Cyber Warfare: Fear Is The Real Threat

Lately cyber warfare has become a popular phrase. I’ve come across reports and news items stressing the importance of protecting ourselves against this vicious threat; however, such coined phrases often make the situation sound worse than it is.

What is cyber warfare?

Cyber warfare is generally understood to mean a foreign nation trying to cause damage or disruption to another country through the misuse of computer systems; however, in my opinion this is no different to a situation that we’re constantly living in.

Cyber warfare is not some hypothetical World War III scenario; it describes everyday reality and I believe that what needs to be done to combat it is what we should already be doing, that is, securing any systems under our care. There is certainly no need for the virtual equivalent of weapons of mass destruction, yet this is exactly what is happening.

Recently the United States Senate approved a plan to provide the President with an Internet Kill Switch. A recent survey conducted by Unisys suggests that 61% of Americans believe the President should have the power to kill off portions of the internet in the event of an attack. To me this effectively means that the President can legally shut down whatever he wants, whenever he wants.

Why whenever?

Because attacks happen all the time. Just look at your server logs, you will see 10 – 20 probes each day, password guessing attempts as well as scans for known exploits. Cyber warfare is not a hypothetical doomsday scenario, it’s everyday life.

Another important point is that an internet kill switch doesn’t make much sense in any case. Starting from the basics, critical systems such as computer systems controlling power plants should not be hooked to the internet.

There are proper operating procedures, and critical systems shouldn’t be accessible online by just anyone, they should be segregated to their own closed network. If you require remote connectivity, use dedicated lines. Cutting America off from the rest of the world in the event of someone gaining unauthorized access to the system is both a bad idea and a futile one.

Why futile?

Well, if I am trying to damage the infrastructure in warfare I don’t need a persistent connection to my target, the minute I gain access I am done. I can do all sorts of things, from unleashing malware to simply deleting everything I have access to. This is not a sustained shelling that stops the moment the kill switch is engaged. Such attacks need to be prevented before they have a chance of even occurring. By cutting yourself off after the event just makes repairing things more difficult.

Personally I believe that addressing a threat such as Cyber Warfare is no different to what should be done to protect any country’s infrastructure. Does it matter if the power grid is disturbed because of an attack by a foreign nation or if it is disrupted because a local kid looking for fame tried to gain access and cause damage unintentionally? Of course not.

Ultimately what you’re interested in is a stable uninterrupted service and that’s something you achieve through proactive action, proper designs and effective policies, not through a switch that when pressed will suddenly isolate you from the rest of the world.

SHARETweet about this on TwitterShare on LinkedInShare on FacebookShare on Google+Pin on PinterestDigg thisShare on RedditShare on TumblrShare on StumbleUponEmail this to someone

Emmanuel Carabott CISSP heads security research at GFI Software. He has over 12 years’ experience in the security field and is a regular contributor to several websites and blogs. For more information about the benefits of using email usage reporting.