The politics of digital warfare

This year there's a Summer Olympics, a European football contest, and a US presidential election. The Olympics return to London for the first time since 1948, the Euro Cup comes to Poland and Ukraine, and the US election hinges on only a few states as the USA still uses a colonial-era "electoral college" which supersedes the popular vote."

This year's Euro Cup features eastern Europe locations--while Ukraine struggles with its public political image, Poland emerges as a player within the EU. Five years ago, I visited the stadium in Warsaw--it was a derelict, overgrown open-pit with rotting bleachers. Dodgy characters offered to sell me bootleg vodka and pirated CDs. Friends told me that handguns and AK-47s were sometimes on offer.

You'll see the same stadium (considerably revamped) soon as a centerpiece for Euro Cup matches. Decades ago, Poland distanced itself from what former US president Ronald Reagan called the "evil empire" (the Soviet Union), then the entire "Iron Curtain" came crashing down suddenly as Western newscasters struggled to pronounce the words "glastnost" and "perestroika"...and the USA lost its favorite arch-enemy.

But now the Euro Cup graces the former turf of the "evil empire," and there's another presidential election Stateside. Former US chief executives could often conjure villains for the electorate--the now-kaput Soviet Union won't do. What now? What appeals to "Generation Facebook"?

What else? "Cyberwarfare." Given the rapid rise of personal-computing power, with resultant gaps in public-understanding of technology, the specter of villains lurking online--ready to crash essential systems in a concerted cyberstrike--holds more appeal than comparing Putin to Stalin.

But a new report has wrenched the cyberwarfare-angle. According to the New York Times, the Stuxnet worm (one of the more sophisticated viruses ever found in the wild) is the result of "a joint US and Israeli effort to target Iran's nuclear program." IDG journalist Jaikumar Vijayan writes that the NYT report "is sure to trigger a sharp increase in state sponsored cyberattacks against American businesses and critical infrastructure targets, security experts warn."

"Alan Paller, director of research at the SANS Institute, said the revelation dramatically alters the cybersecurity landscape," wrote Vijayan. "'We are now going to be the target of massive attacks,' Paller said...'for a long time everything has been under the radar, no one was really sure that the US was practicing this kind of activity. The US has acted like it was an innocent victim' of state-sponsored attacks by other countries, he said."

The damning NYT article details some pithy moments: "'Should we shut this thing down?' Mr Obama asked, according to members of the president's national security team who were in the room."

Well, no, Mr President, that's not how properly constructed military-specification computer viruses work when they're in attack-mode. You don't hit the 'Like' button on your friend Mister Antivirus to make it all go away.

Stuxnet, (ironically code-named 'Olympic Games' and initiated by the Bush administration in 2006) "was of an entirely different type and sophistication," according to the NYT. "It appears to be the first time the United States has repeatedly used cyberweapons to cripple another country's infrastructure, achieving, with computer code, what until then could be accomplished only by bombing a country or sending in agents to plant explosives," said the article.

"Mr Obama, according to participants in the many Situation Room meetings on Olympic Games, was acutely aware that with every attack he was pushing the United States into new territory, much as his predecessors had with the first use of atomic weapons in the 1940s, of intercontinental missiles in the 1950s and of drones in the past decade. He repeatedly expressed concerns that any American acknowledgment that it was using cyberweapons...could enable other countries, terrorists or hackers to justify their own attacks."

And in 2012, as Londoners discover the Ministry of Defence is considering placing surface-to-air missiles on residential flats during the Olympics, the NYT article said "another cyberweapon called Flame was recently discovered to have attacked the computers of Iranian officials...American officials say that it was not part of Olympic Games. They have declined to say whether the United States was responsible for the Flame attack."

The Olympic Flame seems to have acquired an unintentional double-meaning. But among these half-revealed tales of cyberwarfare, who are the real bad guys? Security experts know that malware is in a constant of flux, and actions often provoke reactions--just ask Sony about their experience with Anonymous.

Perhaps the US president was prescient by repeatedly voicing his concern over the US government's actions. We can only hope that the technological expertise that created Stuxnet was also applied to hardening weak-points that may be attacked--now that the USA has lost the moral high-ground.

No word yet on whether the US presidential candidates plan to make "cyberwarfare" a campaign-issue. Perhaps this particular issue has become too hot for mere politicians to handle.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Stefan Hammond

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place