U.S., Israel, Russia, China, and France are gearing up for cyberoffensives, according to a new McAfee report.
Elinor MillsFormer Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
Major countries and nation-states are engaged in a "Cyber Cold War," amassing cyberweapons, conducting espionage, and testing networks in preparation for using the Internet to conduct war, according to a new report to be released on Tuesday by McAfee.
In particular, countries gearing up for cyberoffensives are the U.S., Israel, Russia, China, and France, the says the report, compiled by former White House Homeland Security adviser Paul Kurtz and based on interviews with more than 20 experts in international relations, national security and Internet security.
"We don't believe we've seen cases of cyberwarfare," said Dmitri Alperovitch, vice president of threat research at McAfee. "Nations have been reluctant to use those capabilities because of the likelihood that [a big cyberattack] could do harm to their own country. The world is so interconnected these days."
Threats of cyberwarfare have been hyped for decades. There have been unauthorized penetrations into government systems since the early ARPANET days and it has long been known that the U.S. critical infrastructure is vulnerable.
However, experts are putting dots together and seeing patterns that indicate that there is increasing intelligence gathering and building of sophisticated cyberattack capabilities, according to the report titled "Virtually Here: The Age of Cyber Warfare."
"While we have not yet seen a 'hot' cyberwar between major powers, the efforts of nation-states to build increasingly sophisticated cyberattack capabilities, and in some cases demonstrate a willingness to use them, suggest that a 'Cyber Cold War' may have already begun," the report says.
Because pinpointing the source of cyberattacks is usually difficult if not impossible, the motivations can only be speculated upon, making the whole cyberwar debate an intellectual exercise at this point. But the report offers some theories.
For instance, Alperovitch speculates that the July 4 attacks denial-of-service on Web sites in the U.S. and South Korea could have been a test by an foreign entity to see if flooding South Korean networks and the transcontinental communications between the U.S. and South Korea would disrupt the ability of the U.S. military in South Korea to communicate with military leaders in Washington, D.C., and the Pacific Command in Hawaii.
"The ability of the North Koreans to disable cybercommunications between the U.S. and South Korea would give them a huge strategic advantage" if they were to attack South Korea, he said.
There have been earlier attacks that smack of cyberwarfare too. Estonian government and commercial sites suffered debilitating denial-of-service attacks in 2007, and last year sites in Georgia were attacked during the South Ossetia war, orchestrated by civilian attackers, the report says.
The report concludes that if we aren't seeing it already, cyberwarfare will be a reality soon enough.
"Over the next 20 to 30 years, cyberattacks will increasingly become a component of war," William Crowell, a former NSA deputy director, is quoted as saying. "What I can't foresee is whether networks will be so pervasive
and unprotected that cyberwar operations will stand alone."