Threat Intelligence, Incident Response, Malware, TDR

Cyber war, this is not

We've all seen such headlines as: “U.S. General: Iranian Cyber Attacks Are Retaliation For The Stuxnet Virus; “Report on China spy threat may make attackers have to work harder”; and “The cyber war is real – and our defenses are weak.”

Those who believe the current level of cyber attack is “war” are missing the bigger picture: War is war. People die in wars. Countries disappear and new countries are formed by war. People are displaced by war. Fortunes are made and fortunes are lost in war.

What we are seeing is powerful nation-states recognizing that if you prepare to fight the last war, you will lose the next one. It is obvious that rather than fighting only with tanks, planes, ships, drones and soldiers, the next war will have a significant cyber element. Countries will use this new cyber element to weaken their enemy's critical infrastructure, such as communications, power generation, banking, rail transport and air traffic control. They will also go after targeted companies that develop and produce weapons and emerging technologies.

Every major country is creating both offensive and defensive cyber measures. The Stuxnet worm is a clear example, reportedly developed jointly by the U.S. and Israel. It is a glimpse of the capabilities and delivery vehicles already on the shelf. That attack was a surgical strike on Iran's nuclear facilities that caused centrifuges to spin themselves apart. It is only a glimpse, but already the level of sophistication is apparent.

Every weapon system in development needs to be tested. The defense capability of its intended target needs to be determined. Intelligence estimates can only go so far. One way to view the spate of attacks on U.S. banks and critical infrastructure is that our enemies are testing their cyber capabilities and assessing our vulnerability. At the same time, none of the players want to tip their hand and reveal the true power of the weapons they have developed.

In January, Iran reportedly launched attacks that probed a wide range of Western banks, but clearly the level of attack, and its brevity, fell far short of an act of war. On the other hand, the Chinese attacks, analyzed and reported by Mandiant, are a window into China's broad preparation for cyber war and its current expansive program of cyber espionage. It is an unlikely coincidence that Mandiant researchers observed the hacker group, known as APT1, stealing western intellectual property from companies in strategic emerging industries that had been identified in China's 12th Five-Year Plan [submitted in March 2011 to the National People's Congress].

The recent Chinese attacks can be viewed as a political statement: China is saying, “We are a cyber force to be reckoned with.” It is essentially the same statement being made in the recent dispute with Japan over control of the Senkaku Islands. 

But, those Chicken Littles who declare that “an all-out cyber war has begun” fail to recognize the interconnectedness and interdependence of the major economies. China, while demanding respect, has no incentive to blow up the economy of one of its largest trading partners, and by cascade, Europe, Canada, and Mexico as well.

Similarly, many companies have fallen victim to attacks launched by organized crime entities in Russia. These are almost always commercial in nature. As in most countries, the government considers these perpetrators to be criminals. These attacks cannot in any way be considered cyber warfare.

In short, we are seeing cyber flexing and, in some cases, war exercises, but not cyber war.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.