London, UK - 30 May 2007, 22:04 GMT
- Eight years after
initial forecast, and 11 years after we began to do research
into the vulnerability of the fragile digital environment, the world has arrived
at the predicted precipice with a quantum jump via the Estonia-Russia Cyber
War in May 2007, with a significant degradation to the Estonian digital eco-system
and infrastructure for a protracted period of nearly one month. During this
period of cyber war, the native defence forces, government departments, businesses
and individuals all suffered over and beyond their imagination by way of expectations
for digital services' reliability, availability and sustainability in the
event of adversity.
Dear ATCA Colleagues
Re: Cyber Warfare -- Beyond Estonia-Russia, the rise of China's 5th
Dimension Cyber Army
Victor Hugo (1802-1885), French poet, writer and playwright, who witnessed
the revolutions in France that succeeded 1789, ie, 1830, 1832, 1848 and
1870, has said, "There is nothing more powerful than an idea whose
time has come!"
In January 1999, after three years of research
and development, the mi2g Intelligence Unit published an internal
memorandum titled, "Cyber Warfare: The Threat to Government, Business
and Financial Markets." In the internal memorandum, released in the
public domain post the NATO-Serbia first cyber war in April 1999, it was
stated, "Historically war has been classified as physical attacks
with bombs & bullets between nation states. It was beyond the means
of an individual to wage war. Today, in the Information Age, the launch
pad for war is no longer a runway but a computer. The attacker is no longer
a pilot or soldier but a civilian Hacker. An individual with relatively
simple computer capability can do things via the internet that can impact
economic infrastructures, social utilities and national security. This is
the problem we face in moving from the industrial world to the Information
Age, which is the essence of Cyber War."
Eight years after the mi2g initial forecast, and 11 years after we
began to do research into the vulnerability of the fragile digital environment,
the world has arrived at the predicted precipice with a quantum jump via
the Estonia-Russia Cyber War in May 2007, with a significant degradation
to the Estonian digital eco-system and infrastructure for a protracted period
of nearly one month. During this period of cyber war, the native defence
forces, government departments, businesses and individuals all suffered
over and beyond their imagination by way of expectations for digital services'
reliability, availability and sustainability in the event of adversity.
In November 2002, almost five years before the
debilitating Estonia cyber attacks, the mi2g Intelligence Unit released
a public briefing titled "Government backed counter-attack-forces
necessary in future," which stated, "As the damage done
by radical, criminal and intellectually motivated hackers continues to rise,
about six Billions Dollars of economic value was destroyed worldwide by
overt and covert digital attacks including viruses and worms in October
alone. As a result, the mi2g Intelligence Unit predicts there will
be a growing requirement for Governments to intervene and to mobilise counter-attack-forces
that protect economic targets and critical national infrastructure constituents
on a 24/7 basis."
The 2002 mi2g Intelligence Unit briefing continued: "Historically,
politicians in civilised Western democracies have challenged their defence
forces to provide adequate defence capability within limited resources.
The focus has been on the four physical dimensions - land, sea, air and
outer space - and not on the new 5th Dimension, which is cyberspace. There
is no real digital defence capability deployed so far -- other than occasional
simulations and exercises which are to uncover gaps in the national critical
infrastructure's digital defences. The redressal lies primarily in developing
counter-attack-forces, which would begin to arrest the imbalance of power
between ill-motivated hackers on the one hand and little-prepared businesses
on the other. It is unrealistic to expect that any defence department can
provide 'counter-attack-forces' against digital attacks for an entire nation's
economic targets immediately and, in any case, the expertise needed is relatively
fast moving and cannot be 'trained' into would be combatants in a short
period of time."
Fast forwarding to May 2007: When Estonian authorities began removing a
bronze statue of a Second World War-era Soviet soldier from a park, they
expected violent street protests by Estonians of Russian descent. What followed
was the second major war in cyberspace, a month-long campaign that has forced
Estonian authorities to defend their Baltic nation from a data flood that
they say was set off by orders from Russia or ethnic Russian sources in
retaliation for the removal of the statue. The Estonians assert that an
Internet address involved in the attacks belonged to an official who works
in the administration of Vladimir Putin, Russia's President. Computer security
experts from NATO, the European Union, the United States and Israel converged
on Tallinn in May to offer help and to learn what they can about protracted
cyber war in the digital age in the 21st Century. Attacks on Estonia continue
albeit at a slower pace as measured against the peak at the start of May.
The Russian government has denied any involvement in the cyber attacks,
which came close to shutting down the country's digital infrastructure,
clogging the websites of the President, the Prime Minister, Parliament and
other government agencies, staggering Estonia's biggest bank and overwhelming
the sites of several daily newspapers. "It turned out to be a national
security situation," according to Estonia's Defence Minister Jaak
Aaviksoo. "It can effectively be compared to when your ports are
shut to the sea."
