Cyber War—Coming to a Nightmare near You
TOM WILLIAMS, EDITOR-IN-CHIEF
Page 1 of 1
Never mind the “living dead” movies, reconstituted gruesome remakes of H.P. Lovecraft or endless iterations of Freddy Krueger. If you want to be scared, pick up a copy of Cyber War by Richard Clarke and Robert Knake. In it, the authors describe, in language a lay person can understand, the kinds of dangers that are being hatched by hostile powers via the Internet. These are not 37-year old hackers living in their mother’s basement. These are real threats being concocted by PhD computer scientists specially trained and backed by the budgets of nation states like Russia, China, Iran and who knows where else.
What emerges from the first part of the book is a picture of how we have become totally dependent on the Internet for commerce, information, communication, entertainment, education and many more vital things like electrical power, manufacturing, finance, transportation . . . and national security in terms of military capabilities and intelligence. With such increasing dependence comes increasing vulnerability because the Internet is so vast, the interconnections so pervasive and the software—with operating systems alone comprising 30 to 50 million lines of code—so complex and filled with errors that no security system can even hope to be completely confident.
Over the past two decades this has all built up, rather like the British Empire, “in a fit of absentmindedness.” What started out as some academics linking up via a limited number of universities and government research facilities has grown into something like a global nervous system. What was created by some idealistic specialists who saw only good coming of it, has opened the path to sinister forces bent on waging asymmetric warfare in which the vast military might of a power like the United States can be countered by stealth attacks on the information infrastructure. And still the complexity, our dependence on it and our vulnerability continue to grow day by day.
One of the most unnerving manifestations of this is the move to the Smart Grid. On the one hand, the Smart Grid is absolutely necessary because so much of our electrical energy is wasted in transmission and inefficiencies. On the other hand, the present grid is already dangerously vulnerable to attack and compromise. In fact, we have seen examples of how large portions of it can be brought down—and we haven’t even considered what might happen if the attackers hit the frequencies of large generators and brought them to a fiery halt. It is fairly well assumed that hostile powers have already placed strategic “logic bombs” in crucial places in the nation’s infrastructure. Some have been discovered, but it’s the undiscovered ones that are the real worry.
The U.S. now has its own Cyber Command, and in the digital shadows there is an ongoing conflict taking place between those attempting to penetrate the vital Web sites and those trying to defend them, as well as between U.S. offensive moves being countered by foreign defensive moves. All this will not come to light unless there is an actual conflict. What we have seen to date is the result of test runs and the countermeasures taken against attempts that were discovered. Mitigating the outbreak of full cyber conflict somewhat is the mutual dependence that all parties have on the commercial infrastructure provided by the Internet and its reach into the worldwide global market. Hampering the U.S. defensive capability is the fact that while the Cyber Command is very concentrated on protecting U.S. military and government assets on the Web, there is little or no provision for it to protect private industry. Of course, it is private industry—in the form of power companies, transportation systems, manufacturing facilities, etc.—that comprises the bulk of the U.S.’s vital infrastructure. That infrastructure in its present form cannot be securely defended.
Clarke proposes breaking the Internet into a public Internet with its commerce, research, entertainment and other public functions, and a variety of more secure intranets for government, transportation, electrical and other vital industries that would use different protocols and be separate from the general Internet. Just how this would be accomplished, what it would cost and how secure it would be are by no means clear. Where would the lines be drawn? Where really are the boundaries between public and private, vital and more accessible? Who gets to decide?
Or will we go to a huge effort thinking we have made ourselves safe only to wind up like the pathetic creature in Kafka’s fable, The Burrow, with that nagging hissing sound ever present and in spite of all efforts at escaping it in the confines of its burrow, ending with the line, “But all remained unchanged.”