Is cyberwar coming?

The United States relies on agents like Gregory Garcia of the Department of Homeland Security to keep America safe from cyber attacks. See more computer hardware pictures.
Scott J. Ferrell/Congressional Quarterly/Getty Images

Listen up, soldier! Not every battle takes place over rugged terrain, on the open sea or even in the air. These days, you'll find some of the fiercest fighting going on between computer networks. Rather than using bullets and bombs, the warriors in these confrontations use bits and bytes. But don't think that digital weaponry doesn't result in real world consequences. Nothing could be further from the truth.

Consider all the different systems in the United States connected to the Internet:


  • Emergency services
  • Financial markets and bank systems
  • Power grids
  • Water and fuel pipelines
  • Weapons systems
  • Communication networks

That's just the beginning. Think about all the services and systems that we depend upon to keep society running smoothly. Most of them run on computer networks. Even if the network administrators segregate their computers from the rest of the Internet, they could be vulnerable to a cyber attack.

Cyber warfare is a serious concern. Unlike traditional warfare, which requires massive amounts of resources such as personnel, weapons and equipment, cyber warfare only needs someone with the right knowledge and computer equipment to wreak havoc. The enemy could be anywhere -- even within the victim nation's own borders. A powerful attack might only require half a dozen hackers using standard laptop computers.

­Another frightening aspect of cyber warfare is that a cyber attack can come as part of a coordinated assault on a nation or it could just be a malicious hacker's idea of a joke. By the time a target figures out the nature of the attack, it may be too late. No matter what the motive, cyber attacks can cause billions of dollars in damages. And many nations are woefully unprepared to deal with cyber attacks. With that in mind, the question isn't will there be a cyberwar -- the question is when will there be one?

Some people might argue that the cyberwar is already here. In fact, based on attacks perpetrated daily against the United States and other nations, the first real cyberwar began back in the late 1990s. Let's take a look at some famous "battles" in cyber warfare over the last decade in the next section.


Cyberwars Around the World

The 2005 Infocomm security conference in Singapore
Roslan Rahman/AFP/Getty Images

Although the Internet has been around for a few decades, it's still a relatively young technology. It's also an extremely useful technology. Governments, corporations and ordinary citizens adopted Internet technology very quickly. Before long, entire industries and government services became dependent upon the Internet to function. The problem is that on the whole, the Internet and the systems connected to it aren't very secure. There are many ways to exploit vulnerabilities and infiltrate systems. Internet security hasn't been able to keep up with adoption and use.

Some people recognized the inherently dangerous nature of the Internet fairly early on. In 1997, the Department of Defense commissioned an experiment codenamed Eligible Receiver. While most of the details regarding Eligible Receiver remain classified, the main purpose of the exercise was to see if a group of hackers using readily-available computers and software could infiltrate the Pentagon's computer systems. The results were sobering -- according to John Hamre, the deputy secretary of defense at the time, it took three days before anyone at the Pentagon became aware that the computer systems were under attack [source: Frontline].


The team of hackers gained control of Pentagon and national military command systems. A real attack could have caused the computer systems to shut down. Even more discomforting was the thought that the attackers could access and steal information.

In fact, it seems that a real adversary managed to do just that only a year later. In an attack that the U.S. government called Moonlight Maze, someone managed to penetrate multiple computer systems at the Pentagon, NASA and other facilities and access classified information. U.S. officials discovered the probing attacks by accident in 2000 after going unnoticed for two years [source: Frontline]. The pilfered data included strategic maps, troop assignments and positions and other sensitive info. Government agents were able to trace the attacks back to Russia, but it's impossible to say if that was their true origin.

The United States isn't always on the defense in cyber warfare. The U.S. has used cyber warfare strategies against Iraq and Afghanistan. During the Kosovo war, the U.S. used computer-based attacks to compromise the Serbian air defense systems. The attacks distorted the images the systems generated, giving Serbian forces incorrect information during the air campaign. Security agents are also working to infiltrate terrorist cells and monitor them remotely.

Recently, cyber warfare played a role in the conflict between Russia and Georgia. Hackers attacked Georgian Web servers with a series of distributed denial of service attacks (DDoS). Essentially, a DDoS involves sending millions of pulses called pings to a Web server. The server becomes overwhelmed trying to respond to the pings and eventually slows or even crashes. The identity of the attackers is still unknown -- it could have been anyone from Russian agents to mafia hackers to someone who wasn't even involved with the conflict.

The list doesn't stop there. Some suspect that North Korea has used cyber attacks on South Korea. There are rumors that China uses cyber attacks against Taiwan. The terrorist organization Al Qaeda has even declared a cyber jihad on the U.S. In many cases, proving one nation is actively using cyber attacks on another is impossible.

What does a cyberwar look like? In the next section, we'll take a closer look at some of the strategies cyber warriors use.



Cyberwar Battle Strategies

Israel's government hired hacker Avi Buzaglo to help protect the nation against a cyber attack.
Brian Hendler/Liaison/Getty Images

While there are many different cyberwar scenarios we could look into, in general you can break down the strategies into two major categories. Let's take a look at each one in detail.

The first major strategy is the Pearl Harbor attack, named after the surprise attack on the naval base at Pearl Harbor, Hawaii, in 1941. This kind of attack involves a massive cyber assault on major computer systems. Hackers would first infiltrate these systems and then sabotage them. They might shut down part or all of a nation's or attack water and fuel lines.


Another approach is to use computer viruses to do the dirty work. Viruses like Code Red, Slammer and Nimda spread rapidly across the Internet. Code Red directed infected computers to attack the White House Web site. These viruses caused billions of dollars worth of damage as companies and governments had to repair computer systems affected by the viruses. Viruses offer hackers a low-risk/high-reward attack because it can be difficult to track down the programmers who unleash them.

