RSA Europe: Information warfare is an overused term

By securing organisations against cybervandalism and cybercrime, you are also securing yourself against information warfare, he said. It is all about protection, detection and reaction – just as with other information security threats.

When that is said, Winkler pointed out that most of the claims of information warfare “are laughable” and that the term is “much overused”.

By using terms such as information warfare, people are making security problems – and those solving them – seem far more glamorous, Winkler said.

When Estonia saw attacks against its communications systems in 2007, it was not cyberwarfare, Winkler said, it was hackers – “a basic computer security attack”.

For it to be warfare there has to be a political goal and it implies military and/or diplomatic involvement, although computers could of course be used to support military action.

According to the US Department of Defense (DoD), warfare is “international operations conducted during time of crisis or conflict to achieve or promote specific objectives over a specific adversary or adversaries”. This definition could not be applied to many of the cyberattacks labelled as information warfare, Winkler said.

Georgia and Estonia – cyberwarfare attacks?

Winkler dissected the cyberattacks on Estonia in 2007 and the conflict in Georgia and the coinciding cyberattacks in 2008. In both cases, the term information warfare was applied, and both cyberattacks had dramatic implications for the countries, but only one of them could be classified as information warfare according to Winkler.

The cyberattacks against Georgia could in a way be classified as cyberwarfare in that they appear to have been part of the wider Russian military operation against Georgia. Around the same time as Russian troops moved in, much of the Georgian communication system was blinded, Winkler said.

“This was a tactical strike”, Winkler explained, “this is what information warfare could be about”. It was used for a political objective and to support the military conflict. He said people were fools if they believed the military action coincided with the cyberattacks by accident.

It appears that Russia partnered with the criminal underground and mobilised them to support a military operation, Winkler speculated. However, by doing this, Russia has potentially revealed its strategy, and other countries know what to protect themselves against.

In the case of Estonia, it was a disgruntled hacker that caused the trouble. Because Estonia is a relatively small country, its communication system has less resilience and fewer communication trunks and was relatively easy to take out. The cyberattack had severe effects, but it was cybercrime rather than cyberwarfare. It was not one nation acting against another.

However, lessons can also be learnt from the Estonian incident as well, namely that you do not need national level assets to take down organisations or even countries’ communication systems that do not have built-in resilience. It also demonstrated the potential of real information warfare attacks.

Potential targets

Winkler also explored potential targets for adversaries – be it nations, criminals or other entities – using information warfare tactics, or should we call them cybercrime.

The US has already witnessed directed web traffic towards its power grid from Russian and China, and in Brazil, ex-hackers employed to test power grid resilience have successfully blackmailed power providers over the discovered vulnerabilities allowing the (ex?) hackers to cause blackouts.

Other potential targets would be financial infrastructures, but as Winkler pointed out, to take out the whole financial infrastructure would not be in terrorists’ interests as they use the financial infrastructure to move funds and raise money. It is more likely that banks will experience continued electronic theft of funds. “Most banks are woefully insecure”, Winkler added.

How to protect against cyberwarfare

Winkler explained that organisations, and indeed countries, can protect themselves against the threat of cyberwarfare using the same methods as you would deploy against any other information security threat as all threats attack the same vulnerabilities, he said.

When it comes to actual cyberwarfare – i.e. nation against nation – it will most likely be more than a hack. It would be more covert and nations tend to use information technology more for intelligence gathering and preparing the battlefield, than as a means of direct attack.

Instead of looking for who carries out cyberattacks, security professionals should look at the how, because “what will stop script kiddies stops information warfare”.

The Chinese question

Winkler rounded up the session by looking at China. He said a lot of attacks originate from China – often in response to events where China has been put in an unfavourable light. However, unlike the covert style of most nations’ strategies, those of China “seem reckless” and “they seem to sometimes react out of anger which discloses their tactics and capabilities”, Winkler said.

Again, as with Russia and Georgia, it could not be a coincidence of timing, and Winkler said that China must know about these ‘individuals’ as the country heavily monitors in- and out going web traffic.

What’s hot on Infosecurity Magazine?