- 18 Hot IT Certifications for 2014
- CIOs Opting for IT Contractors Over Hiring Full-Time Staff
- 12 Best Free iOS 7 Holiday Shopping Apps
- For CMOs Big Data Can Lead to Big Profits
Page 2 of 3
1. You need to win the first battle.
In conventional warfare, the country that wins the first battle doesn't necessarily win the war. Think Pearl Harbor. But with cyberwarfare, you need to win the first battle because there may not be a second. The enemy may have so wiped out your critical infrastructure through coordinated cyberattacks that you can't mount an effective defense and are forced to surrender.
2. The first battle could be over in nanoseconds.
Unlike Pearl Harbor, cyberattacks are stealthy. The enemy has already penetrated your networks, attacked your systems and stolen or manipulated your data before you realize that anything is wrong. Once you discover the cyberattack, you have to figure out who did it and why. Today, this type of computer forensics can take days or weeks. By then, you may have lost the war.
3. Cyberwarfare may involve subtle, targeted attacks rather than brute force.
Most people equate cyberwarfare with the massive denial-of-service (DoS) attacks that Russian activists aimed at Estonia in 2007. But cyberwarfare doesn't need to be waged on such a large scale. Instead of taking out the entire electric grid, a hacker could take out a substation that supports a particular air defense system. Much as we have precision-guided missiles in conventional warfare, we may have precision-guided cyberattacks.
4. The enemy's goal may be to cause chaos rather than destruction.
We tend to think about an enemy blowing up buildings or transportation systems during war. But the political objective of cyberwarfare may be to generate chaos among citizens rather than to destroy infrastructure. For example, what if an enemy launched a cyberattack against a country's financial systems and it appeared that everyone's money was gone from their banks? That kind of attack wouldn't require bombing any bank buildings to create chaos.
5. Data manipulation -- rather than data theft or destruction -- is a serious threat.
During the Persian Gulf War, a group of Dutch hackers allegedly penetrated dozens of U.S. military computer systems and offered to provide their help to Saddam Hussein. When the breaches were discovered, the military had to stop some deployments and verify that the data in their databases were accurate and hadn't been manipulated by the hackers. This incident demonstrates how misinformation inside hacked computers systems could harm a country's ability to respond to a cyberattack.
6. Private networks will be targets.
Most of our country's critical infrastructure -- energy, transportation, telecommunications and financial -- is privately owned. The companies that operate these networks need to understand that they are certain to be targeted in cyberwarfare, and they need to spend money accordingly to secure their networks, systems and data. This is one reason military experts recommend that operators of critical infrastructure engage with government officials and set up procedures and protocols before they are attacked.
7. When private sector networks are hit, the Defense Department will assume control.