Pentagon digital fortress prepares for effective defense
As expected, in December this year, a new strategy of the United States - cybernetic, which has so far been tentatively named "Cyber Strategy 3.0", is to be made public. However, one of the main "players" on the field of cyber warfare, the cyber command of the US Department of Defense, could not reach the state of "full operational readiness" by October 1, as required in the last year's order of Secretary of Defense Robert Gates.
Pentagon spokesman Brian Whitman declined to predict the timing of his boss's order and said that "the exact date is not a very important component" of the actions that Washington is taking today to ensure an adequate degree of US cybersecurity.
Meanwhile, according to an estimate set out in the September-October issue of Foreign Affairs magazine by Deputy Secretary of Defense William Lynn, recently the Pentagon's digital fortress, with about 15,000 computer networks and more than 7 million computers, has been regularly tried »More than 100 special services and intelligence organizations from different countries of the world. According to the American intelligence community, "foreign governments are developing offensive means for cyber warfare," and Brigadier General Stephen Smith, emphasizing the importance of IT security for the US Armed Forces, was even more categorical: "We are not network centric, but network dependent!"
And in the wake of such turmoil, only the US Air Force Cyber Troops - the 24th Air Army - turned out to be "fully combat-ready" for a new type of war, which was officially announced on October 1 by the head of the Air Force Space Command, General Robert Kehler.
SIMPLE, CHEAP, EFFECTIVE
“Welcome to war in the 21st century,” says Richard Clarke, a recent cybersecurity adviser to former US President George W. Bush. "Imagine electric generators flashing, trains derailing, airplanes crashing, gas pipelines exploding, weapons systems that suddenly stop working, and troops who don't know where to go."
This is not a retelling of an episode from another Hollywood blockbuster - this is a short description of a high-class American expert of the consequences that a new format war - cyber warfare - can lead to. However, Hollywood noticed in time the tendency of IT crime to move to a completely new level - from lone hackers and "hacker interest groups" to squads of professional cyber fighters with a more global goal than just annoy Big Brother or steal a couple of million bucks.
It was cyberwar, albeit of a limited nature, that formed the basis of the script for the latest film about the famous Die Hard. It is still far from this, of course, but, as noted in the statement of Kaspersky Lab, the recent case with the identified "industrial" virus "StuxNet" According to the estimates of various foreign experts, there was either the Iranian nuclear power plant in Bushehr, or, as the specialists quoted by the Israeli newspaper "Haaretz" claim, the uranium-235 enrichment plant in Natanz. The complexity of the virus and its extremely high selectivity indicate that this malicious program was created not by a self-taught hacker, but by a group of highly qualified specialists who, without exaggeration, had a gigantic budget and the ability to integrate resources. After analyzing the worm's code, Kaspersky Lab experts concluded that the main task of StaxNet is "not spying on infected systems, but subversive activities."
“StuxNet does not steal money, send spam or steal confidential information,” says Eugene Kaspersky. - This malware was created to control production processes, literally to control huge production facilities. In the recent past, we fought against cybercriminals and Internet hooligans, now, I'm afraid, the time is coming for cyber terrorism, cyber weapons and cyber wars."
But the main target of hackers and cybercriminals today is still the United States, which has the most valuable, to be sure, secrets of a military, industrial and financial nature. According to US analysts, the number of cyberattacks on the IT systems of US government organizations tripled between 2005 and 2010. And the current head of the Pentagon's cyber command and chief of the NSA, General Alexander, even said at the hearings of the US House of Representatives Committee on Armed Forces that cyber weapons have an effect comparable to the use of weapons of mass destruction.
And for battles in a new war, the old methods of warfare are not suitable. So far, there is not even a clear definition of the very term "cyber war" and an understanding of when a cyber crime or hacker attack becomes an "act of cyber war against a sovereign state." Moreover, one of the main problems in ensuring cybersecurity is the extremely high complexity of identifying the exact source of a particular cyber attack. Without knowing the enemy "by sight" and its location, it is impossible to make a final decision on retaliation. A striking example of this is the situation with the sensational attack on the servers of 12 agencies and departments of the American government in July last year: initially Washington blamed the DPRK for this, but South Korean intelligence officers who tracked the directions of "digital strikes" soon established that the addresses from which the leadership was carried out " captured "computers, were located in 16 countries, including even the United States and South Korea. But the DPRK turned out to have nothing to do with it.
