June 4, 2012 By Dan Lohrmann
A new era began this weekend in cyberspace. Starting with the New York Times article dated June 1, 2012, which proclaimed: Obama Order Sped Up Wave of CyberAttacks Against Iran, the global discourse regarding cyber attacks has now shifted.
This NY Times article openly discusses cyberweapons and the efforts that the US Government took to derail the computers that run Iranian nuclear enrichment facilities. Here’s a brief excerpt:
“…This account of the American and Israeli effort to undermine the Iranian nuclear program is based on interviews over the past 18 months with current and former American, European and Israeli officials involved in the program, as well as a range of outside experts. None would allow their names to be used because the effort remains highly classified, and parts of it continue to this day….”
Regardless of your views as to whether this program was a good or bad thing, or your opinion as to whether this story should be available in the NY Times, there can be little doubt that these revelations dramatically alter the global landscape. Discussions regarding a “new 21st century cold war” have now become more heated. More than that, the relevance and priority of dealing with malware, viruses, hackers, identity theft, fuzzing, zero day exploits and potentially even cyber war have entered a new stage. This phase is likely to be even more precarious, if that is possible, for businesses, governments and even citizens who use the Internet.
Why do I know this is a new phase?
I opened up the Washington Post on Sunday morning, June 3, expecting to see a front page headline about Europe’s economic crisis or Egypt’s troubled leadership or Syria’s civil war or Britain’s Diamond Jubilee or perhaps some new aspect of the 2012 presidential election. But the bold print read, “Vulnerabilities pervade the digital universe.” I thought to myself: Is this really the top story?
As I read on, what was even more surprising to me were the dozen or so links to videos such as Zero Day: Exploring cyberspace as a new domain of war, graphics on fuzzing, quizzes on personal online habits, timelines on the history of the cyber threat and much more, as the Washington Post launched their “Zero Day” series.
I rechecked the URL at the top of the screen to make sure that I hadn’t inadvertently brought up an old issue of Computerworld. Nope - and that was only Part 1 of their investigative series on cybersecurity in 2012.
But the Washington Post was not alone in reporting on this topic. USA Today ran a major story: Risk of boomerangs a reality in cyber war. Here’s an interesting excerpt:
“The government's dual roles of alerting U.S. companies about these threats and producing powerful software weapons and eavesdropping tools underscore the risks of an unintended, online boomerang.
Unlike a bullet or missile fired at an enemy, a cyberweapon that spreads across the Internet may circle back accidentally to infect computers it was never supposed to target. It's one of the unusual challenges facing the programmers who build such weapons, and presidents who must decide when to launch them.”
If you want to know more about Flame, you can find numerous articles on this “highly sophisticated virus” as well.
There is also an excellent new series in the NY Times on Cyberwar, which covers many aspects of our new “digital combat.”
Other coverage on this topic includes CNET Cyber War .
Voice of America – Obama Knew of Attacks Against Iran.
Chicago Tribune – Cyber-attacks bought us time.
But perhaps the most intriguing (and yet scary) part of this “new normal” takes us back to the first article I mentioned in the NY Times. There were over 360 comments to that article as of Sunday evening, and many of them are worth reading. After I examined hundreds of responses to this article, I instinctively thought back over the past two decades and how fast the Internet has changed. There has been so much good and yet so many problems in cyberspace.
Overall, there is a sense in which a major attack against our critical infrastructure in the USA is inevitable. Will it be the power grid or natural gas or water or banks or food or other forms of transportation that is impacted? We have so many cyber vulnerabilities; can we possible stop all enemy attacks? The vectors are so much more numerous and complex as compared to stopping physical explosives from getting on a plane.
One thing is for sure: we now have a much more sobering view on the meaning of a “cyber attack.” Our government leaders have (reportedly) opened the gates by initiating a cyber attack – if other governments had not already opened that gate first. Either way, there is no going back.
I hope my prediction on a critical infrastructure attack does not come true. Still, all is fair in love and cyber.
Building effective virtual government requires new ideas and hard work. Security professionals need to be enablers of innovation. From helpful Internet training to defending cloud computing architectures to securing mobile devices, Dan Lohrmann will cover what's hot and what's not in protecting your corner of cyberspace.