NEW YORK – For the past few years, there has been an explosion of ways in which countries can engage in destructive behavior. The use of cyberspace as a venue of battle has changed the nature of conventional warfare. This poses problems in terms of response to those threats as well as how to develop international agreements to curtail its use.
A March 7 report by U.S. weapons manufacturer Northrop Grumman, “Occupying the Information High Ground: Chinese Capabilities for Computer Network Operations and Cyber Espionage,” warns of Beijing’s integration of network operations into a broader military and intelligence context and of the threat this represents to U.S. economic and strategic interests.
According to this report, more than 50 Chinese universities are conducting research on information security, funded by five national grant programs as part of a broad national policy. Several sectors of the U.S. economy are seriously endangered, including public and private facilities, banking and finance, education and government, and other operations that depend on computers for daily operations.
FBI Director Robert Mueller has alerted U.S. lawmakers that terrorists could carry out cyberattacks on the United States and that the nation needed to be prepared. He told a House appropriation subcommittee that “To date, terrorists have not used the Internet to launch a full-scale cyberattack, but we cannot underestimate their intent.”
A relatively minor cyberattack was launched last June on the U.S. Senate’s website. Sensitive information was not affected,but internal directory data was stolen. Danger is not limited to the U.S.
In July 2011, the South Korean company SK Communications was hacked. As a result, important personal details of up to 35 million people were stolen in what seems to have been part of a broader, concerted hacking effort.
Perhaps the best known — the mother of all attacks — was perpetrated against Iran’s centrifuges by the Stuxnet worm in the Natanz nuclear enrichment facility, which probably delayed Tehran’s nuclear development activities by several months. Many consider this worm the most advanced of its kind, one that significantly increases the profile of cyber warfare.
“We have entered into a new face of conflict in which we use a cyberweapon to create physical destruction, and in this case, physical destruction in someone else’s critical infrastructure,” declared retired Gen. Michael Hayden to the CBS newsmagazine “60 minutes.” Hayden, who served as CIA director under President George W. Bush, acknowledges that he knows more about the attack on Iran that he is willing to discuss publicly.
There are also potential problems with this kind of warfare, however. Malware modeled after Stuxnet could also be used to target critical infrastructure in the U.S. such as electrical power grids and water treatment plants, in addition to Defense facilities and banks. All these actions could adversely affect security installations and cause enormous economic damages.
According to Defense officials, Pentagon computers are targeted about 5,000 times each day. Although the extent of damage so far has been controlled, there are no assurances that in the future this kind of activities may not cause devastating effects. North American Electric Reliability Corp. has alerted the public that the U.S. electrical grid is exposed to cyberattacks that could cause enormous damage.
In this regard, counterterrorism expert Richard A. Clarke stated on National Public Radio in 2010: “We’re probably doing things on lots of networks around the world to get ready for cyberwar, and yet we don’t have a military strategy that has been shared with the Congress or the public. I suspect we don’t really have a military strategy at all.”
He added, “We have extremely good cyberoffensive capabilities — and almost nothing in the way of cyberdefense.”
The real dilemma is how to reach international agreements to limit military attacks in cyberspace.
A Ukrainian professor of international law, Alexander Merezhko, has developed a project, the International Convention on Prohibition of Cyberwar in Internet, and American Gen. Keith B. Alexander believes that the U.S. and Russia should talk about ways to avoid military attacks in cyberspace — although evidence would indicate that the genie is already out of the bottle.
Cesar Chelala, M.D., is a co-winner of the Overseas Press Club of America award.