2012: Year One in global cyber war
As cyberattacks mounted in 2012, the Defense Department and other government agencies began striking back.
When historians look back at 2012, it’s likely that they will peg the year as the moment when the world became fully engaged in its first cyber war.
"I definitely think cyber is part of warfare," said former Navy RADM Mike Brown, now vice president and general manager of the federal business and critical infrastructure unit at EMC-RSA, a security consulting firm based in Bedford, Mass. "What we're concerned about inside government, and what those of us in the security environment see on a daily basis, is the potential for a significant impact to our way of life."
Evidence of an ongoing cyber war mounted during 2012. In late summer and early fall, major U.S. banks were hit with a series of highly publicized distributed denial of service (DDOS) assaults. During the same timeframe, several Middle Eastern oil and gas companies, including Saudi Aramco, were struck by the "Shamoon" virus, which replaced critical computer files with the image of a burning American flag. Additionally, throughout the year, thousands of smaller cyberattacks—likely launched by state sponsors, as well as "hacktivist" groups such as Anonymous—struck many major U.S. businesses and government agencies—and many smaller entities as well.
In October, Defense Secretary Leon Panetta warned that the U.S. faces a possible cyber Pearl Harbor if it continues to ignore cyberwar threats. “The whole point of this is that we simply don’t just sit back and wait for a…crisis to happen,” Panetta told Time magazine. “In this country we tend to do that, and that’s a concern.”
U.S. allies also felt the pressure. Jonathan Evans, director general of MI5, the U.K. security service, warned that cyberattacks against the nation's public companies was as much of a security challenge as terrorism.
A Continuous Threat
"We're seeing cyber conflict every single day," said Anup Ghosh, a former Defense Advanced Research Projects Agency (DARPA) senior scientist and program manager. "We're seeing the wholesale compromise of our nation's networks across all industries and the government," said Ghosh, who is now CEO and founder of Invincea, a security software developer located in Fairfax, Va.
So who's behind the attacks? "Iran certainly has the most p.r.," said Jason Lewis, chief scientist of Lookingglass Cyber Solutions, a cyber security company based in Baltimore. Yet Lewis is most worried about the threats that aren't being talked about. "It doesn't take much to establish a cyberwarfare capability, so countries on the U.S. sanction list have motivation to use computer-based intelligence to improve their situation or damage those countries they feel are treating them unfairly," he observed. "Iran is a suspect in the attacks on Saudi Aramco, but there is little information about Syria's capabilities."
Then there's the two giant cyberwar wild cards: Russia and China. "China is probably the most advanced in terms of organized capabilities," Lewis said.
Leveling the Field
"There's no one who is immune to nation-state attacks, and we have to face it from all different types of nations," Ghosh said. In a certain sense, cyber creates a level playing field, he observed. "A level playing field between so-called Third World countries with limited military capabilities to our cyber capabilities."
Brown noted that cyberattacks, capable of disrupting vital services, threaten civilian populations, as well as governments and businesses. "For instance, if the target is the electrical grid or the water supply, it could have an effect that causes death," he said. "That's part of what the end result is when you have malicious activity capable of causing physical things to occur."
As cyberattacks mounted in 2012, DOD and other government agencies began striking back. "I can assure you that we're doing the same on the offensive side," Ghosh said. "We don't know the details of that, but we're certainly doing similar types of exploits against other nations."