On the other hand, it is easier and cheaper to acquire cyber weapons and cyber troops than to create and purchase modern weapons, military and special equipment (AME), and prepare the required number of divisions. Especially if you do not form your own cyber divisions, but resort to the services of lone hackers or cybercriminals. For example, Stephen Hawkins, Vice President of Intelligence and Information Systems Development at Raytheon, estimates that for just a few million dollars, a government or organization can hire people with the cyber skills necessary to train the appropriate cyber troops and cyber weapons. And one of the former NSA employees, Charles Miller, even calculated that it would take only $ 98 million to organize a cyber structure capable of successfully attacking America and completely paralyzing US activities.
CORPORATIONS COMPETE
One of the "consequences" of increased attention from the US government and military to cybersecurity issues, in particular, was that American companies, which had previously specialized in contracts for aircraft, missile weapons, warships, tanks and military satellites, have actively taken up the latter time for a completely new business for them - cybersecurity.
"For us, this is one of the main promising areas," said Stephen Hawkins, Vice President of the Intelligence and Information Systems Development Division of Raytheon at a briefing with reporters. “We forecast the growth of the market by two orders of magnitude, its cost will amount to billions of dollars”. There is something to fight for - the cyber budget has reached $ 8 billion this year, and by 2014 it will grow to $ 12 billion. At the same time, if the annual increase in spending in other areas on average in the near term is 3-4%, then in terms of cyber security it will not less than 8% annually. The leading role in a new type of war, of course, is assigned to the military, they will also get the lion's share of the cyber budget: the Pentagon will receive more than 50% of the $ 8 billion in 2010.
According to John Sly of Input, a company that analyzes and market high-tech markets for the US government, the priority cybersecurity services that will be in demand by American law enforcement agencies in the near and medium term will be to identify and prevent unauthorized intrusions into information systems (networks), ensuring general information security of various units and structures of these departments, carrying out basic training of personnel of law enforcement agencies in the field of computer (information) security, routine maintenance of systems that ensure the differentiation of access to information, and so on. Naturally, you will need not only services, but also software or hardware. Moreover, the volume of customer requests, experts believe, will begin to grow in this area, as they say, exponentially.
Of course, such well-known companies as Lockheed Martin, Raytheon or Northrop Grumman on the international market for weapons and military equipment intend to take a leading position from the very first minutes of the cyber war among those who will undertake to support the warring parties - either one or, which is not excluded, both at once - with the appropriate means of cyber combat. Consequently, cyber defense developers must constantly be one step ahead of those who create attack methods.
For example, Lockheed Martin rely on a special technology, a kind of "information miracle weapon", with the help of which they will actually be able to create means that allow the military and law enforcement forces to get at their disposal cyber weapons that can withstand a cyber threat that has not yet appeared and is unknown to analysts.
Another priority area is the creation of such software and such hardware, which, being struck as a result of a cyberattack from the enemy, will be able to recover themselves to their original operational state.
Specialists from another company, Raytheon, have also recently intensified their efforts to reclaim their niche in the promising cybersecurity market. One of the areas of her work is the creation of tools that can effectively identify gaps in IT security systems of the so-called zero-day (zero-day detection). The "Raytheon" emphasizes that today the fight against cybercriminals proceeds mainly according to one scenario: antivirus programs have massive databases with already known various malicious programs and check all information entering the system (network) for the presence of these most famous "enemies. ", After which they begin to fight them. In addition, suspicious "pieces" of information that can be malicious programs are identified. And now one of the company's divisions is already engaged in software that will be able to more effectively identify viruses that are still unknown and not included in the catalog, and not only identify, but immediately take counter-actions in an automatic mode. By the way, Raytheon believes that success can be achieved here due to the wider introduction of elements of artificial intelligence into cybersecurity systems.
However, any cybersecurity system requires testing to confirm its functionality. It is impractical and highly unsafe to test them on customers' working systems, so Lockheed Martin and Northrop Grumman corporations have already put into operation special cyber polygons.
MAIN ENEMY
Whom does Washington see as its main potential cyber adversary? Quite predictable - China is undoubtedly the leader among the top ten countries from whose territory attacks on America's computer networks are regularly carried out. At the same time, as one of the leading US cybersecurity experts Kevin Coleman notes, Beijing is acting "quietly and secretly" here, gradually and systematically "pumping out" military, political and economic information of varying degrees of importance. According to American cyber defenders, this style of action of China makes it a much more dangerous cyber adversary than Russia, which is considered by the West to be “certainly guilty” of massive cyber attacks on Estonia (2007) and Georgia (2008).
As an example of the high degree of danger of Chinese cyber soldiers, they usually cite a series of successive hacker attacks carried out in 2003 and received the designation "Titanium Rain", during which the resources of Lockheed Martin Corporation, the Sandia National Laboratory (one of the the largest nuclear research centers in the United States), the Redstone Arsenal (Rocket and Space Center of the US Army), as well as NASA computer networks.
