When I began a while back to generate a study of interesting cyber attacks to see if there were any common themes and to perhaps make some attempt at generating a chronology of such activity and it’s evolution, I ran across Minihan’s comment “Peace really does not exist in the Information Age“. That pretty much summed up my findings.
Rather than cyber-war, or cyber-terrorism, perhaps cyber-espionage or some other equally sexy title, I thought I’d abstract things a bit here and title this post based on that insightful comment from Lieutenant General Kenneth Minihan’s 1998 U.S. Senate testimony. Minihan, then Director of the National Security Agency/Central Security Service (NSA/CSS), carried a common message about how threats had forever changed as a result of the “Information Revolution”.
As summarized in this TISS report, he talked about the blurring role of nation-state sponsored activities, erosion in distinction between civilians and soldiers and a “diffusion of threats with perpetrators of crimes harder to locate“. Minihan spoke about “how existing paradigms for war and conflict will no longer be appropriate“, “how the term “nation”, a concept pivotal to current thinking about the laws of conflict, will become obsolete“, and “what is an “attack” in the context of cyberspace?”
We’re certianly seeing this today, in the media spotlights surrounding the Estonia attacks, the recent attacks on the Pentagon, and so forth. As a matter of fact, as I attempted to put together some chronology on cyber conflict, I found it to be a daunting task worthy of far more time than my schedule permits.
The more I looked, the more such activity surfaced, with a full spectrum of motivators from which to take your pick. Nearly any newsworthy event is now accompanied by cyber activity of some sort. Michael A. Vitas of Institute For Security Technology Studies at Dartmouth College provides an interesting analysis, albeit a bit dated, of where cyber attacks accompany physical violence, and provides a detailed analysis and case studies of four such events.
I compiled a slew of notes on examples of cyber attacks I’ve come across, most of these associated primarily with Internet-based activities (versus, say, isolated SCADA or PCS systems). I was planning to categorize these attacks based on motivators or suspected sponsors, but instead I’ll provide a subset of my list here, and note that my entire list is clearly more incomplete than I’d ever imagined, and largely U.S. centric.
Some of the interesting presumably geopolitical attacks over the past decade or so include, but are certainly not limited to:
Some presumably less politically motivated attacks that attracted a great deal of attention include:
And l’est we not forget, some notable worms and viruses with attack vectors and [not so] questionable motivators:
The above is in no way a comprehensive list, a full study of such attacks, the impact, and the motivators would be quite interesting, and quite an undertaking. More and more on the commercial front attacks are motivated by financial gain, either directly from extortion, or as retaliation of some sort. The continued anti-spam and anti-bot attacks such as those directed at the likes of Castle Cops and Spamhaus, in response to impacting otherwise streamlined cybercrime activities, illustrate the completion of an underground cybercrime economy and botnet eco-system.
The Internet’s ability to enable asymmetric warfare, providing maximum effect and reach, is clearly one of its most attractive characteristics for any attacker, independent of their motivation. As more and more critical services and economies are reliant on networked systems and the Internet, the criticality of their availability and security grows.
If you believe cyber war, given even the most strict definition (of which I’m not entirely sure what that is), is inconceivable, well, I suspect you’ll one day appreciate that your government, whichever government that may be, is slightly more attune to the threat.
Either way, I tend to agree, peace really doesn’t exist in the Information Age.