Has the Global Cyberwar Already Started?

Mark 2013 down as the year that the global cyberweapons arms race started.

Already, there have been five cyberattacks of unprecedented size and scope in just the first six months of the year. Of even greater concern, many of these cyberattacks appear to have emanated from state-sponsored actors coordinating cyberespionage campaigns lasting years, not days or weeks. These cyberweapons – which involve everything from malicious bits of code hidden within PDF documents to viruses that infect the software used to operate the infrastructure of nuclear power plants – represent a growing threat to the national security of the world’s leading powers.

In his roundup of the Five Most Dangerous Cyberweapons of 2013, Igor Rozin suggests that the newest cyberweapons are already more sophisticated and lethal than those from just six months ago. If the earliest versions of cyberweapons were pieces of malicious code that infected your computer and caused it to crash, the newest cyberweapons enable users to take over your computer and use it to steal sensitive trade, research, or diplomatic secrets. In one operation known as “MiniDuke,” a group of hackers targeted a range of government and non-government institutions across Europe by using malicious PDF documents that exploited Adobe Reader. In another operation known as “Red October,”hackers conducted a global cyberespionage campaign against politicians and diplomats that involved servers, proxy servers and hosting services housed across multiple countries.

What’s all the more disconcerting about a potential cyberweapons arms race is that the line between state and non-state actors is no longer clear. As Mandiant discovered earlier this year, it’s possible to have shadowy state actors loosely affiliated with a country’s military, as in the case of China’s APT1. What do you do with these Chinese hackers who appear to be systematically tapping into our nation’s research organizations, corporations and governmental organizations and then siphoning away trade secrets and sensitive diplomatic communications? Send a few armed drone strikes into the heart of Shanghai to take out the hackers camped out in a single building?

If the previous rounds of cyberattacks were organized by cybercriminals and shadowy cyber-terrorist cabals, then future round of cyberattacks will be organized by the wealthiest nation-states. That means that the single, one-off attacks of disgruntled hackers will be replaced by sustained, multi-year campaigns made possible by billion-dollar budgets and the involvement of a nation’s top leaders. The phishing scams of Syrian hackers (which have gone so far as to infiltrate the emails of the White House) and the ongoing cyberespionage schemes of the Chinese Army (which are thought to have tapped into every important organization in New York and Washington) are just the start.

Now that cybersecurity has been ratcheted up in national strategic importance, the generals are getting involved. If before, these generals counted the number of tanks, stealth bombers and nuclear warheads they had at their disposal, they now have a brand new way to measure their relative power: the number of computers capable of delivering lethal payloads.

Already, you can see the impact of a global cyberweapons arms race at the highest diplomatic levels. Russia, growing ever more concerned about the new geopolitical balance of power made possible by the development of the Internet as a delivery mechanism for cyberattacks, just elevated cybersecurity to a major strategic concern. Russia is now partnering with the United States on a bilateral cybersecurity commission, even going so far as to install a Cold War-style telephone “hotline” between the two nations to avert a cyberwar. (This appears to be the suggestion of a Cold War general eager to get back into the game.)

Read more . . .