Anthony Doesburg: Cyber war risk is here and now, author claims

By Anthony Doesburg

Others dispute danger, but agree on the need to be prepared for attack.

Counter-terrorism expert Richard Clarke has tried before to draw attention to an imminent attack. Clarke, a former Bush Administration adviser who warned of the threat posed by al-Qaeda months before the World Trade Centre was brought down, is now attempting to ramp up fear of cyber warfare.

In Cyber War, a book Clarke co-wrote last year sub-titled "The next threat to national security and what to do about it", there are numerous dire examples of US vulnerability to internet-borne attacks. The very sophistication of US military and civilian infrastructure makes it more susceptible than many of its potential foes to cyber war, write Clarke and co-author Robert Knake.

With France and Britain reporting cyber attacks in the past couple of weeks, Clarke could be worth heeding.

He hasn't always got things right. According to the BBC, the 30-year veteran of successive US governments initiated a cruise missile strike in Sudan that was intended to hit an Osama bin Laden chemical weapons plant. The target turned out to be a medicine factory.

And US-based security expert Bruce Schneier, who thinks the threat of cyber war is exaggerated, reckons the book suffers from "a lot of fear-mongering and hyperbole".

Still, he largely agrees with the writers' outline of what needs to be done to reduce the threat of cyber attacks.

Clarke's history near the centre of power goes back to early nuclear arms reduction talks with the USSR. That provides him with a perspective on the cyber threat that differs from the more commonly heard views of technologists.

At the beginning of the nuclear weapons era, the US defended its cities by ringing them with missiles. In contrast, "At the beginning of the age of cyber war, the US Government is telling the population and industry to defend themselves."

That's in a context of having connected more of its economy than any other nation to the internet. China, identified by Clarke and Knake as a leader in cyber warfare capability, is far ahead of the US in being able to defend itself from cyber attack, with "both the power and the means to disconnect China's slice of the internet from the rest of the world".

On China's offensive record, they write: "The extent of Chinese Government hacking against US, European and Japanese industries and research facilities is without precedent in the history of espionage."

Chinese hackers have the benefit of intimate knowledge of Microsoft's software and fellow American networking company Cisco's hardware, providing them with the means to plant "logic bombs" - programs that cause systems to self-destruct - inside key US infrastructure, such as the national power grid.

Schneier dismisses such claims as "exciting and scary stuff, but not terribly realistic".

Still, Chinese telecommunications equipment maker Huawei, an increasingly important supplier in New Zealand, and implicated in Clarke's book, was moved to run a full-page ad in the New York Times three weeks ago calling for a formal investigation to clear its name.

Israel, France, Taiwan, Iran, Australia, South Korea, India, Pakistan and several Nato states also rate as cyber warriors, and Russia runs "one of the best" hacker schools in the world.

For overall cyber war strength, the US is ranked fifth behind Iran, China, Russia and top-scoring North Korea, which although having comparatively weak offensive capability, ranks highly on defence and lack of dependence if attacked.

Clarke and Knake suggest a "defensive triad" to reduce US vulnerability. They recommend that:

* Tier 1 internet service providers, such as AT&T, introduce systems for inspecting the content of internet traffic as it traverses their networks

* Electricity grid control systems be on a network separate from the internet

* The Department of Defence beef up network security, after a Russian infiltration in November 2008.

Schneier, chief of security technology at BT and writer of the Crypto-Gram newsletter, "disagrees strongly" with the authors on how to respond to the threat, but agrees a response is necessary. "The two parts of that triad currently in commercial hands are simply too central to our nation, and too vulnerable, to be left insecure," says Schneier, who, like Clarke and Knake, thinks government regulations are called for.

In a New Zealand setting, says Brendan Boyle, the country's chief information officer, keeping cyber terrorists at bay falls to the Government Communications Security Bureau and intelligence agencies.

"Organisations are coming under attack all the time and that's why you have industrial-strength solutions in place for protection. So none of us can afford to be naive about it."

Cyber War is certainly a jolt for anyone who hasn't given much thought to what's at stake.

Anthony Doesburg is an Auckland technology journalist

- NZ Herald

Get the news delivered straight to your inbox

Receive the day’s news, sport and entertainment in our daily email newsletter


© Copyright 2016, NZME. Publishing Limited

Assembled by: (static) on production apcf03 at 10 Dec 2016 07:25:13 Processing Time: 560ms