Defending against global information war

China poses huge threat to root servers argues warfare expert

The recent attack on the Internet's root servers was more than just a few hackers having fits and giggles with the DNS. In fact, the incident could be the first volley in global information warfare between the private sector of the United States and the government of China.

The story as the unclassified media has played it: Three of the world's 13 root servers that manage the DNS, translating URLs into IP octets, were victims of intense distributed denial-of-service (DoS) attacks with malformed packets. The U.S. Department of Defense and ICANN servers were the hardest hit. There was no major damage.

The lesson the media gave: Folks at home and at the office should do a much better job of protecting their machines from being taken over by zombies, bots or other malware that can become part of a distributed DoS attack. True -- but the real story is much more foreboding.

In 1991, the U.S. Congress dismissed as farfetched the concept that concentrated infowar or cyberterrorist-like attacks could substantially disable the U.S. government and private sectors. Even the work of the National Research Council in 1991's "Computers at Risk" didn't urge the security and protective measures needed to build national and global information infrastructures.

"The rules of the competition for global economic and political influence aren't the same for everyone," I wrote in the 1993/1994 editions of Information Warfare, and for a decade thereafter, we talked about Electronic Pearl Harbors and other untenable concepts. The premise was simple: Hacking and Internet abuse would soon become part of the international weapons arsenal, used by well-organized, well-funded and motivated groups with political, religious or other fomenting agendas.

In late 1998, the Chinese reintroduced the concept of unrestricted warfare. Essentially, the Chinese government didn't feel it could defeat the United States in a military contest, so it deemed the U.S. private sector, particularly financial institutions, a legitimate target of war.

So what were the Feb. 6 DNS attacks? More than likely the Chinese government, engaged in a form of Class III Information Warfare, was performing a cyber-reconnaissance and probe of one layer of the Internet's defensive systems. Just as the United States once flew U2 missions over the Soviet Union to determine its reaction to our penetration of its airspace, the Chinese appear to be doing much the same thing, and the only reason to perform such cyber-intelligence is in preparation for cyber-conflict of some sort.

The initial internal reports suggest a deep concern that the asymmetrical nature of unrestricted war presents numerous problems for the United States, reopening decades-old debates: Should the U.S. military protect the financial/private sector? Is a cyberattack an act of war? Do you respond to nation-state or non-nation-state attacks the same way? From a private communication, the Departments of Commerce and Treasury are internally confirming the Chinese connection.

There are many steps that can balance the fabric of Class III Information Warfare, but first we have to accept that information warfare at this level is part of the current and future realities. Private commercial interests need to accept that some of them are on the front lines. They also need to realize that their international operations may be part of an attack as much as a victim of one. How does a company's U.S. headquarters handle a renegade division in Beijing? Have we planned for that?

We have known Class III Information Warfare for years but chose to do nothing, still debating definitions. Improving security is a good thing, but we have to keep in the forefront of our minds that security criteria change daily, and static defense and response is a recipe for failure.

The recent DNS attacks should teach us a lesson that most if not all businesses have not yet faced: graceful degradation. In the event of cyberattack-induced, massive systemic failure, what portions of your operations can you disconnect in the first few minutes and the subsequent hours of the event? How much of your business can survive and service customers with portions of your operations off-line for an indeterminate period of time? Do you know how to gracefully degrade your networks, without massive disruptions, to minimal mission-critical operations?

These realities seem new, but they really aren't. We can look at this emerging situation with alarm -- and that is inappropriate. Planning for an alarming event is what we need to be doing

Schwartau is the author of all three original volumes of Information Warfare, is known as the civilian architect of information warfare and is the founder of InfowarCon. He can be reached at Winn@InfowarCon.Com.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

More about ACTFinancial InstitutionsICANNNational Research

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Winn Schwartau

Latest Videos

More videos

Blog Posts