informa
/
Commentary

Cyberwar Part 1: What IT Can Do To Survive

Are we at risk of being victims or casualties in a government cyberwar? In the first of this three-part series, we explore what the experts say about the current state of cyberwar -- and what it means to IT departments everywhere.
10 Skills CIOs Need To Survive, Thrive In 2016
10 Skills CIOs Need To Survive, Thrive In 2016
(Click image for larger view and slideshow.)

(Continued from page 1)

cyber-physical systems (CPS), where computers control physical things such as electrical grids, dams, and other utilities; IoT systems in manufacturing and elsewhere; and connected car systems.

Business continuity planning is no longer a back-burner nicety but a necessity, since it is the survival plan not only for the organization, but perhaps for the country too.

"This [coordinated attack approach] would require an incredible amount of coordination, sophistication, and luck," Venable told InformationWeek. "But the example makes it easy to see how three attacks that we've seen work already could come together to create a perfect storm of chaos -- and it could be made worse by coordinating it with physical attacks."

Are China and Russia the true culprits?

It's obvious that any one of the federal hacks previously cited delivers a chilling amount of information to any adversary -- but especially to a well-funded, well-armed, and very motivated state aggressor. Who got the data? Was it China or Russia, as the White House has repeatedly asserted? How can we really know who did it?

Cyber-security experts say that attacks are so complex that it's impossible to say with certitude who the attacker actually is. Yet the President has named a nation-state as the culprit in many cases, and so have others in the government.

There are even specific individuals named on the FBI's Cyber's Most Wanted list, including five members of the People's Liberation Army of the People's Republic of China.

Even so, President Obama walked back his assertion that China was behind the OPM hack.

Which is it? Does the government know that China is behind the OPM and other hacks or not? If it does, how exactly does it know that? Can IT and cybersecurity experts learn to identify attackers by those means as well?

[What's your disaster response plan? Read Crisis Response: 6 Ways Big Data Can Help.]

"There's no doubt nation-states are doing this," Rear Adm. (ret.) Ken Slaght told InformationWeek. The US Navy retired rear admiral was Commander of the Space and Naval Warfare Systems Command, where his duties included delivering and maintaining computer and intelligence systems (C4I). Slaght is currently co-chair and president of the nonprofit San Diego Cyber Center of Excellence (CCOE).

"I'm about 90% sure that the government does know exactly who is behind each of these hacks," he said. "The government has the advantage of all the rest of its intelligence operations to assist in tracking down the aggressors, on top of its abilities in digital tracking and surveillance. People tend to forget that the country has a lot of intelligence to work from."

There's the rub. To prove that China or Russia is behind any given attack in an international court or in the public's eye means revealing exactly how the US knows for certain. Hence the President's careful and public walk-back from blaming China.

Yes, that means the government isn't going to share this information with IT in the private sector. This reticence isn't going to help already strained relations between IT, including its cyber-security brethren, and government agencies. For decades private companies have complained about the federal government's unwillingness to share threat information.

Given IT's increasing defense role in protecting the country, the government's reluctance to share threat details no longer chafes -- it's outright hobbling the defenders.

It's left to IT to assess and understand the danger on its own. The vital question remains: Are we already in the early days of a cyberwar -- or in a cold war of sorts that could one day take us to the brink of a physical war?

"The probability of cyberwar is directly linked to the likelihood of war in general. It must not be viewed as stove-piped and distinct from the geopolitical context," Endgame's Limbago told InformationWeek. "In the near future the likelihood of war between the US and a major power like China is not very high; rather, cyber-operations will continue to focus on espionage campaigns and reconnaissance efforts."

In any case, all 57 experts polled and interviewed for this series agree that, whether the threats come from nation states or terrorists, the threat in the physical world is real and imminent. It is only the timing that's in question.

"At the end of the day, I'm not sure how much difference it makes as to who caused the devastation if we end up addressing it after the fact," says Slaght. "As it is, it doesn't take much sophistication to create considerable damage and chaos. Because of that, we'll probably end up combatting terrorists first, which will then amount to a big part of our future protections from nation states."

Meanwhile …

"Remain calm. We can't turn the clock back, but we must adapt more quickly and better than our adversaries," advises Whitley. "We are at war, but it is a winnable war if we can better coalesce as a society in acknowledging the problems and vulnerabilities we will face today and tomorrow."

For IT, it's time to occupy the battle stations in earnest.

[In part 2 of this series, learn how the private sector is at risk from government cyberattacks.]

**New deadline of Dec. 18, 2015** Be a part of the prestigious InformationWeek Elite 100! Time is running out to submit your company's application by Dec. 18, 2015. Go to our 2016 registration page: InformationWeek's Elite 100 list for 2016.