Cyber Security Part I - (Cyber) War on Terror

This is the first in a five part series covering cyber security.  Each Monday, Infosec Professional will focus on many of the key aspects of cyber security, from government lead strategic defences, right through to individual consumer level protection.  Any device that connects to the internet is now a potential target, with the motives now becoming political, as control of the information highway becomes paramount.

US government security expert Richard A. Clarke, in his book Cyber War (May 2010), defines "cyberwarfare", as "actions by a nation-state to penetrate another nation's computers or networks for the purposes of causing damage or disruption".  This initial sentence is paraphrased straight from Wikipedia, but could just as well have come from a sci-fi movie of the mid 1980's.  Cyber war is no longer an imaginary concept, cocooned in the realms of laser gun protection and x-ray vision.  It's an everyday occurrence, impacting governments, corporate enterprise and individuals.


Internet security in the past has mainly been focused on protecting privately held assets (namely web, FTP and email servers) from being hacked.  Hackers would come in various different guises from the script kiddies learning to code, with ideas they'd learnt that day at college, right through to 'hacktervists', aiming to make a mark for themselves by defacing a newspaper or corporate website.  Today, attacks cover a range of motives.  Cash can be a main driver, especially behind many of the sophisticated consumer focused malware attacks.  Ransomware has recently hit the headlines, hitting individuals with cash release clauses in order to return laptops and files in working order.  Online banking and financial services customers, have long time been hit by email phishing and attempts to deceive individuals of their username and password details.  The main goal? Cash.  Either through fraud of direct transfer, money has been the aim for the armies of complex botnet operators.

The motive has advanced however, to a more country lead level and is now comfortably embedded in the toolbox of military weapons.  Last week US Defence Secretary Leon Panetta, said the cyber attack capability from countries like Iran was growing, and that US authorities believed that Iran was behind several attacks on oil and gas companies in the Persian Gulf.  The main motive is to cause disruption.  Disruption causes panic and destabilisation and ultimately acts as a propaganda tool to show who really is in control of a particular asset or environment.


In early October, the Pentagon confirmed that they themselves were on the receiving end of a cyber attack.  The White House would not confirm reports that the attack originated in China, but did describe the incident as a 'spear-fishing' attempt.

The ongoing political isolation between the United States and Iran, has left many arguing that the recent attacks on US government assets, are a direct retaliation for the monetary sanctions currently imposed on Iran.

Conversely, the powerful Stuxnet worm found in 2010, which primarily focused on the Siemens SCADA infrastructure within the Iran nuclear enrichment plants, was originally developed with nation-state support, with many speculating Israeli backing.

The subtly and remote nature of cyber warfare, makes it's development seem natural, in a time when political tensions are rising either due economic changes or the charge for democracy.  

The main targets generally seem to be the major infrastructure installations.  As disruption and denial-of-service seem to be the name of the game, water, electricity and communications infrastructure would seem to have the biggest impact on a nations general well being.

From a communications perspective, the aspect can be more subtle.  Only last week did a US House of Representatives Intelligence Committee directive, report that dealings with Chinese telecoms supplier Huawei, should be banned.  The UK, Australia and Canada are looking to create similar intelligence reports, against a network provider that has invested over £150m in the UK telecoms backbone in the last 10 years.  Whilst a direct attack has not been acknowledged, the gathering of intellectual property and clandestine scanning of network traffic would be a major concern.

Government Lead Defence

The last 3 years has seen some significant strategic steps being taken by several governments, when it comes to cyber security defence and offence.

In 2009, the US formed USCYBERCOM, a department of defence initiative to protect the military's information networks.  Also in 2009, Howard Schmidt took the role of cyber security co-ordinator and advisor to the Obama administration.  Although he retired from the role this year, it earmarked a new beginning in cyber security management, research and defence.

From a UK perspective, GCHQ performs in a similar vain to the US's National Security Agency and has recently announced a new research capability, with partnerships with several top UK universities.  The partnerships aim to make it easier for businesses, individuals and government to take informed decisions about how to implement better cyber protection measures.

China too has recently released a new policy outlining it's approach to IT in general and how to counteract and defend against online attacks.

Whilst the cost of attacks (and indeed the readiness for organisations and governments to acknowledge being the victim of an attack), is largely unknown, many institutions are putting in place infrastructure, personnel and policies to allow attack and defence mechanisms based on internet resources to take place.