US critical infrastructure remains under heavy cyberattack

An executive at Kaspersky Lab just warned that global cyber warfare is in “full swing” and will probably escalate in 2013. Those are very dangerous words. This comes on the heels of a series of cyberattacks targeting the financial sector; specifically, on U.S. banks, which has entered its fifth week. The successful attacks were against the websites of some of the largest U.S. banks, and by all accounts these sites were well constructed and defended. Consider for a moment the amount of web traffic needed to overload these websites; it is not trivial, that is for sure. It is said to be one of if not the largest cyberattacks in history. This clearly speaks to the level of capabilities of the attackers as well as their determination.

As I noted in my previous blog, cybersecurity professionals have pointed the finger at Iran as the entity behind the attacks. There have been those who have expressed the view that the recent cyberattacks that have been targeting U.S. banks is retaliatory cyber fire for Stuxnet, Duqu, Flame and Mini-Flame malware that has targeted infrastructure systems (e.g., nuclear enrichment and oil production) in Iran. It should be noted that Russia also was implemented in the cyberattacks by Carl Herberger, a vice president at network security firm Radware. This seems to be supported by the claim made by an unnamed private security professional who stated that a closed-door meeting about these cyberattacks recently took place at the White House. Bear in mind that President Obama is reportedly considering issuing an executive order on cybersecurity in place of the legislation, which is stalled in Congress, as I also mentioned.

Are we in a cyber war? Just what level of cyberattack constitutes an act of war? If this is an act of war, will kinetic weapons be included in our response to these malicious cyber activities? So many questions remain unanswered.