Twitter Facebook Google RSS

Rules of Cyber War Baffle U.S. Government Agencies 


by John Stanton 

Current and future actions by governments around the world in response to attacks on their computer systems are being watched closely by experts and policy makers. In the United States, particularly, these developments will become part of what could be a national policy for fighting the so-called cyber wars.

Recent cyber skirmishes between enemy nations offer stark examples of what could happen in the murky, undefined confines of information warfare.
One instance involves a reported attack by Indonesia on an East Timor web site based in Ireland. These attacks forced East Timor's web site host in Ireland to shut down and relocate to another server.

China and Taiwan, meanwhile, already may have taken cyber warfare to the next level. After Taiwan's president Lee Teng-hui voiced support for the island's independence in the summer of 1999, China began to launch cyber attacks aimed at altering official Taiwanese government websites. What followed could be considered state-to-state cyber war, in which complete infrastructures were assaulted.

"In late July, about a month after Lee's statement, Taiwan experienced a nationwide blackout. One week later, many of the nation's banking teller machines crashed," said John Pike, a military intelligence expert at the Washington, D.C.-based Federation of American Scientists. "Taiwan denied at the time that it was anything out of the ordinary ... but this seems much more than mere coincidence," he said in an interview.

In the United States, meanwhile, many of the casualties of cyber wars are found in the private sector. Computer Economics Inc., located in Carlsbad, Calif., estimated damages from computer virus attacks in 1999 at $7.6 billion (a figure the U.S. government often cites). According to Computer Economics vice president of research, Michael Erbschloe, "The attacks are a form of economic terrorism, and the economic impact of each new attack will increasingly be damaging to productivity."

One industry observer indicated, "The billions of dollars lost as a result of cyber war should make it abundantly clear that this is a matter of national security. We've been fortunate thus far in that we've lost only money and not lives in a cyber attack ... yet."

Michael Vatis, director of the FBI's National Infrastructure Protection Center (NPIC), pointed out in congressional testimony that the FBI has more than 800 pending investigations dealing with criminal cyber-attacks and that doesn't include hostile nation threats. Vatis believes the government desperately needs the private sector's help in dealing with these problems. "Clearly, we cannot rely on government personnel alone. Much of the technical expertise needed for our mission resides in the private sector ... We rely on contractors to provide technical and other assistance."

U.S. intelligence officials, speaking on background, explained that they have routinely penetrated potential enemies' computer networks. These officials claim that thousands of attacks have taken place, and sensitive information was stolen. But critics warn that the legitimacy of these claims is questionable because they come from organizations that specialize in secrecy, eavesdropping and perception management operations. According to Bruce Schneier, of Counterpane Internet Security in San Jose, Calif., there is an ongoing and "active disinformation campaign by government" when it relates to cyber war.

These developments seem to validate recent comments by Rep. Porter Goss, R-Fla., chairman of the House Intelligence Committee: "The only certainty in this uncertain world, as far as I'm concerned, is that threats are out there, and they are getting more dangerous."

Protect and Defend
During the past two years, the Clinton administration has issued new policy directives aimed at dealing with current and emerging threats to U.S. information systems. Vatis pointed out that these policies have "set in motion an unprecedented effort to protect our nation's critical infrastructure."

Vatis' NIPC is proving its mettle as the most visible U.S. government early cyber warning and response interagency organization. Located at the FBI, it employs 108 individuals representing the FBI, the Central Intelligence Agency, the Defense Department, the Secret Service, NASA and the U.S. Postal Service. It makes available to the public so-called Cybernotes-along with an array of other documents-which assess weaknesses in commonly used software and provide troubleshooting solutions.

The FBI also runs the Awareness of National Security Issues and Response Program (ANSIR) which, according to FBI documentation, is "the public voice of the FBI for espionage, counterintelligence, counter-terrorism, economic espionage, cyber and physical infrastructure protection, and all national security issues."

ANSIR provides information to corporations, law enforcement and government agencies. It puts together a "national security threat list" designed by the FBI, intelligence agencies and the military. The program includes an ANSIR fax/email reporting system, and offers up to a $500,000 reward for "stopping espionage."

Congress also has stepped in to fund increased cyber-warfare activity and numerous hearings have been held on the subject. Late last year, lawmakers approved nearly $500 million of the president's early 1999 request for information operations. A Senate staffer indicated: "The Congress is in the mood to fund programs related to information operations."

On the House side, there have been talks about a future Homeland Defense Committee that would be formed to deal with cyber defense issues, along with chemical and biological defense concerns. However, a congressional staffer told National Defense that no new committee would be created, but there would be a "member level meeting" to discuss cyber-related issues.
"The members are clearly interested in looking at this [cyber war] issue ... particularly since the government is years and years behind technologically," said the staffer. "The government is not there anymore...the commercial sector has the lead."

"Put me in a room with 12 hand-picked computer technicians, and I will do more damage to an adversary's infrastructure than a B-1 bomber or the 7th Fleet," said Frank Jones, president of Codex Systems in New York, and a former New York City police officer. His company produces surveillance and tracking software for military and intelligence agencies.

"The private sector is so far ahead in this field," said Jones. During recent product demonstrations to government representatives, "the look on their faces was one of awe, like they had never seen the technology."

One of Codex's technologies allows agencies to remotely monitor any Internet-linked PC in the world and does not require physical access to the target PC. "Think of it as a fly-on-the-wall inside your computer," said Jones. "Investigators electronically place hidden software via the Internet from any listening post in the world capturing data, video, audio, keystrokes."

