Tweet
Thousands of daily attacks on federal and private computer systems in the United States — many from China and Russia, some malicious and some testing chinks in the patchwork of American firewalls — have prompted the Obama administration to review American strategy.
President Obama is expected to propose a far larger defensive effort in coming days, including an expansion of the $17 billion, five-year program that Congress approved last year, the appointment of a White House official to coordinate the effort, and an end to a running bureaucratic battle over who is responsible for defending against cyberattacks.
But Mr. Obama is expected to say little or nothing about the nation’s offensive capabilities, on which the military and the nation’s intelligence agencies have been spending billions. In interviews over the past several months, a range of military and intelligence officials, as well as outside experts, have described a huge increase in the sophistication of American cyberwarfare capabilities.
Cyberwar would not be as lethal as atomic war, of course, nor as visibly dramatic. But when Mike McConnell, the former director of national intelligence, briefed Mr. Bush on the threat in May 2007, he argued that if a single large American bank were successfully attacked “it would have an order-of-magnitude greater impact on the global economy” than the Sept. 11, 2001, attacks. Mr. McConnell, who left office three months ago, warned last year that “the ability to threaten the U.S. money supply is the equivalent of today’s nuclear weapon.”
The scenarios developed last year for the incoming president by Mr. McConnell and his coordinator for cybersecurity, Melissa Hathaway, went further. They described vulnerabilities including an attack on Wall Street and one intended to bring down the nation’s electric power grid. Most were extrapolations of attacks already tried.
Today, Ms. Hathaway is the primary author of White House cyberstrategy and has been traveling the country talking in vague terms about recent, increasingly bold attacks on the computer networks that keep the country running. Government officials will not discuss the details of a recent attack on the air transportation network, other than to say the attack never directly affected air traffic control systems.
Still, the specter of an attack that could blind air traffic controllers and, perhaps, the military’s aerospace defense networks haunts military and intelligence officials. (The saving grace of the air traffic control system, officials say, is that it is so old that it is not directly connected to the Internet.)
Studies, with code names like Dark Angel, have focused on whether cellphone towers, emergency-service communications and hospital systems could be brought down, to sow chaos.
But the theoretical has, at times, become real.
Early hints of this new kind of warfare emerged in the confrontation between Russia and Estonia in April 2007. Clandestine groups — it was never determined if they had links to the Russian government — commandeered computers around the globe and directed a fire hose of data at Estonia’s banking system and its government Web sites.
The computer screens of Estonians trying to do business with the government online were frozen, if they got anything at all. It was annoying, but by the standards of cyberwar, it was child’s play.
In August 2008, when Russia invaded Georgia, the cyberattacks grew more widespread. Georgians were denied online access to news, cash and air tickets. The Georgian government had to move its Internet activity to servers in Ukraine when its own servers locked up, but the attacks did no permanent damage.
Every few months, it seems, some agency, research group or military contractor runs a war game to assess the United States’ vulnerability.
Senior intelligence officials were shocked to discover how easy it was to permanently disable a large power generator. That prompted further studies to determine if attackers could take down a series of generators, bringing whole parts of the country to a halt.
Just before Mr. Obama was elected, the Center for Strategic and International Studies, a policy research group in Washington, warned in a report that “America’s failure to protect cyberspace is one of the most urgent national security problems facing the new administration.”
What alarmed the panel was not the capabilities of individual hackers but of nations — China and Russia among them — that experts believe are putting huge resources into the development of cyberweapons. A research company called Team Cymru recently examined “scans” that came across the Internet seeking ways to get inside industrial control systems, and discovered more than 90 percent of them came from computers in China.
Scanning alone does no damage, but it could be the prelude to an attack that scrambles databases or seeks to control computers. But Team Cymru ran into a brick wall as soon as it tried to trace who, exactly, was probing these industrial systems. It could not determine whether military organizations, intelligence agencies, terrorist groups, criminals or inventive teenagers were behind the efforts.
The good news, some government officials argue, is that the Chinese are deterred from doing real damage: Because they hold more than a trillion dollars in United States government debt, they have little interest in freezing up a system they depend on for their own investments.
Then again, some of the scans seemed to originate from 14 other countries, including Taiwan, Russia and, of course, the United States.
During the cold war, if a strategic missile had been fired at the United States, screens deep in a mountain in Colorado would have lighted up and American commanders would have some time to decide whether to launch a counterattack. Today, when Pentagon computers are subjected to a barrage, the origin is often a mystery. Absent certainty about the source, it is almost impossible to mount a counterattack.
In the rare case where the preparations for an attack are detected in a foreign computer system, there is continuing debate about whether to embrace the concept of pre-emption, with all of its Bush-era connotations. The questions range from whether an online attack should be mounted on that system to, in an extreme case, blowing those computers up.
Some officials argue that if the United States engaged in such pre-emption — and demonstrated that it was watching the development of hostile cyberweapons — it could begin to deter some attacks. Others believe it will only justify pre-emptive attacks on the United States. “Russia and China have lots of nationalistic hackers,” one senior military officer said. “They seem very, very willing to take action on their own.”
Senior Pentagon and military officials also express deep concern that the laws and understanding of armed conflict have not kept current with the challenges of offensive cyberwarfare.
Over the decades, a number of limits on action have been accepted — if not always practiced. One is the prohibition against assassinating government leaders (? This is the NYTimes so liberal fantasies will pop up from time to time). Another is avoiding attacks aimed at civilians. Yet in the cyberworld, where the most vulnerable targets are civilian, there are no such rules or understandings. If a military base is attacked, would it be a proportional, legitimate response to bring down the attacker’s power grid if that would also shut down its hospital systems, its air traffic control system or its banking system?