According to Lary Worzel, one of the former officers of the US Army's digital fortress garrison, the attack was carried out by Chinese hackers in the civil service, whose "trophies" then became a significant number of instructions, technical descriptions, design and design documentation, as well as other information constituting the state. military and commercial secrets of America. The damage was minimally estimated at several hundred million dollars.
True, according to the analytical report of Kaspersky Lab published at the end of May this year, the list of countries from whose territory the largest number of hacker attacks are carried out, according to the results of the first half of the year, looked like this: USA (27.57%), Russia (22.59%), China (12.84%) and the Netherlands (8.28%).
Yet the cries of a "Chinese cyber threat" are growing louder in the United States. And in November last year, representatives of the US expert community sent a report to Congress, in which they cited numerous data that viruses, "bookmarks" and various malicious programs of "Chinese origin" were found in significant numbers in the computer networks of American oil and gas companies., telecommunications and financial companies. According to the authors of the report, the scale of the PRC's cyberwar has grown from isolated attacks to continuous large-scale and well-planned and interconnected "frontline operations."
The Chinese cyber threat has so much agitated Washington that it was decided to prepare a special report on the topic - in November last year, the Commission for the Study of Economic and Security Issues in US-China Relations presented the results of its study to Congress. Among other things, it was indicated there - today in China there is a three-tier system of cyber warfare:
- the first level is actually highly qualified cyber soldiers of the PLA, who will start cyber attacks of aliens and cyber defense of their computer networks with the start of hostilities (declaration of war);
- the second level - groups of civilian or paramilitary cyber warfare specialists working in Chinese public and private corporations and various institutions or other organizations of a similar nature that also work for the military and with the outbreak of war will be mobilized into the PLA cyber troops, but today, in peacetime conducting constant "intelligence" attacks on computers of government and leading business structures of countries - potential opponents (rivals) of the Celestial Empire;
- and, finally, the most numerous third level - the army of "patriotic hackers" who constantly practice their "skills" on the computer networks of other countries, mainly the United States.
However, the authors of the report found it difficult to answer the question: is the Chinese government running this army of "red hackers"?
While the US Congress is studying the report on the PLA's cyber capabilities, the Chinese military are guided by essentially the same strategy that their overseas rivals adhere to. As reported in July 2010 by the Chinese media, the PLA command decided to establish an information security department in the Ministry of Defense of the PRC, a kind of analogue of the American cyber command. For the main task, which, according to the official representative of the Chinese Defense Ministry, is assigned to the new structure is to ensure the cybersecurity of military computer networks at all levels.
A sparse official announcement of this fact was made on July 19. And earlier, interestingly, the PLA command banned servicemen from creating their personal pages on the Web or keeping blog entries - the ban even extends to servicemen who quit.
ON THE APPROACH TERRORISM
Another source of threat is cyber terrorism, which is still the lot of Hollywood "horror stories", but, according to experts, is capable of becoming a reality in the very near future and present very unpleasant "surprises" to both the government and society as a whole. Terrorists today use cyber weapons primarily to gather information they need, steal money, and recruit reinforcements. While they are striving to commit high-profile bloody actions in order to shock the public of this or that country.
However, according to experts, if extremists resort to cyber terrorism, this in some cases can lead to large-scale disasters. For example, the disruption of air control systems or train traffic, according to IT security experts, is fraught with consequences no less dire than bomb explosions on planes or trains. Therefore, although the intelligence services are actively preparing to counter attacks by cyber terrorists, the more real threat, at least in the experience of the United States, is so far common - national or international - cybercrime: in developed and not-so-so countries, most of the robberies of banks, companies, and even individuals occur no longer with the help of a pistol, crowbar, baton, knife or brass knuckles, but with the use of computers and other modern electronic devices.
In conclusion, the following should be noted. Realizing that the US Department of Internal Affairs and the IT security departments of government organizations and the business sector themselves will not cope with a large-scale external cyber threat, the Pentagon leadership changed its mind on this issue. Last year, shortly before the official announcement of the creation of the cyber command, Deputy Secretary of Defense William Lynn openly declared his department's "unwillingness" to protect non-military computer networks. However, within the framework of the new Cyber Strategy 3.0, representatives of the Ministry of Defense noted, directions for the phased provision of cyber defense are reflected not only for all Pentagon facilities, but also for federal institutions and large companies. True, so far only those who fulfill orders of the US armed forces.