Pearl Harbor attacks can be frightening all on their own, but some security experts worry that enemies could coordinate a cyber attack with a physical assault. Imagine your city's power supply winking out in an instant, and within moments you hear the sound of explosions going off in the distance. Such an attack could not only cause a lot of damage, it would be a powerful psychological tactic. Some experts worry that terrorist organizations like Al Qaeda are working on plans that follow this strategy.

­The other method of attack is much more subtle but just as dangerous. Instead of committing a massive cyber assault, the enemy would infiltrate computer systems and just watch and wait. This strategy involves spying and r­econnaissance. The key is to avoid detection and gather as much information as possible. The enemy could use that information to target weak points in the victim nation's infrastructure.

A hacker who has managed to infiltrate a system can also sabotage that system in a more gradual way that avoids detection. By tweaking lines of code in subtle ways, the hacker can make systems less accurate and less reliable over months or even years. This long-term strategy might eventually lead to the system becoming completely unreliable or unresponsive. This method takes longer to implement than a Pearl Harbor attack but it's also more difficult to detect and prevent or repair.

A hidden hacker could even insert computer viruses into an infiltrated system. Not all viruses attack instantaneously. Some hackers build in triggers that they can activate with a manual command. Others use time-activated triggers that will release a virus on a certain date.

How can nations defend against cyber warfare? Find out in the next section.


Cyberwar Defenses

Then-U.S. President Bill Clinton spoke at a 1999 conference focusing on cyber terrorism. See more president pictures.
Stephen Jaffe/AFP/Getty Images

­Because cyber warfare is so different from traditional warfare, you can't rely on the same rules you'd use in a physical conflict. With the right techniques, a hacker can make an attack practically untraceable. It's not hard for a skilled hacker to create an entire army of zombie computers -- machines infected with a program that allows the hacker to control the computer remotely. A person owning one of these infected computers might not be aware of the intrusion at all. If a computer system comes under attack from an army of zombie computers, it might not be possible to find the hacker ultimately responsible.

Part of preparing for a cyber attack is to educate citizens around the world. The importance of computer security can't be overstated. A combination of the right antivirus software and a careful approach to Internet activities can help prevent hackers from gathering the resources they need to mount an offense in the first place.


Security experts like Richard Clark, former cyber security advisor to the United States, say that part of the responsibility falls on software companies. He has said that software companies often rush products to market without putting them through a rigorous quality control phase. In particular, he criticized Microsoft for its practices. Since then, Microsoft claims it spends more time and resources making sure its products have strong security features [source: Frontline].

Why release products that aren't secure? The issue isn't as clear-cut as we might like. There's an economic tradeoff when companies take more time to look into security issues before releasing a product. The longer the production cycle, the more money the company has to spend. That puts software companies in a difficult position. Should they increase the price of their products, which can hurt the consumer? Should they keep the price the same and absorb the added development costs, which hurts their investors? Should they cut costs elsewhere by lowering salaries, which hurts their workforce? The reality is that an increased focus on security will result in an impact on the bottom line of the business. If companies feel the risk of a security breach is low, it's possible that they'll ignore the possibility entirely.

Another thing to consider is that private companies own most of the Internet's infrastructure. Unless the government implements regulations, it's up to these private companies to ensure the safety of their networks. Even experts like Richard Clark have said that regulation is not the right decision -- he argues that it inhibits innovation and lowers the bar for security across all industries.

Most industries and governments employ security experts who monitor their respective computer systems constantly. They are responsible for detecting probes and intrusions and reacting to them. Security experts like John Arquilla, an associate professor at the Naval Postgraduate School, and John Hamre, CEO and president of the Center for Strategic and International Studies, have said that a Pearl Harbor attack would probably not cause widespread destruction, in part because we've learned to detect and respond to attacks quickly [source: Frontline]. While an attack might still be successful, they say that the recovery period would be relatively short. Governments and companies should still try to seal any security holes they might have, but it's not likely that a massive attack could cripple major systems for a significant period of time. Other experts are less certain -- they caution that a well-organized assault could take us by surprise and hit enough systems to cause widespread economic damage.

While it might not be obvious to us in our every day life, there's no doubt that cyber warfare is going on right now between nations and factions around the world. So is cyberwar coming? It may already be underway.

To learn more about cyber warfare and other topics, try invading the links on the next page.


Lots More Information

Related How Stuff Works Articles
More Great Links

  • Cybertelecom. "CyberWar." (Sept. 30, 2008)
  • DeAngelis, Gina. "Cyber Crimes." Chelsea House Publishers. Philadelphia. 2003.
  • Encyclopedia Britannica. "Computer security." 16 Oct. 2007. (Sept. 30, 2008)
  • Germain, Jack M. "The Winds of Cyber War." TechNewsWorld. Sept. 16, 2008. (Oct. 1, 2008)
  • Kirk, Michael. "CyberWar!" Frontline, PBS. April 24, 2003. (Oct. 1, 2008)
  • Knittel, John and Soto, Michael. "Everything You Need to Know About The Dangers of Computer Hacking." Rosen Publishing Group, Inc. New York. 2000.
  • Lamb, Gregory M. "Anatomy of a cyberwar in Georgia." The Christian Science Monitor. Aug. 13, 2008. (Sept. 30, 2008)
  • Markoff, John. "Before the Gunfire, Cyberattacks." New York Times. Aug. 12, 2008. (Sept. 30, 2008)
  • Markoff, John. "Georgia Takes a Beating in the Cyberwar With Russia." New York Times. Aug. 11, 2008. (Sept. 29, 2008)
  • Waterman, Shaun. "U.S. urged to go on offense in cyberwar." The Washington Times. Sept. 29, 2008. (Oct. 1, 2008)