Mitigating new threats
Further, while a number of experts consider Stuxnet a form of cyber war due to its destructive capacity, the cold war part of the Stuxnet attack began with reconnaissance and information gathering. Harry Sverdlove (left), chief technology officer of Bit9, a Waltham, Mass.-based company that offers advanced threat protection, points to the Duqu malware and the Flame virus to emphasize how intelligence gathering is most often used for cyber espionage purposes. Sverdlove was able to track pieces of Flame dating back to last October and realized it included components that predate Stuxnet.
Military data, patents, new paint formulas, negotiations contracts for the international Olympic committee – Sverdlove's research team has tracked a lot of this type of data leakage back to China, where the theft of IP is a common part of doing business.
And, while breaches threaten companies and result in unwelcome expenses, sorting out how to mitigate the challenge is still a work in progress. “Espionage – or the act of spying to gather others' intellectual property – is not illegal under international law, although it violates a host of domestic laws,” Robert Clark, operational attorney for U.S. Army Cyber Command, told the crowd at the Black Hat conference in July.
It may not be illegal by international standards, but espionage is expensive. According to a legal review of trade secret theft in the United States published in the Gonzaga Law Review in 2010, theft of trade secrets costs U.S. companies as much as $300 billion per year.
Unfortunately, domestic law is not so easy on those taking action against cyber cold war actors. “Say you're a systems administrator and at 2 a.m. your IPS goes off,” Clark says. “An examination reveals large volumes of intellectual property data transferring out to an FTP server. So to save your job, you VPN from your home computer to the FTP server, elevate privileges and remove the files. You've just violated several counts of the Computer Fraud and Abuse Act.”
Even tracking back an IP address can violate domestic espionage laws, as well as laws of armed conflict, he adds, citing the National Defense Authorization Act of 2011, which advocates using all means necessary to follow the law of armed conflict to prevent escalation to cyber war.