Pentagon readies its cyberwar defences
March 21, 2009 Leave a Comment
Pentagon readies its cyberwar defences
- 16 March 2009 by Paul Marks
- Magazine issue 2699. Subscribe and get 4 free issues.
- For similar stories, visit the Computer crime , Weapons Technology and US national issues Topic Guides
Read our related editorial: The toaster did it
CYBER-ATTACKS on a nation’s military and commercial computers have grown a lot more sophisticated since the days of the lone hacker targeting a system’s defences just for the thrill of it.
Nowadays, electronic attacks are increasingly seen as a cheap and easy way for one nation to attack another. “It’s the ultimate bargain hunter’s way of destroying everyone’s way of life,” says Glenn Zimmerman, a cyberspace specialist at the Pentagon. “It may even be free.”
So worried are governments by the prospect of an all-out cyber-attack that last month UN secretary-general Ban Ki-moon revealed that cyber-weapons are to be added to the list of arms falling under the remit of the UN’s Advisory Board on Disarmament Matters, which develops policy on weapons of mass destruction. Ban said recent breaches of critical systems represent “a clear and present threat to international security”, since the public and private sectors have grown increasingly dependent on electronic information.
But despite the threat, current NATO war games tend to treat cyber-attack simulations as an afterthought, according to military sources. Now the Pentagon is hoping to change that by developing a centre at which the military can play realistic electronic war games.
Called the National Cyber Range, the centre will mimic not only the hardware that might be used to inflict cyber-attacks, but also the likely behaviours of the people behind the attacks. The centre, being developed by the Defense Advanced Research Projects Agency (DARPA), is part of the US government’s Comprehensive National Cybersecurity Initiative, launched last year.
Until now, cyber-attacks have been relatively limited in scope. In 2006, for instance, Russian hackers, angered by the removal of a Soviet war memorial, launched a sustained denial of service attack on government and business websites in former soviet state of Estonia. In 2007, Chinese hackers attacked US and UK government websites, knocking them temporarily offline, and in 2008 Georgia suffered massive internet outages alongside its military battle with Russia. In January, Kyrgyzstan became the latest victim when its two largest internet service providers were targeted by a denial of service attack from hackers in Russia.
As if such attacks weren’t worrying enough, military and private sector security experts attending a recent Cyber Warfare conference in London claimed attacks can only get worse because our electronic infrastructure is so poorly defended. What’s more, computer scientists do not yet know how to defend critical systems against attacks, says Amit Yoran of NetWitness, an electronic security company based in Herndon, Virginia. “We are largely blind and ignorant of how to protect ourselves against cyber-attacks,” he told delegates. “Advanced threats continue to evade deployed solutions.”
With this in mind DARPA is ploughing $30 million into developing its testing range for cyber-warfare countermeasures, or “cyber sidearms” as it refers to them. The facility will allow teams to engage in lengthy fights in cyberspace using faithful replications of the US military’s global satellite, wireless and landline networks. Many of the range’s functions are classified, but DARPA says it wants it to have a sophisticated “nation-state quality” enemy team against which to test its countermeasures.
Heli Tiirmaa-Klaar, an adviser to the Estonian ministry of defence, says that because a cyber-attack can destabilise a country without sending forces across a border, it is a likely first strike tactic. Russia did just that in the Georgian conflict last summer. DARPA shouldn’t expect that such attackers will use easily fought viruses, says Yoran. “They have fantastic engineering resources and can develop customised and very powerful ones.”
One likely target, says Julian Charvat, a cyber-terrorism analyst with NATO in Ankara, Turkey, is the control systems for power stations, chemical plants and water utilities. These Supervisory, Control and Data Acquisition systems (SCADAs) often lack adequate cyber-defences.
Another risk comes from the fact that western microchip firms have outsourced manufacture to Asia, where saboteurs could design hardware-based viruses into chips. “Our semiconductor devices now need authenticating,” says Zimmerman. That could have a strange corollary: because the internet is to acquire many billions more IP addresses, machines will get internet addresses – leading to fears that rogue chips within, say, fridges, TV sets and cars could launch cyber-attacks.
Ultimately, the best hope lies in organisations like DARPA developing early warning systems for cyber-attacks, says Charles Williamson, a US air force cyberspace analyst at Ramstein Air Force Base in Germany. Convincing military leaders of the urgent need for such a system may not be easy, he admits. “Our biggest threat is senior leaders who think the computer is technologically equivalent to a toaster.”
Read our related editorial: The toaster did it
About whitelocust
Recent Comments