By Neal O'Farrell, Security and Identity Theft Expert for CreditSesame.com
10/22/2014
Einstein was wrong. World War IV will not be fought with sticks or rocks. It will be fought with bits and bytes, Trojans and bots, APTs and zero-days — it's already started and we're already losing.
I'm not a fan of drama, especially as a tool to encourage the masses in a specific direction and even for a good reason. But I'm not a fan of sugar coating either. That's why I think we need to speak honestly about war. And the fact that we're in one —right now, and have been for some time. It's just that this war is so very different to every war before and many of us can't see, hear, smell or touch it. But it doesn't mean it's not there and it's not urgent.
China has been attacking the U.S. for years—attacking businesses, government and the military, probing networks, planting malware, stealing secrets. It's also believed that China is always looking for catastrophic weaknesses that could be exploited at an appropriate time—in our financial, communications, food supply and energy systems.
If it turns out that the Russian government orchestrated or even facilitated or encouraged the recent cyber attacks on JP Morgan Chase and a dozen other major financial institutions, that would be as clear an act of war on American interests as the invasion of Ukraine was to the people of that country.
And while America is constantly under cyber attack, it's not sitting on its hands. It's been speculated that the very advanced Stuxnet malware that is believed to have done significant damage to Iran's nuclear program in 2010 was created jointly by Israel and the United States.
There are many who think that the notion of cyberwar is simply hype or scaremongering, and others argue that cyberwar can never actually be called a war because it doesn't fit with traditional definitions or understanding of what a war is.
In an article from the Council of Foreign Relations in 2013, one noted author argued that "the hype about everything "cyber" has obscured three basic truths: cyberwar has never happened in the past, it is not occurring in the present, and it is highly unlikely that it will disturb the future."
Around the same time, InfoWorld took an opposite position in an article titled "Unseen, all-out cyber war on U.S. has begun" and concluded that "One thing is clear: The era of cyber warfare is here, and it's happening on the homefront."
How Is This Different From Other Wars?
There will be no clear and official declaration of the beginning of hostilities (a bit late anyway).
There will be few decisive battles, no clear winners or losers and no end. We might, therefore, want to call this one the Until-the-end-of-the-World War.
We will never be sure who our friends and allies are, or when they switched sides.
We are the battlefields too—our computers, our phones, our small businesses and our internet-connected homes.
The war won't be fought by professional armies but mainly by mercenaries, home front militias and civilian volunteers.
Our professional armies will be largely relegated to spectators, sitting in frustration on the sidelines as they wait for a call to arms that may never come.
The battles will be largely stealthy, silent and bloodless, which will make it very hard to rally national support for or against.
It will eventually get physical, as one side realizes that while it's been out-coded it's not outgunned, and so as a symbolic gesture will attack some vulnerable overseas target.
It will be relatively cheap — 5,000 AK47s costs roughly $3 million, 5,000 mortar rounds costs around $50 million, 5,000 artillery shells costs around $500 million, and just ten fighter jets will cost more than $1 billion before you fuel, arm, man, deliver and support them. A million botted and hijacked computers ready to attack on command will cost less than $50,000.
The battlefields will be very comfortable. An attacker and his best buddies will be disabling the power station that provides electricity to most of a major U.S. city, while his mom does his laundry in the next room.
There will be few prisoners of war and our enemies will walk unnoticed amongst us.
It will be largely economical and psychological, in an attempt to reduce to rubble our economy, our spirit and our ability and appetite to continue the fight.
Weapons will attack their masters, as increasingly sophisticated malweapons unleashed into the wild infect the systems of their creators and benefactors.
It's a war from which we will all suffer and in which we can all play a role.
What this war has in common with previous wars is the dependence on infrastructure. Many of these attacks rely on a growing number of compromised and conscripted computers, phones and websites to spread malware and attacks, probe other computers, infect businesses, attack banks and accounts, steal personal information and disable our personal technologies.
And we're not powerless in our response. We don't have to sign up or show up in order to join up. And there's no need to flee to Canada. This is a war where every man, woman and child can play a role, and our most powerful weapon is lodged squarely between our ears. Our own awareness, vigilance, behavior, habits and choices can disable many of these attacks.
Are you for or against, in or out, awake or asleep?
This post originally appeared on CreditSesame.com. Neal O'Farrell, Credit Sesame's Security and Identity Theft Expert, is one of the most experienced consumer security experts on the planet. Over the last 30 years he has advised governments, intelligence agencies, Fortune 500 companies and millions of consumers on identity protection, cybersecurity and privacy. As Executive Director of the Identity Theft Council, Neal has personally counseled thousands of identity theft victims, taken on cases referred to him by the FBI and Secret Service, and interviewed some of the nation's most notorious identity thieves.
No comments:
Post a Comment