Will 2012 REALLY be the year of the cyberwar?
Much has been made of prospects for a cyberwar. Many believe we're already in one. So what are security practitioners to do as they plan for 2012?
By Bill Brenner , Managing Editor
November 21, 2011 — CSO —
The cyberwar discussion is mired in confusion.
What defines an act of cyberwar? Is it a sophisticated hack from China or Russia that shuts down the U.S. power grid? Is it a rogue group like Anonymous breaking into government sites? Is it all the spying China has been doing for several years now? And what about Stuxnet and Duqu? Were those creations an act of war by the U.S. and Israel against Iran? Does a cyberwar involve government and military sites only or does it include the networks of private enterprise as well?
Related material: Security Upgrades Needed with Growing Cyberwar Threats
The debate will continue to limp along in 2012. Don't expect a clearer definition, because you probably won't get one. Still, on a much smaller, targeted scale, we have plenty of evidence that online battlefields between nations isn't beyond reality. Instead of waiting for the perfect metrics and verbiage, we may as well accept that the tools and know-how exist for cyberwar and plan our defenses accordingly.
Spy vs. spy
Clearly, governments have been using hackers to spy on other countries via weaknesses in computing infrastructure for years now. Back in 2009, colleague Grant Gross wrote about cyberspies from China, Russia and elsewhere gaining access to the U.S. electrical grid and installing malware tools designed to terminate service. One could interpret those actions as an act of war, though it's difficult to know for certain what the motives are.
Just a couple weeks ago, colleague Jeremy Kirk wrote about a report in which the Office of the National Counterintelligence Executive warned of more aggressive spying in the coming months. Specifically, he wrote, the U.S. can expect more aggressive efforts from countries such as Russia and China to collect information through cyberespionage in areas such as pharmaceuticals, defense and manufacturing
"Chinese actors are the world's most active and persistent perpetrators of economic espionage," the report said. "Russia's intelligence services are conducting a range of activities to collect economic information and technology from U.S. targets."
Lack of preparedness
CSO correspondent George V. Hulme has spent a lot of time researching the issue this past year. In one article, he asks, "If Stuxnet was an act of cyberwar, is the U.S. ready for a response?"
The short answer from security experts was no.
"The biggest challenge we face isn't that we're not ready for a Stuxnet. The biggest problem we face is that we're not really ready for anything. If you were to do a pen test -- and there's plenty of research out there to support this -- most utility companies are extremely vulnerable," says Eric Knapp, director of critical infrastructure markets at NitroSecurity.