Another product by Codex was developed in response to the alleged theft of nuclear weapons secrets from a U.S. government facility. This technology tags electronic documents, which are then stored on a server, hard drive, floppy disk or "Honeypot." If the intruder is connected to the Internet and opens a tagged document, a message is automatically sent back to a command center somewhere in the world. According to Jones, that tagged document can be tracked through multiple chains of custody anywhere in the world.

Jones pointed out that cyber attacks are less likely to occur against secure facilities, such as Fort Knox, than against more vulnerable targets. "Who in the government or in the corporate world doesn't take work home and put it on the computer? You can attack the home PC."

At the Air Force Research Laboratory in Rome, N.Y., Joe Giordano and Dennis McCallum are developing techniques and technologies to maintain data stability in the event of a cyber attack, as well as to monitor and trace attacks. Giordano and McCallum are part of the vanguard in emerging fields known as information resiliency, cyberpathology, computer forensics and TransAttack analysis, all of which aim to assess damage, track, recover data and produce evidence for a counter attack or criminal prosecution.

Their techniques follow similar patterns to those used in medical pathology, viral tracking models used by the Centers for Disease Control and even genetic mapping techniques for data tracking. They speak about data as proficiently as a physicist or biologist would speak of particles and cilia.

"I'm a big believer in looking at the more well established disciplines to see what I can learn," said Girodano.

McCallum agreed. "For example, we're looking into helping the U.S. Army frame its policy for continuity of operations and we're looking into what other industries have done ... If they've already done something successful in this area, and it applies, we'll use it."

His employer, Logicon-Northrop Grumman, based in Herndon, Va., has implemented an internal incentive program, offering $10,000 and $5,000 prizes to employees who come up with useful innovations that can be applied to information security projects.

The Air Force Research Lab now has in place a number of cyber-defense mechanisms such as false databases made from deception software (available on the Internet) that create a bogus trail for potential hackers. When the attack is detected, a TransAttack-or forensic analysis-begins. As Giordano describes it, "While the attack is happening we gather the evidence: Who is doing this? Where are they?"

Those efforts have found their way into programs such as the Automated Intrusion Detection Environment (AIDE). AIDE is being developed for the Defense Department and the private sector and will, ultimately, allow security personnel to "be aware of global cyber-threats, to access locally relevant information from a single computer platform, and to quickly choose a course of action," he explained. An upcoming demonstration will focus on an "integrated tactical warning-attack assessment capability for intrusion" and will involve 27 sites worldwide.

Giordano predicted the next key development in the defensive information warfare field will be the ability to compile and correlate information from a variety of attacks. "The software applications have to know about data; what to throw away and what to keep," he said. AIDE is an ambitious attempt in that direction.

Rules of War
The National Security Agency (NSA) last year was awarded patent number 5,937,422. Experts said this could be significant because that patent is for a machine-based voice-pattern recognition technology. Put simply, the NSA may have a revolutionary tool to monitor international voice and data traffic by tagging speech. According to the patent documentation, "possible applications of the present invention include ... a search engine for Internet ... an interface for legal/financial information retrieval, keyword indexing for document retrieval for locating portions of interest within documents, automated data sorting, natural language processing."

According to Schneier, of Counterpane, this technology may allow the NSA to "harvest millions of telephone calls." It also raised concerns among privacy groups and the international community about the potential access by the U.S. government to private and corporate data.

Many questions remain unanswered about the rules of engagement in cyber warfare.

If the U.S. government declared martial law or a state of national emergency, what could it do legally to control cyber space? According to Stuart Biegel, professor of cyber space law at the University of California, Los Angeles, the field is wide open.

"The reality is that in a time of war, the government ... will generally ignore the law or use the available laws to justify actions taken against another nation. It's really a problem of enforcement," he said in an interview. "Remember, during the Cuban missile crisis, we did not use the word 'blockade' because by international law, that was an act of war. We used 'quarantine' to avoid war. I don't anticipate it being any different with cyber war."

And why wouldn't the basic rules of martial law apply to the Internet? Assume the United States decided to shut it down, speculated Biegel. "The problem now is that you have to figure out where U.S. cyberspace ends and international cyberspace begins. How would that affect the international community? What are the implications? Truly, it is an unexplored region, and no one knows how a nation would respond to a full scale, attributable cyber attack."

Responses to attacks against the United States could be drastic, according to the Pentagon's office of general counsel. In a document released early last year, titled "An Assessment of International Legal Issues in Information Operations," the consequences of a large-scale campaign of computer network attacks "might well justify a large-military scale response."
The report, additionally, said that "there are no show stoppers in international law for information operations as now contemplated by the Defense Department ... The growth of international law in these areas will be greatly influenced by what decision makers say and do at critical moments."
According to Maj. Gen. Wang Pufeng of the Chinese Army, "In the final analysis, information warfare is conducted by people at all levels of decision making and operations."

That's a point often overlooked by technocrats, noted Dorothy Denning, professor of computer science at Georgetown University in Washington, D.C. "In this field, you've got an interesting mix of people: Chicken Littles, who believe the sky is falling and everyone's out to get us, and Big Brother-types who fear government is everywhere. It's hard to find balance sometimes."
Denning, the author of Information Warfare and Security, believes that the most effective defense against cyber threats, real or imagined, is an educated body of citizens, "an educated public that understands the issues and the threats involved."

John J. Stanton is a member of the professional staff of the National Defense Industrial Association. His e-mail address is

  Bookmark and Share