“We don’t have that for cyber yet,” one senior Defense Department official said, “and that’s a little bit dangerous.”
http://www.nytimes.com/2009/04/28/us...ef=todayspaper
President Obama is expected to propose a far larger defensive effort in coming days, including an expansion of the $17 billion, five-year program that Congress approved last year, the appointment of a White House official to coordinate the effort, and an end to a running bureaucratic battle over who is responsible for defending against cyberattacks.
But Mr. Obama is expected to say little or nothing about the nation’s offensive capabilities, on which the military and the nation’s intelligence agencies have been spending billions. In interviews over the past several months, a range of military and intelligence officials, as well as outside experts, have described a huge increase in the sophistication of American cyberwarfare capabilities.
Cyberwar would not be as lethal as atomic war, of course, nor as visibly dramatic. But when Mike McConnell, the former director of national intelligence, briefed Mr. Bush on the threat in May 2007, he argued that if a single large American bank were successfully attacked “it would have an order-of-magnitude greater impact on the global economy” than the Sept. 11, 2001, attacks. Mr. McConnell, who left office three months ago, warned last year that “the ability to threaten the U.S. money supply is the equivalent of today’s nuclear weapon.”
The scenarios developed last year for the incoming president by Mr. McConnell and his coordinator for cybersecurity, Melissa Hathaway, went further. They described vulnerabilities including an attack on Wall Street and one intended to bring down the nation’s electric power grid. Most were extrapolations of attacks already tried.
Today, Ms. Hathaway is the primary author of White House cyberstrategy and has been traveling the country talking in vague terms about recent, increasingly bold attacks on the computer networks that keep the country running. Government officials will not discuss the details of a recent attack on the air transportation network, other than to say the attack never directly affected air traffic control systems.
Still, the specter of an attack that could blind air traffic controllers and, perhaps, the military’s aerospace defense networks haunts military and intelligence officials. (The saving grace of the air traffic control system, officials say, is that it is so old that it is not directly connected to the Internet.)
Studies, with code names like Dark Angel, have focused on whether cellphone towers, emergency-service communications and hospital systems could be brought down, to sow chaos.
But the theoretical has, at times, become real.
Early hints of this new kind of warfare emerged in the confrontation between Russia and Estonia in April 2007. Clandestine groups — it was never determined if they had links to the Russian government — commandeered computers around the globe and directed a fire hose of data at Estonia’s banking system and its government Web sites.
The computer screens of Estonians trying to do business with the government online were frozen, if they got anything at all. It was annoying, but by the standards of cyberwar, it was child’s play.
In August 2008, when Russia invaded Georgia, the cyberattacks grew more widespread. Georgians were denied online access to news, cash and air tickets. The Georgian government had to move its Internet activity to servers in Ukraine when its own servers locked up, but the attacks did no permanent damage.
Every few months, it seems, some agency, research group or military contractor runs a war game to assess the United States’ vulnerability.
Senior intelligence officials were shocked to discover how easy it was to permanently disable a large power generator. That prompted further studies to determine if attackers could take down a series of generators, bringing whole parts of the country to a halt.
Just before Mr. Obama was elected, the Center for Strategic and International Studies, a policy research group in Washington, warned in a report that “America’s failure to protect cyberspace is one of the most urgent national security problems facing the new administration.”
What alarmed the panel was not the capabilities of individual hackers but of nations — China and Russia among them — that experts believe are putting huge resources into the development of cyberweapons. A research company called Team Cymru recently examined “scans” that came across the Internet seeking ways to get inside industrial control systems, and discovered more than 90 percent of them came from computers in China.
Scanning alone does no damage, but it could be the prelude to an attack that scrambles databases or seeks to control computers. But Team Cymru ran into a brick wall as soon as it tried to trace who, exactly, was probing these industrial systems. It could not determine whether military organizations, intelligence agencies, terrorist groups, criminals or inventive teenagers were behind the efforts.
The good news, some government officials argue, is that the Chinese are deterred from doing real damage: Because they hold more than a trillion dollars in United States government debt, they have little interest in freezing up a system they depend on for their own investments.
Then again, some of the scans seemed to originate from 14 other countries, including Taiwan, Russia and, of course, the United States.
During the cold war, if a strategic missile had been fired at the United States, screens deep in a mountain in Colorado would have lighted up and American commanders would have some time to decide whether to launch a counterattack. Today, when Pentagon computers are subjected to a barrage, the origin is often a mystery. Absent certainty about the source, it is almost impossible to mount a counterattack.
In the rare case where the preparations for an attack are detected in a foreign computer system, there is continuing debate about whether to embrace the concept of pre-emption, with all of its Bush-era connotations. The questions range from whether an online attack should be mounted on that system to, in an extreme case, blowing those computers up.
Some officials argue that if the United States engaged in such pre-emption — and demonstrated that it was watching the development of hostile cyberweapons — it could begin to deter some attacks. Others believe it will only justify pre-emptive attacks on the United States. “Russia and China have lots of nationalistic hackers,” one senior military officer said. “They seem very, very willing to take action on their own.”
Senior Pentagon and military officials also express deep concern that the laws and understanding of armed conflict have not kept current with the challenges of offensive cyberwarfare.
Over the decades, a number of limits on action have been accepted — if not always practiced. One is the prohibition against assassinating government leaders (? This is the NYTimes so liberal fantasies will pop up from time to time). Another is avoiding attacks aimed at civilians. Yet in the cyberworld, where the most vulnerable targets are civilian, there are no such rules or understandings. If a military base is attacked, would it be a proportional, legitimate response to bring down the attacker’s power grid if that would also shut down its hospital systems, its air traffic control system or its banking system?
“We don’t have that for cyber yet,” one senior Defense Department official said, “and that’s a little bit dangerous.”
http://www.nytimes.com/2009/04/28/us...ef=todayspaper
Comment