Is cyber-warfare a genuine threat?
By Alex Hudson
BBC Click
Hackers at the Chaos Congress say they 'have a conscience'
Cyber attacks are already upon us but the rules of digital warfare have yet to be agreed upon. Is it time, as an influential think tank believes, for a digital Geneva Convention?
Is it even possible when the internet was designed without country borders and when defining what a "cyber-war" constitutes is near-impossible?
"We come in peace" reads the tagline of the Chaos Communication Congress in Berlin.
The event, which attracts "thousands of hackers, scientists, artists, and utopians from all around the world", is a timely reminder that not all hackers are obsessed with unearthing secrets or bringing down governments.
The term "hacker" used to only have a positive definition
They are keen to point out that the definition of "hacker" can mean both a technical expert who modifies things as well as the increasingly common definition of someone who digitally intrudes.
But there are worries from governments around the world that a "cyber-war" is just around the corner, moving from conventional battlefields into the digital world.
"Cyber-threats are not on the horizon, they are upon us," says US Senator Robert Menendez.
He is introducing a bill to the US Congress, following reports of cyber attacks on Nasdaq OMX Group and both oil and gas companies, aimed at "strengthening cybersecurity".
Despite the concern, many still do not realise the effects this seemingly impending battle could have.
Most of our infrastructures rely on computer technology to function properly - from railways to electricity companies and national defence systems - so failure or malicious attacks on them matters more than just not being able to read an e-mail.
If these things were threatened, some commentators believe it is not just the internet at threat, but many lives.
"The attackers are constantly developing new strategies," John Bumgarner, chief technologist of the US Cyber Consequences Unit, told BBC Newsnight.
"There are thing out there right now that the public doesn't really know about - technologies that can be embedded in systems that will run but you will never see.
"Things already exist to do things like turn off the power grid, disrupt water systems, disrupt manufacturing processes… GPS [devices] in cars have the capability to give wrong directions and your car could catch fire potentially depending on how you program it."
Others, such as Frank Coggrave, vice president of digital investigators Guidance Software, believe these sorts of comments are "edging towards hysteria".
But what even is a cyber-war? And how does anyone know when it begins or who is fighting who?
'Other-than-war'
"There is no clear, internationally agreed upon definition of what would constitute a cyber-war. In fact, there is considerable confusion," said a report released at the Munich Security Conference by think tank The EastWest Institute.
Its paper, titled Working Towards Rules for Governing Cyber Conflict, says that "the current ambiguity [about what constitutes cyber conflict] is impeding policy development and clouding the application of existing Convention requirements" and perhaps the idea of peace and war is too simple in the digital age when the world could find itself in a third, "other than war" mode.
In basic terms, it is calling for something similar to the Hague or Geneva conventions that govern conventional warfare.
While seemingly simple in theory, this could be very difficult to put into practice.
"It's a challenge and [governments are] doing a valiant job… but the whole area of cyberspace and cyber-attack is very difficult to quantify," says Mr Coggrave.
"Who is performing the attacks? Just look back over the last year at the Stuxnet attack on Iran's nuclear reactors."
The Stuxnet attack - where specific types of industrial controls were targeted and damage is believed to have been done to Iran's uranium enrichment programme - was described as enemies of Iran "seeking to wage a cyber war" by the country's communication minister.
"It's still questionable who actually did it," says Mr Coggrave.
"Was it the Israelis, the Chinese, the CIA or M16? When you come to cyber-attacks, because of the interconnectivity of the world, it is actually so difficult to attribute [responsibility for the attack to any one party] that putting in rules of engagement is valiant but probably flawed."
Many experts believe that this attack, unlike most others before it, was carried out with some form of state involvement - citing the proficiency and scale of the attack.
'Indiscriminate' attack
While this attack was quite specifically targeted, it is very difficult to aim at one organisation or country. Even the Stuxnet worm has affected computers in 10 countries.
This means that neutral or humanitarian organisations online could be hit in the metaphorical crossfire. The job that the Red Cross does in "kinetic" - or traditional - warfare could be impossible to recreate in the virtual world.
The front-line of any digital warfare would be very difficult to define
"Viruses tend to be indiscriminate," says Mr Coggrave.
"And there is blurring between cyber-warfare and cyber-terrorism… if you generate a virus that attacks a Windows machine for example, how can you make sure it's a machine run by MI6 and not a machine run by the Red Cross?"
According to the Congressional Service, "US officials now consider cyberspace to be a domain for warfare, similar to air, space, land, and sea."
The difficulty is, with the global nature of the web, working out which territory belongs to whom and what bits of the web are friendly and which are hostile.
But, if battle lines can be drawn and territory can be won or lost, those like the technical wizards at the Chaos Congress could find themselves as digital infantry on the virtual frontline.
Credit: BBC (www.bbc.co.uk)
No comments:
Post a Comment