In mid September 2012, The New York Times’ computer systems were infiltrated by a series of cyber attacks traced to Chinese hackers. Reporters’ passwords were stolen and sensitive information was breached.[1] The Chinese government denied any responsibility. Since then, there have been multiple reports of Chinese hackers infiltrating other American news organizations, such as The Washington Post, Bloomberg News and the Wall Street Journal.[2] This outbreak of cyber attacks does not reflect a new method of warfare and espionage, but a growing global phenomenon beginning in the 1990s.
The Department of Defense (DOD) categorizes a cyber threat as either a cyber attack or cyber espionage. A cyber attack aims to manipulate or disrupt data, while cyber espionage aims to steal data.[3] The U.S. government became aware of the depth of its vulnerability to cyber threats in 1997 through the ‘Eligible Receiver’ test run by the DOD. In this test a team of hackers were organized to infiltrate the Pentagon using only publically available computer equipment and hacking software. With these limited resources they were able to take control of the U.S. Pacific Command Center computers, power grids and 911 systems in nine major U.S. cities.[4] Despite this astonishing feat, the United States did not begin large-scale defensive precautions against cyber threats until after 9/11. Driven to action by the 9/11 terrorist attacks, a group of concerned scientists wrote a letter to President Bush, warning him about the power of cyber threats and urging him to implement a strong cyber defense policy.[5] They were not alone; congressional reports, academic papers and books were published on the threat of cyber terrorism. This was fueled by a fear that we may someday experience a “cyber 9/11” and be helpless at the hands of terrorists.[6]
Since 1997, cyber threats have escalated to an international scale. One clear example is the computer worm known as Stuxnet. Under codename Olympic Games, the United States and Israeli governments are believed to have released Stuxnet around 2007. This worm attacked Iran’s nuclear facilities by targeting centrifuges at Iran’s Fuel Enrichment Plant at Natanz.[7] Later in 2009, Google, Yahoo, Morgan Stanley and dozens of other organizations, came under cyber attacks, collectively termed Operation Aurora. These attacks seemingly originated from China, though the Chinese government claimed this accusation was part of a U.S. government conspiracy. The cyber security company McAfee said the primary goal of Operation Aurora was to gain access to and modify source code repositories. Source code is a text listing of commands that is assembled into a useable computer program. Once a hacker has the source code they can understand how a computer program was constructed and therefore can identify and exploit weaknesses. Depending on what weaknesses are found the hacker has the potential to access important information.[8]
These examples reflect why cyber threats have become an appealing tool for sabotage. Cyber attacks and cyber espionage can cause extensive damage and widespread fear with minimal risk because a hacker can mask their location. Through hacking, a terrorist or government could in theory gain access to electricity grids, water supplies, cell phone networks, banks and classified government information.[9] Another appeal of using cyber threats is that many computer security systems are vulnerable.[10] Even if proper protective measures are taken, cyber viruses, worms and bots are continually becoming more complex, powerful and destructive. It’s not the volume of cyber threats that has the U.S government worried; rather it’s the sophistication.[11]
These cyber threats have prompted the U.S. government to develop advanced protection systems. The Defense Advanced Research Projects Agency, a section of DOD responsible for the development of military technology, has begun a new cyber warfare project entitled “Plan X.” The purpose of Plan X is to make cyber warfare a more regular part of military operations. It will help plan and launch online strikes, target and assess damage of malware and create a “digital battlefield map,” which constantly tracks the flow of information.[12] Additionally, Keith B. Alexander of the Pentagon’s Cyber Command announced the creation of thirteen offensive teams to combat cyber threats. This project, to be completed in 2015, will take offensive measures to combat destructive attacks over the Internet that threaten national security.[13] Congress is also taking cyber threats seriously by reintroducing the Cyber Intelligence Sharing and Protection Act. In 2011, this act passed in the House, but not in the Senate.[14] It was initially voted down in the Senate due to fears of infringing on civil liberties and Internet privacy. If passed, this act will allow the U.S. government and certain companies to share Internet traffic information. Sharing information will increase transparency allowing the government to target potential cyber threats.[15]
Though Congress is divided on the bill, the U.S. government is firm on its recognition of cyber threats as an important issue. In March 2013, James R. Clapper, Director of National Intelligence of the Senate Select Committee on Intelligence, released a report on the prevalent global danger of cyber threats.[16] Keith B. Alexander of the Pentagon’s Cyber Command named cyber threats as one of the top security issues in the country. Former National Coordinator for Security, Infrastructure Protection, and Counter-terrorism for the United States, Richard Clarke, stresses that vast amounts of infrastructure are controlled by the Internet and thus susceptible to cyber threats.[17] Therefore the consensus among leading experts and government officials affirms that cyber threats have become a major factor in the future of global warfare.
[1] http://www.nytimes.com/2013/01/31/technology/chinese-hackers-infiltrate-new-york-times-computers.html?pagewanted=all
[2] http://www.nytimes.com/2013/02/02/technology/washington-posts-joins-list-of-media-hacked-by-the-chinese.html
[3] http://www.defense.gov/news/newsarticle.aspx?id=119500
[4] http://www.pbs.org/wgbh/pages/frontline/shows/cyberwar/warnings/
[5] http://www.pbs.org/wgbh/pages/frontline/shows/cyberwar/etc/letter.html
[6] http://www.pcmag.com/article2/0,2817,2392642,00.asp
[7] http://www.cbsnews.com/8301-202_162-57571533/symantec-stuxnet-cyberweapon-older-than-previously-believed/
[8] http://www.wired.com/threatlevel/2010/01/operation-aurora/
[9] http://www.nytimes.com/2012/07/27/us/cyberattacks-are-up-national-security-chief-says.html
[10] http://www.washingtonpost.com/opinions/five-myths-about-chinese-hackers/2013/03/22/4aa07a7e-7f95-11e2-8074-b26a871b165a_story.html?hpid=z2
[11] http://www.cnbc.com/id/48899535
[12] http://www.washingtonpost.com/world/national-security/with-plan-x-pentagon-seeks-to-spread-us-military-might-to-cyberspace/2012/05/30/gJQAEca71U_story_1.html
[13] http://www.defense.gov/news/newsarticle.aspx?id=119506
[14] http://clerk.house.gov/evs/2012/roll192.xml
[15] http://www.wired.co.uk/news/archive/2012-04/24/cispa