In January 2010, a group calling itself the Iranian Cyber Army brought down China’s biggest search engine: baidu.com. As reported by the digital risk management consulting firm mi2g, “We are in the midst of a Cold Cyberwar, which straddles the transnational corporate sector, major governments, defense industry players, and global criminal syndicates.”
"Train like you fight because you will fight like you train" is the motto of the US-based Cybersecurity Institute — and its classes are completely filled through May 2010. This video provides an overview of cyber warfare, characterizing it as perhaps the #1 threat to the U.S.:
The bi-partisan S.773: Cybersecurity Act of 2009 was introduced by Senators Jay Rockefeller (D-WV) and Olympia Snowe (R-ME) and referred to committee last year. To counter the threat of cyber warfare, DARPA is now creating the National Cyber Range (NCR) as part of the new federal Comprehensive National Cyber Initiative (CNCI). According to DARPA, the NCR will “realistically replicate human behavior and frailties,” and provide “realistic, sophisticated, nation-state quality offensive and defensive opposition forces.” This is a “test bed” of networked computers that will be fully automated and instrumented for organizations like the Cybersecurity Institute to try out the latest in counter measures. “Cyber attacks are a common and increasing occurrence,” says DARPA Program Manager Dr. Michael VanPutte. “As a result, it’s essential that the United States maintain a strong technological advantage in cyber security.”
Google’s recent disclosure that the attacks targeting it and other U.S. companies originated in China created quite an uproar. Human rights activists who use Gmail also were targeted, prompting Google to threaten to withdraw its services from China. Also in response to the attack, Microsoft was forced to issue an “out-of-cycle patch” for the Internet Explorer bug that exposed Google and the other companies to the cyberattacks. The security bug was an “invalid pointer reference” that could allow an attacker to take control of a computer “if the target were duped into clicking on a link in an e-mail or an instant message to visit a web site hosting malware.” According to a Microsoft press release, “[the bug] could also [be used] to display specially crafted Web content using banner advertisements or other methods to deliver Web content to affected systems.”
As reported by h+ last year (see Resources), the Obama administration has created a military cybersecurity command to unify responsibility for Pentagon networks — this responsibility was spread across several agencies and service branches. The command assists the Department of Homeland Security, but is not subsumed under it. Former Microsoft and Ebay executive Howard Schmidt was appointed as President Obama’s new cybersecurity coordinator. Schmidt has regular access to Obama as a “key member” of his National Security staff. “Howard will have the important responsibility of orchestrating the many important cybersecurity activities across the government,” President Obama said. “Howard is one of the world’s leading authorities on computer security, with some 40 years of experience in government, business and law enforcement.”
In August 2009, the U.S. Air Force activated its new cyberspace combat unit, the 24th Air Force, to “provide combat-ready forces trained and equipped to conduct sustained cyber operations.” The 24th is commanded by former Minuteman missile and satellite-jamming specialist Major General Richard Webber. Under his command are two cyber “wings,” the 688th Information Operations Wing and the 67th Network Warfare Wing, in addition to combat communications units. Located in Texas, the 67th Network Warfare Wing “organizes, trains, and equips cyberspace forces to conduct network defense, attack, and exploitation.” “It also executes full-spectrum Air Force network operations, training, tactics, and management for AFNetOps/CC and combatant CCs,” according to the 24th Air Force web site.
Some commentators are comparing the government ramp-up to “Operation Screaming Fist,” a fictional military operation in William Gibson’s novel Neuromancer aimed at introducing a virus into a Russian military computer. The fictional operation flew a team of specialists across enemy lines on light gliders, and team members plugged into the first prototype “cyberdecks” to monitor security. Russian electromagnetic pulse weapons were used against the gliders shortly after they entered Russian airspace and the operation failed.
Some are comparing the government ramp-up to “Operation Screaming Fist,” a fictional military operation in William Gibson’s novel Neuromancer.
These days, Russia may not be as worrisome to the U.S. and China as Iran, particularly given the recent Iranian Cyber Army attack on China’s network. And given the recent Google cyberattacks, surely the US cyber command is keeping a watchful eye on China’s cybersecurity capabilities. The creation of DARPA’s NCR provides “a virtual network world — to be populated by mirror computers and inhabited by myriad software sim-people ‘replicants,’ and used as a firing range in which to develop the art of cyber warfare,” reports The Register. Sound something like Gibson’s cyberdecks? The availability of both an experimental test bed and an Air Force fighter wing — along with a new cybersecurity coordinator — could well result in an Operation Screaming Fist. Whether for defense or offense, the better the simulation, the better the intelligence.