or turn a blind eye, which can be construed as supporting the effort.  But in general, cyberwar is considered a military action funded and driven by an established government.

Cyberwar is sometimes confused with the recent advent of counties using cyberwar-like tactics for various purposes – such as espionage or general disruption.  For example, there is some evidence that the Chinese government was behind Project Aurora against Google and other companies.  Or the formation of China’s GhostNet, where more than a thousand computers in more than a hundred countries were infected, with more than 30% considered high-valued targets, such as computers in embassies, international organization, news media and ministries of foreign affairs, among others. These are examples of the escalation to cyberwar — blatant attacks against digital assets around the world.  It’s easy to see how these are examples of initial planning, testing of cyberweapons and information gathering.

Regardless, what we’re seeing today is not what I would call cyberwar, but more so cyberattacks that are testing the bounds of what is possible.  In some discussions, I’ve referred to attacks of this nature as live-fire weapons testing.

Cyberwar is scary because of a few interesting attributes that are a little different from traditional warfare as we generally understand it, making it somewhat complicated:

• There is a great deal of anonymity, generally referred to in cyberwar circles as the “attribution problem,” representing the deniability of the attacker.  Although there are technologies that help to identify the source of a cyberattack, they do not provide indisputable evidence, at least not in the eyes of the international community.  This attribute represents fundamental counterattack challenge.  In conventional war, the source point of a fired weapon or the location of a threatening weapon system is rapidly identified and quickly targeted for destruction.  In cyberwar, the attribution problem makes effective combatant identification nearly impossible.  You may be able to determine what systems are attacking and from what location, but this is not enough to attribute to the real enemy.
• Force multiplication uses resources that are not directly related to the attacking country.  For example, in conventional warfare there are tanks, planes and other assets directly associated with the attacking force and are therefore quantifiable targets.  In cyberwar, a country will likely take control of computing resources, such as hundreds of thousands or millions of personal computers around the world from which to launch an attack.  This too makes a counterattack extraordinarily complex and fraught with risk.  If not planned and executed with acute accuracy, a force could inadvertently take down a neutral country or ally.

These two simple and basic codependent features create an environment that is difficult to fully engage.  For example, assume that the United States imposes additional strict sanctions against North Korea as a result of the recent sinking of a South Korean vessel; and in retaliation, the North Korean government wages a cyberattack against the American financial system.  In doing so they utilize a vast network of commandeered computers in Brazil, Argentina, South Africa, France, Italy, Saudi Arabia, Ireland, the Netherlands, and Belarus to launch a well-planned attack through a complex web of command and control systems spread across a number of other counties.

Within minutes, the financial system begins to strain, automatic financial controls become engaged.  Within the next 24 hours the system fails.  The U.S. government has few options, if any, for an offensive.  Resources are directed to defensive tactics to stem the tide, establish protective measures to thwart the attack as much as possible and start recovery processes.  In short, the attacker is everywhere, including inside your environment.

You can’t simply start taking down systems because they may be owned by allies or may be your own systems working against you.  Meanwhile, the impact to the U. S. is not unlike if a bomb were dropped in the middle of a major city.  Therefore, in cyberwar there is a great deal of ambiguity and uncertainty, yet the level of impact is, on a very fundamental level, not all that different from an equally well-formed conventional attack.

This reality does impose a sense of fear that if truly understood and acknowledge throughout society would equal or even surpass levels of fear experienced during the cold war and the threat of nuclear annihilation.  It’s ultimately based on the feeling of helplessness and the inability to respond.  However, this is not entirely the situation that is evolving today.

In the coming weeks, we’ll continue on this topic.  In the meantime, please share your thoughts on this important topic.

For more on Jim’s thoughts on cyberwar, see: Cyberwar is a reality, but what exactly is it?