Cars and Parts Springfield Swap Meet
Carroll Commencement
Fairborn commencement
Ellen Belcher is the Dayton Daily News opinion pages editor. She writes about state government, education, the environment, higher education and all things Dayton.
Martin Gottlieb is an editorial writer and columnist for the Dayton Daily News opinion pages. He focuses on the political process itself and does such national issues as war, the economy, taxes and Social Security, as well as a hodge-podge of local and state issues.Home > Blogs > A Matter of Opinion > Archives > 2009 > June > 17 > Entry
Guest column: Cyberspace can blur line between war and crime
Susan Brenner is NCR Professor of Law and Technology at the University of Dayton and author of Cyberthreats: The Emerging Fault Lines of the Nation State. Read more at cyb3rcrim3.blogspot.com.
The 1983 movie “War Games” featured a teenage hacker who almost sets off “global thermonuclear war.” Today, the technology in the movie seems hopelessly outdated as global nuclear holocaust has been replaced by terrorists with “dirty bombs.” What many of us don’t realize is that the move’s ultimate message is still valid: In War Games, the computer was the trigger that could set off weapons; today, computers are weapons.
Defense Secretary Robert Gates recently told CBS News that the United States is “under cyber attack virtually all the time, every day,” and that the Defense Department plans to more than quadruple the number of cyber experts it employs to ward off such attacks.
In 2007, Estonia was the target of a massive cyber attack that lasted two weeks. The attackers used Distributed Denial of Service (DDoS) attacks — targeting computers with too much traffic so they shut down. The Estonian DDoS attack shut down computers used by government, media, businesses and schools. The attackers used a botnet — a network of 1 million “zombie” computers.
Zombies are computers that belong to people like you and me; they’ve been taken over by software that lets an attacker use them in DDoS attacks. Since only part of the computer’s resources are used, we never know our computer is moonlighting as an attack droid.
The Estonians knew the country was under attack. But by whom and why? It had to be crime or war (since terrorism is a type of crime). Individuals commit crimes; countries commit war. It used to be easy to tell which was which: When Japan bombed Pearl Harbor, it was clear this was war, not crime.
It’s not easy anymore. Estonia thought Russia was behind the attack, which made it war. It asked NATO to help, but NATO wasn’t sure if this was war. The attack finally ended, and Estonia decided it was a crime — just retaliation by hackers who thought the country had insulted Russia.
Modern hackers don’t have to hack NORAD to start a war; they can do it on their own, which creates a dilemma.
If a country doesn’t know what an attack is, it doesn’t know who responds. In the United States, we divide response authority between the military (war) and law enforcement (crime). If we’re hit with a cyber attack, who responds? It might come from another country, but that no longer means it’s war. It might be war, or crime, or someone trying to trick us into believing another country is attacking us so we launch a counterattack.
Cyberspace blurs the lines between crime and war and that creates opportunities for the “bad guys.” We must move beyond the notion of threats as “inside” (crime) or “outside” (war) and develop more flexible threat categories and more nuanced response systems.
Attacks often target civilians, who don’t report them to authorities. The less we know about attacks and attackers, the harder it is to respond effectively. Here are some suggestions:
• Integrate civilians into the response effort by encouraging them to report attacks and harden their systems to improve our ability to resist certain types of attacks.
• Integrate civilians, law enforcement and the military into an initiative that ensures the rapid flow of threat data across all three sectors. Incorporate procedures to preserve the operational distinction between law enforcement and military.
• Create a Cyber Security Agency to implement these efforts and serve as a conduit — within constitutionally permissible grounds — between the military and law enforcement. This agency should encourage and coordinate with similar efforts in other countries.
• Do not incorporate civilians into the response process itself. That creates possibilities for abuse, error and overreaching.
Twenty-first century hackers aren’t bored adolescents. They’re professionals: criminals, mercenaries and cyber warriors. We’re their targets. If we want to avoid becoming their victims, we must take cyber threats seriously.
Permalink | Comments (0) | Post your comment | Categories: Guest Columns, Wright Patterson Air Force Base
Comments