Security Experts:

Code Wars: The Cold War Gone Tech

Code War - Cyber Terrorism

"Cyber Will be Part of any Future Conflict, Whether it's a Nation State or Terrorism" - Cofer Black, 28-year CIA Veteran

We live in a relatively peaceful time, at least here in the United States. Those of us who have had the opportunity to experience more of life than others (a poetic way of saying older) remember nuclear attack drills in grade school (huddled in the hall with our coats over our heads – knowing a heavy wool coat was the best protection from radiation), bomb shelters (the odd family down the block had one), the Cuban missile crisis (enemy missiles only six miles away from my hometown in New Jersey) and the Cold War (missiles, nuclear bombs and killer satellites lined up to wipe out the entire world).

Well, my kids never huddled at school, the odd family is into solar panels and New Jersey’s biggest threat comes from its string of bad governors. However, even if we’re feeling safer these days from physical attacks there has to be some concern about what is happening on the cyber front. 2011 has been called the “Year of the Hacker” by Daily Tech online magazine, even before we have reached its end. The number of high-profile security attacks and breaches seems to ever increasing, with some of the seemingly most secure companies and federal agencies in the country being victims.

And while the frequency and magnitude of these hacks is alarming, a recent talk by Cofer Black, a 28-year CIA veteran and former director of the CIA's counterterrorist center has to make some of us want to go back to the more tangible (and defensible?) Cold War time as being the good old days.

Black’s talk at the Black Hat conference in Las Vegas last week can be summed up with his "you had the Cold War, the global war on terrorism... now you have the Code War” quote. He went on to say, "cyber will be part of any future conflict -- whether it's a nation state or terrorism.” Black’s emphasis was on the cyber wars that are currently being waged by countries (China, Iran, United States as just a few of the combatants) but also the damage that might be done should those cyber wars escalate.

Cyber WarBlack referenced the July 2010 Stuxnet cyber attack with a ominous quote, "I am here to tell you, and you can quote me, the Stuxnet attack is the Rubicon of our future … physical destruction of a national resource is huge." The Stuxnet attack was designed to significantly delay Iran's nuclear program by using a worm, thought to be loaded into the system on a thumb drive, that ordered the centrifuges in an Iranian nuclear facility to spin out of control, ultimately destroying them. While that was happening, Stuxnet made all the readings tell Iranian engineers that everything was normal.

We live in a world where our primary visibility to cyber attacks is limited to stolen credit cards and a lack of availability to the Sony PlayStation Network, both annoying but neither deadly. But, as Black has said, we are looking towards a time when nations will launch online attacks and extremist groups will add cyber attacks to their tactics. Black also said this is compounded by a political “head in the sand” approach. “Like the terrorist threat before 9/11, our leaders hear it but they don't believe it,” he said.

As we can see from the ease by which hackers have successfully breached even our most secure companies and government agencies for monetary or activism reasons, our national infrastructure (i.e., power grids, nuclear reactors, national telephony systems) might be equally at risk, should a nation or extremist group decide to attack those as well. This will be compounded by the difficulty of determining where these attacks originate and where they might come from next.

The difference between the Cold War and the Code War doesn’t just stop at the medium of attack (physical vs. cyber) but also the public awareness, or lack of, the Code War that is now being waged. It’s a war that broils just below the surface of our media awareness but one that will no doubt become very visible with the first major cyber attack on a critical U.S. infrastructure.

Related Reading: The Veterans of the Future will be Those in Computer-Based Combat

Subscribe to the SecurityWeek Email Briefing
view counter
Alan Wlasuk is a managing partner of 403 Web Security, a full service, secure web application development company. A Bell Labs Fellow award-winner with 18+ years of experience building secure web applications, Wlasuk is an expert in web security - from evaluation to web development and remediation.