Waiting For Cybergeddon

In the United States, the FBI (which is responsible for detecting and investigating Internet based crime) is warning that America is becoming ever more vulnerable to "cybergeddon" (a massive attack via the Internet that would cripple the economy, government and military.)

The FBI admits that it has a hard time getting more money for their Internet security efforts. And reason is because the threat is largely invisible. A picture of a nuclear bomb going off, or of enemy tanks and warships ready to attack, makes a much more effective impression on the politicians who dole out the money.

The FBI also wants to get the Department of Defense Internet defense operations more involved in national level defense against network based attacks. But the four services have a hard time agreeing to coordinate their efforts to defend military use of the Internet when under massive hacker attack. Thus the FBI plea for help sort of falls on distracted ears.

There hasn't been a proper, all-out Cyber War yet. There have been lots of skirmishes, but nothing approaching what an all out battle, via the Internet, would be. What would the first Cyber War be like? Let's be blunt, no one really knows. But based on the cyber weapons that are known to exist, and the ones that are theoretically possible, one can come up with a rough idea.

First, there are three kinds of Cyber War possible. Right now, we have limited stealth operations (LSO), as Chinese, Russian, and others, use Cyber War techniques to support espionage efforts. China is the biggest practitioner, or at least they have been caught most often.

Next comes Cyber War only (CWO). This is open use of a full range of Cyber War weapons. No one has done this yet, but it's potentially less dangerous than firing missiles and unleashing tank divisions. It is believed that Russia indulged in this in 2007, when Estonia infuriated the Russians by moving a World War II statute memorializing the Soviet "liberation" of Estonia (which didn't want to be liberated by the Soviet Union.) Russia denied responsibility for the massive Cyber War assaults on Estonia, which nearly shut down the nations Internet infrastructure. Estonia accused Russia of being responsible, and tried to invoke the NATO mutual-defense pact. NATO Cyber War experts went to Estonia, and shortly thereafter the attacks stopped. Apparently Russia got the message that this sort of thing could escalate in something more conventional, and deadly.

Then we have Cyber War in support of a conventional war. Technically, we have had this sort of thing for decades. It has been called "electronic warfare" and has been around since World War II. But the development of the Internet into a major part of the planets commercial infrastructure, takes "electronic warfare" to a whole other level. Cyber War goes after strategic targets, not just the electronic weapons and communications of the combat forces.

A successful Cyber War depends on two things; means and vulnerability. The "means" are the people, tools and cyberweapons available to the attacker. The vulnerability is the extent to which the enemy economy and military use the Internet and networks in general. We don't know who has what Cyber War capabilities exactly, although China and the U.S. have openly organized Cyber War units, and both nations have lots of skilled Internet experts.

Vulnerability is another matter. The United States is the most exposed to Cyber War attack because, as a nation, we use the Internet more than any other country. That's the bad news. The good news is that if an attacker ever tried to launch a Cyber War by assaulting the U.S., it could backfire. This risk has to be kept in mind when considering what a Cyber War might do. Recall military history. The Pearl Harbor attack in 1941 actually backfired on the Japanese, by enraging Americans and unleashing a bloodthirsty response that left Japan in ruins. The lesson of the original Pearl Harbor is, if you're going to hit someone this way, better make it count. If your opponent is bigger than you, and gets back up, you could be in some serious trouble.

The big problem with Cyber War is that there has not been a lot of experience with it. Without that, no one is really sure what will happen when someone attempts to use it at maximum strength. But unlike nuclear weapons, there is far less inhibition about going all-out with Cyber War weapons. That is the biggest danger. Cyber War is a weapon of growing might, and little restraint by those who wield it. Things are going to get a lot worse.

U.S. Department Of Defense Setting Up Cyber War Section

Once again, the U.S. Department of Defense is trying to build a "Cyber War test range."

Previous efforts have foundered over technical issues. A Cyber War test range would be a collection of computers and networking equipment that would accurately simulate large chunks of the Internet.

This would include a full (and accurate) array of personal, commercial and military computers, but also accurate simulation of what the users are doing. A formidable task, but this time around, the Pentagon thinks it has previous obstacles covered.

Time will tell, and the success of the effort probably won't known until the aftermath of a future Cyber War demonstrates that the Cyber War test range was indeed accurate enough.

The "Cyber War test range" is basically a combination of widely known hardware, and some very special software. The latter element is the hard part.

Hoo-ah: DoD launches Operation TroopTube

The U.S. Department of Defense has created its own video sharing web site; TroopTube.

On May 14th, 2007, the Pentagon began blocking access to YouTube, MySpace, Metacafe, IFilm, StupidVideos, and FileCabi, BlackPlanet, Hi5, Pandora, MTV, 1.fm, live365, and Photobucket.

These are sites that provide video and audio clips to users. This means that anyone using a computer connected to Department of Defense network (NIPRNET), was no longer able to reach the banned sites.

The reason for the ban was quite practical. All those video and audio clips were jamming up the network, and making it difficult to get official business done. This is a problem university networks began to encounter in the 1990s, and solved by a combination of expanding capacity, and restricting how much students could use the network for downloading large files.

The Department of Defense is in a slightly different situation, because many of its users overseas depend on satellites for their Internet connection. Land based fiber-optic lines can provide a lot more capacity, but in combat zones like Iraq and Afghanistan, satellite is all that's available.

TroopTube was established because of the backlash that developed when the troops lost access to the videos and social networking sites. The troops use YouTube and MySpace to keep in touch with the folks back home, and each other.

It's a big deal as far as morale goes. Troops still have access to the banned sites via non-military connections. But these are not as accessible, and often low capacity, in combat zones. Many troops take their laptops with them to the combat zone, and expect to use them.

In addition, the military uses YouTube as part of their public relations efforts, to show clips of good things the troops are doing. It appears that the decision to block access was taken without realizing some of the side effects. Something had to be done quickly. But there are often other consequences, like security problems, that cannot be ignored either.

So TroopTube will encourage the uploading of videos showing the troops in action. But the uploaded vids will be screened to make sure OPSEC (Operational Security) is not violated, and the uploaders don't give the enemy access to information that might endanger the troops. There are details of tactics and techniques that videos might show more clearly than even enemy troops involved would notice. Such videos could be used to train enemy fighters to counter the American tactics and weapons. The military censors will also block videos that might be embarrassing to the military (these usually show up on YouTube anyway.)