14 June 2016

How to define cyberwar

By Jed Babbin
June 8, 2016 

ANALYSIS/OPINION:

One of the things that keeps our intelligence and military leaders from sleeping soundly is the problem of cyberwar and its subsets, cyber-espionage, cybersabotage and what most people call “hacking,” which isn’t something that only teenagers do from their parents’ basements.

For years, there has been a continuous string of attempted penetrations of U.S. military, intelligence, defense contractor and related networks. It now occurs literally thousands of times a day. The Chinese “Titan Rain” computer attacks began in about 2003 and continued for at least three years, penetrating networks and stealing valuable defense secrets.

This kind of attack has at least two purposes. The first is espionage. Cyber-attacks — let’s not use the term “hacks” because the term sounds innocent — have penetrated unclassified Pentagon email systems. One attack, probably by China, reportedly succeeded in stealing all or part of the design for the F-35 fighter. Knowing what our intelligence community knows, without being detected, would be a huge advantage to any opponent (and even some friends).

The second is to disable or even take control of anything the attackers can penetrate. The computers in most cars can be penetrated and controlled so that the brakes can be jammed on or the engine turned off. So can power companies and everything else that is computer-controlled.

Far scarier is the fact that we are being forced by the cyberwar capabilities of our adversaries to protect military and intelligence satellites that we rely on for everything from secure communications to navigation and reconnaissance (i.e., espionage). The F-35 itself is the target of cyberattacks because of the enormously complex software that runs the aircraft. If a cyberattack penetrated the F-35, the damage that could be done might range from crashing the aircraft to causing damage to every other aircraft or satellite. There is no limit to the damage that can be done.

In April 2015, Adm. Mike Rogers, commander of U.S. Cyber Command and director of the National Security Agency — told Congress that the level of cyberthreats was growing and that whatever we were doing to deter cyber-attacks wasn’t working. He said, “We’re at a tipping point. We need to think about: How do we increase our capacity on the offensive side to get to that point of deterrence?” Unsurprisingly, not much has been done since then to improve our deterrent and offensive capabilities and doctrines of operation.

No comments: