Seek and Destroy: Enhancing America’s Digital First Strike Capabilities

Individuals illegally enter the United States bypassing controls in U.S. Military facilities to steal top-secret military data. Forensic investigation shows that the individuals are professionally trained, state-sponsored members of a foreign military such as the PLA or DPRK, our response to the aggressive action would be swift and potentially severe. Should we respond any differently to a similar security breach in the digital world?

“Allegedly” in August of 2006 a highly professional and well trained group systematically broke into 4 US defense installations over the period of about 8 hours in 10-30 minute blocks and stole flight plans for US military aircraft, the information was then transferred through Taiwan and Korea to China, clearly this was a military operation. Recently there have been a series of high-profile security incidents involving China and several US allies, although nothing as blatantly aggressive as the cyber attacks against Estonia they are none the less as provocative. It is safe to say that there have been significant and wide-spread, state-sponsored cyber attacks and security breaches. This shouldn’t surprise anyone, in fact most of us are probably numb to the extent of our collective cyber security posture, especially after the dismal results of the nations first cyber warfare simulation last year.

There is a lot of information in the public domain that many nations possess or are aggressively developing defensive or offensive cyberwarfare capabilities, North Korea has maintained training facilities for cyverwarfare as part of Mirim college, their advanced electronic warfare research facility, for the past decade plus and there should be no doubt that the United States and their allies are moving to develop a “cyber army” but just as armed conflict has moved from the battlefield to highly-populated urban environments the impending digital conflict will span beyond the control of military control and require cooperation between public, private, and military entities, something we are woefully ill-prepared to accommodate.

What if the cyber attacks went beyond military targets and focused on civilian infrastructure? Would we look at this any different than a physical attack on our infrastructure? Given our reliance on digital technology is there really a difference?

Early in 2006 I was researching the NERC CIP standards and although I felt they were fairly prescriptive, reasonable and structured it was clear that the energy industry had a long way to go to meet even a minimal baseline of technical controls, processes and the people to support them. I set forth a prediction that by 2009 an energy utility would experience a significant security incident resulting in wide-spread disruption (.09 probability) and although there has been no public information suggesting that such an event has occurred the Department of Homeland Security launched an experimental cyber attack (Aurora) which caused a generator to self-destruct (here) reports indicate that the same attack scenario could be used against the nations huge power generators – still think that a digital attack cannot result in wide-spread disruption to our physical infrastructure? Do you still think that the US should not aggressively develop digital first-strike capabilities and use them as assertively against provocative state-sponsored security breaches just as we would if the same result occurred in the physical world?

Advertisements

6 thoughts on “Seek and Destroy: Enhancing America’s Digital First Strike Capabilities

  1. Pingback: Yes, Hackers Can Take Down The Power Grid. Maybe. | securosis.com

  2. You appear to be assuming that the US does not already have such a capability. The first strike on Iraq in this recent conflict was certainly not just physical.

  3. Pingback: www.andrewhay.ca » Suggested Blog Reading - Monday October 1st, 2007

  4. The Chinese are less trustworthy than the
    former Soviet Union,they are The Second
    Evil Empire in the making with U.S. guidance
    and help, throughout greedy investment of sensitive technologies in China, for greedy
    quick profit,from motor vehicles to Computers
    ans so on.
    In addition to that, here we have undenyably
    a Communist Super Corrupt Dictatorship ,
    without any regards whatsoever for Human Rights and Freedom, bent primarily on
    World Dominance and Control.
    Good Look rest of the World, including
    The United States of America !!

  5. Pingback: Air Force Ready to Drop Cyber Bombs « Observations of a digitally enlightened mind

  6. Pingback: CIA: Hackers to Blame for Power Outages « Observations of a digitally enlightened mind

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s