Computer Crime Research Center

U.S. may use cyberhackers as war weapon
(by Rob Lever)

The United States is studying the use of cyberwarfare -- attacks that could cripple or control an adversary's key computer networks -- which could prove useful in a conflict with Iraq, officials and security experts say.

If pursued, it would mark the first time the United States, which has been trying to strengthen its defences against Internet attacks and cyberwarfare, will have used these tools as a weapon.

The Washington Post reported that George W. Bush, the U.S. President, has signed a secret directive instructing the government to develop rules for how and when the government uses cyberwarfare that could, for example, disable radar and electrical facilities.

Lieutenant-Colonel Gary Keck, a Pentagon spokesman, declined to offer specifics but said the military is looking at new technology as part of its arsenal.

"The implications of new information technologies make it incumbent on the Department of Defence to research and explore new concepts and capabilities to ensure that it can continue to effectively fulfill its mission of protecting the United States, its people and its national interests in the information age," he said.

The White House National Strategy to Secure Cyberspace, released on Friday, suggests the United States may respond in kind to cyberattacks from enemies, but avoids using the term "cyberwarfare."

"When a nation, terrorist group or other adversary attacks the United States through cyberspace, the U.S. response need not be limited to criminal prosecution," the document said.

"The United States reserves the right to respond in an appropriate manner. The United States will be prepared for such contingencies."

Some advance reports about the plan said the document would specifically mention the use of cyberwarfare as a tool.

Experts say cyberwarfare could be used to disable an adversary with fewer risks of civilian casualties than dropping bombs. But they note this type of warfare has risks, too.

"One of our goals is certainly to minimize civilian loss of life ... so if you can attack that critical infrastructure in a way that doesn't take it out completely, it certainly meets that goal," said French Caldwell, a cyberterrorism expert at the research firm Gartner Inc.

Mr. Caldwell said Bush's directive could eliminate legal concerns that prevented the United States from using such weapons in the Kosovo conflict in the late 1990s.

Security experts have debated whether the United States has a "secret weapon" that can disable an adversary's key computers.

While the answer is not known, experts say it may be possible to take over control of things like railway switches, circuit breakers or valves in pipes that carry water, oil and gas.

"Who knows if this stuff will really work? It hasn't been done," Mr. Caldwell said. "If we did it, it needs to be very targeted, and ideally with a means that cannot then be turned around and used against us."

Bruce Schneier, an analyst at the Internet security firm Counterpane, said it is appropriate to develop rules for use of cyberwarfare but questions whether it has any immediate application.

"I'm glad they're developing doctrine, because otherwise it would be done at random," he said. "You don't want to go willy-nilly attacking computers."

But Mr. Schneier said that in Iraq, old-fashioned methods such as radio jamming and physically knocking out infrastructure may be more practical.

"If Saddam Hussein wants to command a general, he's not going to send an e-mail," Mr. Schneier said. "The Internet doesn't control their surface-to-air missiles, it doesn't control their generals and their armies."

Mr. Schneier noted, "The best thing to do is to infiltrate the enemy's computers and networks, spy on them and surreptitiously disrupt select pieces of their communications when appropriate," he said. "Only if you can't do any of that do you consider shutting the thing down."

Source: www.canada.com

Home | What's New | Articles | Links
Library | Staff | Contact Us

Copyright Computer Crime Research Center 2001, 2002 All Rights Reserved.
Contact the CCRC Office at +38 061 220 12 83