About Me

Bay Area, CA, United States
I'm a computer security professional, most interested in cybercrime and computer forensics. I'm also on Twitter @bond_alexander All opinions are my own unless explicitly stated.

Tuesday, July 13, 2010

On "Cyberwar" - Part 2: Cyberattacks and the damage they can do

Although cyberespionage is a very real threat, it's not exactly the kind of nightmare that you see in Hollywood movies, news articles or defense contract applications.  The real question is, what kind of physical damage can a "cyberwar" or "cyberterrorism" do?

Website defacement is a very common cyber "attack", sometimes including using the server to host viruses and malware.  Denial-of-service (DoS) attacks can take a website down for a period of time.  Both can cause serious damage to a victimized business, but they're not exactly militarily effective.  Security expert Bruce Schneier vividly described the threat of DoS attacks like this:
A real-world comparison might be if an army invaded a country, then all got in line in front of people at the DMV so they couldn't renew their licenses. If that's what war looks like in the 21st century, we have little to fear.
In 2007, Estonia's government systems were hit by a major DoS attack.  While reporters widely reported it as the first cyberwar, in retrospect this seems to have been hyperbole.

There have been a number of cases of "cyberattack" reported in the media over the past few years, but it's been difficult to tell what's really going on.  Computers don't explode or fire bullets, they're just used to control other systems, so any malfunction in any system might possibly be a computer problem ... or deliberate digital sabotage.

For example, The Economist recently reported that in 1982, the CIA tampered with Soviet software to cause a gas pipeline explosion.  If true, this would be an excellent example of the physical damage a computer attack could cause (although whether it would be an act of war or an act of sabotage is a matter of opinion).  The question is, did that really happen?  It's difficult to know for sure.  In 2007, Brazil suffered a massive blackout that 60 Minutes ascribed to hackers, but it seems that it was mundane poor maintenance.

This doesn't prove or disprove the possibility of destructive hacking attacks, of course, but it does show that unlike conventional war, in the case of a cyberattack, it's difficult to even determine if you've been attacked, much less who is responsible.  This spring, Howard Schmidt was in an interview with Wired Magazine  and quite frankly said "There is no cyberwar." and "As for getting into the power grid, I can't see that that's realistic."

At present, the evidence seems to point against computer attacks causing physical damage.  However, it seems prudent that we engineer critical systems (such as powerplants) to be resistant to hacking attacks.  That way, we can keep this sort of "cyberwar" squarely in Hollywood.

Thanks to Bruce Schneier for extensive discussion of "cyberwar".  His analysis and research form much of the basis of my understanding of the concept and underlies these posts.

No comments:

Post a Comment