Ten years after 9/11 the threat of terrorism remains. But the battleground has expanded beyond land, sea and air to include the digital realm.
In fact, this month U.S. Homeland Security Secretary Janet Napolitano called cyber-attacks the nation’s biggest challenge because the threat is so pervasive.
“It is by nature international in scope. There are no international conventions really to hang your hat on, so we are really dealing in a very amorphous world,” Napolitano told The Christian Science Monitor in remarks about the threat of cyber-terrorism.
Napolitano’s sentiment about the growing threat of cyber-warfare is echoed by Mark Russinovich, a technical fellow for Microsoft in the Windows Azure product team who is a widely recognized expert on design and security of operating systems. Russinovich is also the author of the novel Zero Day, a thriller that tells of the race to stop a global cyber-terrorism attack.
Russinovich shared his thoughts on modern cyber-terrorism with Government Technology and how the emerging threat affects America today.
GT: Why are cyber-attacks such a big threat today? Why are they more dangerous than they were in the past?
MR: I think that we’ve been vulnerable for a long time, and there’ve been a number of people high up in government and counterterrorism who have been saying for 15 to 20 years that we’ve been at risk for cyber-attack.
I think that the risk has gone up over time because all our systems are becoming even more dependent on computers. Everything now is run by computers, and the awareness of the ability to leverage cyber-space as an attack vehicle has been raised as well. Events like last year’s Stuxnet and all of the Anonymous and LulzSec attacks this year, and the breaches by China have raised awareness that [cyber-space] is a vehicle that can be used to great effect.
Another thing is that there are many more people who are proficient at this kind of activity, many who are available for hire. If you look at Eastern Bloc nations and China and Korea, there are a lot of extremely talented computer programmers having trouble finding jobs or are looking for lucrative jobs in the dark side of cyber. Right now a lot of them are being hired by cyber-crime gangs, but they could just as easily be hired by somebody willing to or wanting to perform an attack.
GT: So the motivation for a lot of out-of-work people could be to go to the dark side.
MR: That’s the way that a lot of these guys are. A lot of the guys behind the cyber-financial oriented crime are hackers who are being hired because they can make good money at it. But these guys don’t even know that they’re writing code for cyber-attacks. They believe that they’ve been hired to write pieces of malware. They don’t know what it’s going to be used for.
GT: Some hackers are so clandestine and insidious that they don’t even let their employees know what they’re really doing?
MR: Yeah, they don’t necessarily have to.
GT: When you said “cyber-financial,” you were referring to the general category and not a specific type of attack?
MR: The kind of malware that spreads to people’s machines and then logs their keystrokes so that [hackers] can get passwords to their financial accounts, and phishing attacks where people are lured to sites that look like their bank and are tricked into entering their passwords.
GT: Could cyber-warfare replace conventional warfare?
MR: I think that it becomes another battleground. I don’t think it makes sense to say that it’s going to replace it. Just like the sea’s the battleground, and land warfare is a battleground, cyber is another battleground. Depending on the scale of the confrontation and the goals of the confrontation, [cyber-space] can used by itself or in conjunction with other theaters.
GT: Secretary Napolitano said recently that local governments should focus on maintaining security that’s already in place rather than buying what they don’t have. What are your feelings on that?
MR: I think that the federal government has put more emphasis on it than probably local governments have. One of the problems is, the federal government has a tremendous amount of resources at its disposal, so it’s able to, if it wants to, focus significant energy on cyber-security to get the right experts and the right policies. [In] state and local governments, resources are more limited and are likely to go directly toward the business rather than the hard-to-measure risks of cyber-space.