The Invisible Threat
By Alan W. Dowd, ASCF Senior Fellow August 1, 2012
What if America’s enemies were probing the Pentagon for weaknesses, sabotaging the government’s ability to protect the country, stealing sensitive information and even planting time bombs that could cripple the country? Most of us would say America is under attack. And we’d be right. Whatever we call it, something not too dissimilar is happening in cyberspace, as a disparate collection of individuals, groups and foreign governments take aim at America’s information infrastructure—our country’s nervous system.
To get a sense of how vulnerable our information infrastructure is to foreign exploitation and attack, consider an all-too-real scenario:
You wake up tomorrow morning, turn the TV to your favorite morning news show, and boot up your laptop while you begin checking the messages on your cell phone. But your cell phone is dead. The Internet works, but the websites of your favorite newspapers don’t. Only a handful of TV stations—all local channels—are broadcasting. And all of them are warning viewers to boil water before drinking it, due to the failure of water-treatment facilities. A scrolling statement along the bottom of the screen announces that several major banks are unable to open due to computer problems; electrical-power grids in the Northeast have gone dark; and automatic failsafe procedures have kicked in at several airports, snarling air travel across the country. Hospitals and groceries, gas stations and seaports, are shut down and cut off. Scrambling for information, you turn on the radio and hear reports that the United States has been hit by “a massive cyberattack of unknown origin.” A hurriedly crafted White House statement announces that the president has been moved to an undisclosed location. You race back to your computer to email friends in other parts of the country, but now, aside from the words “Unable to connect to the Internet,” the screen is blank. America is blind, panicked and under attack.
Web War I
Defense Secretary Leon Panetta has described this sort of cyberattack as “the next Pearl Harbor.” But that may be an understatement. Unlike Pearl Harbor, which decimated the Pacific fleet but left America’s vast industrial, communications and utilities infrastructure untouched, an orchestrated cyberattack could cripple our power grid, freeze our financial system, blind our military and scramble our communications networks—mixing the very worst of Pearl Harbor, 9/11, the 2003 Northeast Blackout and the 2008 economic crash.
If that sounds overly dramatic or alarmist, just consider Estonia, which weathered what some call “Web War I” in 2007. It started when Russian nationalists unleashed a withering volley of “distributed denial of service” attacks that disabled Internet-dependent systems across the country, including networks supporting government agencies, media outlets, the mobile-phone system, the 9-1-1 equivalent and the country’s largest bank. In layman’s terms, the attackers crashed networks with countless computer-generated “zombie” hits, flooded servers with junk data, and, as The International Herald Tribune explained, overwhelmed “the routers and switches…that direct traffic on the network.”
“Cyber-attacks are a form of offensive action that can paralyze, weaken, harm a nation-state,” Estonian president Toomas Hendrik Ilves explained following the three-week cyber-siege of his country.
A year after Estonia, Russian cyber-militiamen launched a digital invasion ahead of the Russian military’s ground invasion of Georgia, crippling government networks, hijacking servers and slowing Georgia’s ability to respond.
In 2009, hackers from the former Soviet Union, bankrolled by Hezbollah and Hamas, carried out cyberattacks against Israel. As the Israeli newspaper Haaretz reported, “The Home Front Command’s site, which instructs citizens how to protect themselves from attacks, was down for three hours.”
Russia is not the only culprit—and the list of victims is not limited to our friends in Estonia, Georgia and Israel. Gen. Keith Alexander, commander of U.S. Cyber Command (CYBERCOM), notes that “over 100 countries have network-exploitation capabilities…in 2011 the number of cyberattacks rose 44 percent…the number of attacks on U.S. critical infrastructure went from nine in 2009 to over 160 in 2011.”
Many of those attacks are emanating from China.
• Beijing encourages hundreds of quasi-independent hacker teams and even trains some at Chinese military bases. In fact, the Pentagon concluded in 2007 that the People’s Liberation Army (PLA) “has established information warfare units to develop viruses to attack enemy computer systems and networks.”
• Germany blames hackers linked to the PLA for massive cyberattacks against the chancellery and foreign ministry. One German official even used the phrase “Chinese cyberwar” in describing the attacks.
• In 2007, the Pentagon was forced to disable computer systems serving the Office of Secretary of Defense, after it was discovered that the PLA had hacked into the system.
• Chinese hackers have attacked government ministries in Europe, Japan, India, Taiwan, South Korea, Australia and dozens of other countries; penetrated computer systems at U.S. defense firms, the White House, State Department and NASA; and planted computer components in the United States with Trojan horse codes that could be activated to destroy or disable real-world facilities. “If we go to war with them, they will try to turn them on,” an intelligence official told The Wall Street Journal.
• The Pentagon’s 2008 report on China concluded that Beijing views cyberspace as an arena for “non-contact warfare” and aims to conduct “cyber-warfare against civilian and military networks—especially against communications and logistics nodes.”
• “China’s development in the cyber realm, combined with its other anti-access/area denial capabilities, imposes significant potential risk on U.S. military activities,” according to Adm. Samuel J. Locklear III, commander of Pacific Command. Indeed, the Pentagon’s 2011 report on Chinese military power noted that Beijing would employ cyberattacks “to constrain an adversary’s actions or slow response time by targeting network-based logistics.” Consider the gaping vulnerabilities of U.S. Transportation Command (TRANSCOM). AOL Defense reports that 90 percent of TRANSCOM’s communications are handled on unclassified networks, owing to the fact that TRANSCOM has to rely on collaborative relationships with commercial partners to move military equipment. In the event of a U.S.-China crisis, it’s not difficult to imagine Chinese cyberwarriors exploiting this vulnerability.
The physical infrastructure America depends on—the electrical grid, water-treatment facilities, air-traffic control system, transportation arteries—depends on cyberspace. And cyberspace is at risk. With a few keystrokes, someone could throw America’s high-tech society back to pre-industrial days.
Before scoffing at that possibility, listen to the words of Ene Ergma, head of the Estonian parliament: “Cyberwar doesn’t make you bleed. But it can destroy everything.” Or consider this: The British government warns that utilities-network upgrades carried out by the Chinese telecom firm Huawei may have given Beijing the ability to shut down essential services, including power and water supplies.
Similarly, The Wall Street Journal has reported on “pervasive” penetration of the U.S. electrical grid, whereby malicious software and sleeper switches have been implanted to allow China or Russia to disrupt service at a time of their choosing.
It’s no wonder that House Intelligence Committee Chairman Mike Rogers warns that “Something pretty bad is coming.” Alexander worries about the enemy’s “transition from disruptive to destructive attacks…I think those are coming.”
The challenge is to mitigate the effects of a full-blown cyber-crash, cyber-blackout, cyber-9/11 or cyber-Pearl Harbor—and then to take the fight to the enemy’s swath of cyberspace. Click here for part II