The possibility of cyberwar and cyberterrorism — and the general topic of cybersecurity — is a topic that seems to me to be gaining in momentum. As one recent example in the press over the past week, I would point to the ongoing cyberattack on South Korean and some U.S. websites by a shadowy organization that some believe may be North Korean military research center 110, which is run by the North Korean Army. Because of this increased interest, I have decided to write a three-part article on cybersecurity. I would like to acknowledge and thank Mike Daniels for his help in developing some of the ideas in this article.
Today I consider the general nature of the cybersecurity challenge. In future installments, I will look at the implications of cybersecurity to our nation, and then I will examine what we can and should do to meet this growing challenge. I welcome your comments and I hope you’ll add to this blog your own information and opinions about cybersecurity and the threats posed to our nation. I am reading your posts with great interest.
The Cybersecurity Challenge
There are many threats to our national security today. Some have existed for some time now — like the threats from Iran, North Korea, Russia, China — but the nature of these threats has been changing dramatically within the past decade, and we are now facing a direct threat to our national information structure, which both the military and civilian infrastructures depend on. This threat is getting worse as more subtle means of attack manifest themselves.
Many experts have been voicing alarm about the problem of cybersecurity for a number of years. Some of these experts are still heavily involved with the Department of Defense and other federal agencies to help find solutions. For example, Paul Strassmann — an outspoken authority on cybersecurity at the time I was running SAIC — continues to voice his concerns, most recently in a paper entitled “Cyber Security for the Department of Defense” (PDF), which I highly recommend for its very current reporting of the threat.
While honest observers may argue among themselves about the current magnitude of the threat and how vulnerable our systems are to attack, there can be no doubt that this threat is a real one, and it is growing. According to Verisign, Internet cyberattacks are widespread, and remarkably frequent. The portion of the Internet that the company is responsible for running sustains more than 2 million attacks a day. The attacks are on the network itself, websites, companies, governments, and any other target that hackers can remotely identify and access.
President Obama recently disclosed that hackers had free rein through much of his presidential campaign’s website and computer systems. According to Obama, “It’s no secret that my presidential campaign harnessed the Internet and technology to transform our politics. What isn’t widely known is that during the general election hackers managed to penetrate our computer systems.” Some of the information compromised included email messages, travel plans, policy position papers, and campaign files. Concluded Obama, “We’re not as prepared as we should be, as a government or a country.”
Five Key Cyberthreats
Experts are primarily concerned about five significant and evolving cybersecurity threats to users worldwide. These five threats are: cybercrime, cyberwar, malware, botnets, and threats to VoIP and mobile devices.
- Cybercrime — simply, crime committed using computers and most often the Internet — is driven by criminals who are increasingly professional, well-organized and driven by the chance for significant profits. There are growing reports of organized crime and governments getting involved in the business of cybercrime as they “follow the money.”The cost of cybercrime to businesses and to the global economy is growing. However, businesses and governments are reluctant to discuss this issue for fear of disclosing just how significant a loss this is becoming and the exact methods employed. A conservative estimate might put the figure at about $100 billion lost each year.
- Cyberwar — the deliberate use by one nation of computer technology to weaken, cripple, destroy, or confuse an enemy nation’s military, economic and infrastructure assets — is a growing and troubling aspect of cybersecurity.Evidence now available implicates the Russian government in cyberattacks against Georgia during their 2008 battles over Georgia’s breakaway regions of South Ossetia and Abkhazia. Most Internet traffic in Georgia is routed through Turkey and Russia. On August 10, 2008 — the day after the Russian Air Force was authorized to make air attacks against Georgia by Russian military commanders — Internet traffic routed through Turkey was almost completely blocked and traffic through Russia “was slow and effectively unusable” according to a report from the Georgia Tech Information Security Center (GTISC). In 2007, the country of Estonia faced similar cyberattacks which appeared to originate in Russia.
- Malware is software which is used for a variety of purposes, but typically to infect computing devices and track what that computer is doing. Malware has become increasingly sophisticated and is being used to exploit weaknesses of poorly configured websites, especially social networking sites. Some experts in this area predict a 10-fold increase in malware objects detected in 2008 over the previous year.Malware is a major problem for enterprises and we can expect this to continue to grow in the future. Malware typically exploits weaknesses which are found in enterprise systems and take time to patch and update. While these problems are being investigated and taken care of at the enterprise level, the malware is constantly exploiting the systems until the problems in the software are resolved. By then, the loss of information can be widespread, and the damage significant.
- Botnets are delivery mechanisms that infect computing devices with software code that effectively puts the device under the control of someone — known as a botmaster — in a remote location, which could be anywhere in the world. This angle on cybercrime is relatively new and what we know so far is unfortunately not much. Uncovering botnet communications is difficult for a variety of technical reasons, but some of the best data we have today comes from the Georgia Tech Information Security Center. In a recent report GTISC estimated that by the end of 2008, 15 percent of online-enabled computers will have been transformed into botnets. That’s up from an estimated 10 percent at the end of 2007.Botnets are particularly insidious because, as they become more and more sophisticated, computer users don’t have to do anything for their computers to become infected except visit a simple webpage that may be disguised to look like any other. Increasingly, search engines such as Google and Yahoo! are directing people to such infected webpages. According to the GTISC, more than 10 million botnet computers are used to distribute spam and malware over the Internet each and every day.
- VoIP and Mobile Devices. The fifth Internet threat — and what is certain to be the next major area for future cyberattacks and cybercriminal activity — is mobile devices and voice over IP (telephony using the Internet, such as Skype or Vonage). Today there are about 1.5 billion computers in use worldwide and about 3 billion mobile devices. Most of these mobile devices such as mobile phones are relatively easy to use and fairly inexpensive. However, the number of mobile devices continues to rapidly expand and increasing numbers are being used for business purposes — creating vulnerabilities within the companies and other organizations that use them.These devices will be increasingly targeted for theft, fraud, scams and diversion of financial and other business and governmental data as the use of these devices expands for mobile banking, credit reporting, sensitive customer data transactions, and more. All the cybersecurity issues which have arisen with the Internet and regular computing platforms will eventually migrate to the mobile device and VoIP area.
Looking Ahead
When exploring the issue of cybercrime and the implications for our nation, there are two broad areas to consider. The first is what is commonly classified as corporate or commercial cybercrime and the second is governmental cybercrime. The two are interrelated, but separate problems — much of the government’s routine traffic runs over regular commercial data networks. I will consider both in the next installment of this article.