The attackers used a giant network of bots (enslaved computers) on 9th May
-- perhaps as many as one million slave computers in places as far away
as North America and the Far East -- to amplify the impact of their assault.
In a sign of their financial resources, there is evidence that they rented
time from trans-national criminal syndicates on Botnets. The combination
of very, very large packets of information streams -- generated by tens
of thousands of machines -- provide the mechanism for very damaging Distributed
Denial-of-Service (DDoS) attacks. In the early hours of 9th May, traffic
spiked to thousands of times the normal flow. It was heavier on 10th May,
forcing Estonia's biggest bank to shut down its online service for more
than an hour. Even now, the bank, HansaBanka, is under assault and continues
to block access to 300 suspect Internet addresses. Finally, on 10th May,
it appears that the attackers' time on the rented servers expired, and the
botnet attacks fell off abruptly.
China's 5th Dimension Cyber Army
In the meantime, a US military report into the future of geo-political relations
with China has claimed that the Chinese government is developing a cyber
(5th Dimension) warfare division for use in possible future conflicts.
"The Military Power of the People's Republic of China 2007"
report suggests that, in addition to the Red Army's army, navy, air
force and rocket arms, the Chinese government is putting together a team
to deal with "electronic and online arenas." According
to the report, "People's Liberation Army authors often cite the
need in modern warfare to control information, sometimes termed an 'information
blockade'... China is pursuing this ability by improving information and
operational security, developing electronic warfare and information warfare
capabilities, denial-of-service and deception... China's concept of an 'information
blockade' likely extends beyond the strictly military realm to include other
elements of state power."
The same US defence report suggests that the People's Republic of China
is developing teams to handle computer network attack, defence and exploitation
with a separate section handling electronic countermeasures. It cites logistics
systems and satellite communications as possible targets, and claims that
exercises have been held in cooperation with other Red Army wings since
2005. The report also mentions an article on the subject which appeared
in the November 2006 Liberation Army Daily.
Solutions for The Cyber Warfare Paradigm Shift
The Pandora's box of full scale cyber war is open now, post Estonia, and
the world is even more dependent on digital networks than it was eight years
ago, when the mi2g Internal Memorandum was placed in the public domain
in the wake of the NATO-Serbia cyber war. Where are the solutions? Going
back to the mi2g Intelligence Briefing from November 2002, governments
and large businesses are still in need of following the recommendations
made nearly five years ago:
"In the future, when seeking to protect the critical infrastructure
constituents and business digital systems at a national level, the economically
prudent way forward would be to combine knowledge management, analysis and
counter-attack tools with on-the-ground human intelligence sources. Surveillance
and reconnaissance dashboards of digital systems would need to be managed
by experienced counter-attack-forces on a 24/7 basis. mi2g believes
that this war on digital terrorism can be won decisively and effectively.
As in all wars, our collective national defences must excel enemy aggression.
We will therefore need to understand that:
. Defence has always been about securing trade routes and markets. Given
that several Trillion Dollars of trade is routed digitally, counter-attack-forces
with electronic weapons that can disable attacking systems from various
parts of the world will ultimately need to be deployed with Governments'
backing as part of their 5th dimension defence shield. Counter-attack-forces
will save businesses a lot of lost time and money in dealing with rogue,
politically motivated, electronic attacks from radical and criminal groups
scattered across the world and within the nation(s)....
. Mobilisation of resources including new investment will become necessary
on interoperable distributed knowledge management and analysis systems,
which allow data to be shared easily from and between different sources
and agencies collecting intelligence. Also, investment in more local human
intelligence across the globe will be essential. The expertise of the very
few available people who are proficient in the technologies of the 5th dimension
would need to be utilised to train the counter-attack-forces through the
establishment of national centre(s) of excellence for digital defence. Nothing
significant can be achieved without this cohesive sharing capability being
made available to the future counter-attack-forces, who would be able to
ensure reliability, availability, maintainability and scalability of business
systems in the event of protracted hacker attacks."
For a more in-depth look at this subject, please consult my keynote speeches
1. The First International Conference on the Information Revolution and
the Changing Face of International Relations and Security in Lucerne,
Switzerland on 24th May 2005, organised by ETH Zurich's Centre for Security
Studies (CSS) & Comparative Interdisciplinary Studies Section (CISS)
of the International Studies Association (ISA):
Solutions to Counter Asymmetric Threats: The Pivotal Role of Technology;
2. The Oxford Internet Institute, University of Oxford, Inaugural Industry
Lecture on 10th February 2005:
Cyberland Security: Organised Crime, Terrorism and The Internet