Cyberwar Part 1: What IT Can Do To Survive - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Government // Cybersecurity
Commentary
11/25/2015
08:06 AM
Pam Baker
Pam Baker
Commentary
Connect Directly
Twitter
LinkedIn
RSS
50%
50%

Cyberwar Part 1: What IT Can Do To Survive

Are we at risk of being victims or casualties in a government cyberwar? In the first of this three-part series, we explore what the experts say about the current state of cyberwar -- and what it means to IT departments everywhere.

10 Skills CIOs Need To Survive, Thrive In 2016
10 Skills CIOs Need To Survive, Thrive In 2016
(Click image for larger view and slideshow.)

(Continued from page 1)

cyber-physical systems (CPS), where computers control physical things such as electrical grids, dams, and other utilities; IoT systems in manufacturing and elsewhere; and connected car systems.

Business continuity planning is no longer a back-burner nicety but a necessity, since it is the survival plan not only for the organization, but perhaps for the country too.

"This [coordinated attack approach] would require an incredible amount of coordination, sophistication, and luck," Venable told InformationWeek. "But the example makes it easy to see how three attacks that we've seen work already could come together to create a perfect storm of chaos -- and it could be made worse by coordinating it with physical attacks."

Are China and Russia the true culprits?

It's obvious that any one of the federal hacks previously cited delivers a chilling amount of information to any adversary -- but especially to a well-funded, well-armed, and very motivated state aggressor. Who got the data? Was it China or Russia, as the White House has repeatedly asserted? How can we really know who did it?

Cyber-security experts say that attacks are so complex that it's impossible to say with certitude who the attacker actually is. Yet the President has named a nation-state as the culprit in many cases, and so have others in the government.

There are even specific individuals named on the FBI's Cyber's Most Wanted list, including five members of the People's Liberation Army of the People's Republic of China.

Even so, President Obama walked back his assertion that China was behind the OPM hack.

Which is it? Does the government know that China is behind the OPM and other hacks or not? If it does, how exactly does it know that? Can IT and cybersecurity experts learn to identify attackers by those means as well?

[What's your disaster response plan? Read Crisis Response: 6 Ways Big Data Can Help.]

"There's no doubt nation-states are doing this," Rear Adm. (ret.) Ken Slaght told InformationWeek. The US Navy retired rear admiral was Commander of the Space and Naval Warfare Systems Command, where his duties included delivering and maintaining computer and intelligence systems (C4I). Slaght is currently co-chair and president of the nonprofit San Diego Cyber Center of Excellence (CCOE).

"I'm about 90% sure that the government does know exactly who is behind each of these hacks," he said. "The government has the advantage of all the rest of its intelligence operations to assist in tracking down the aggressors, on top of its abilities in digital tracking and surveillance. People tend to forget that the country has a lot of intelligence to work from."

There's the rub. To prove that China or Russia is behind any given attack in an international court or in the public's eye means revealing exactly how the US knows for certain. Hence the President's careful and public walk-back from blaming China.

Yes, that means the government isn't going to share this information with IT in the private sector. This reticence isn't going to help already strained relations between IT, including its cyber-security brethren, and government agencies. For decades private companies have complained about the federal government's unwillingness to share threat information.

Given IT's increasing defense role in protecting the country, the government's reluctance to share threat details no longer chafes -- it's outright hobbling the defenders.

It's left to IT to assess and understand the danger on its own. The vital question remains: Are we already in the early days of a cyberwar -- or in a cold war of sorts that could one day take us to the brink of a physical war?

"The probability of cyberwar is directly linked to the likelihood of war in general. It must not be viewed as stove-piped and distinct from the geopolitical context," Endgame's Limbago told InformationWeek. "In the near future the likelihood of war between the US and a major power like China is not very high; rather, cyber-operations will continue to focus on espionage campaigns and reconnaissance efforts."

In any case, all 57 experts polled and interviewed for this series agree that, whether the threats come from nation states or terrorists, the threat in the physical world is real and imminent. It is only the timing that's in question.

"At the end of the day, I'm not sure how much difference it makes as to who caused the devastation if we end up addressing it after the fact," says Slaght. "As it is, it doesn't take much sophistication to create considerable damage and chaos. Because of that, we'll probably end up combatting terrorists first, which will then amount to a big part of our future protections from nation states."

Meanwhile …

"Remain calm. We can't turn the clock back, but we must adapt more quickly and better than our adversaries," advises Whitley. "We are at war, but it is a winnable war if we can better coalesce as a society in acknowledging the problems and vulnerabilities we will face today and tomorrow."

For IT, it's time to occupy the battle stations in earnest.

[In part 2 of this series, learn how the private sector is at risk from government cyberattacks.]

**New deadline of Dec. 18, 2015** Be a part of the prestigious InformationWeek Elite 100! Time is running out to submit your company's application by Dec. 18, 2015. Go to our 2016 registration page: InformationWeek's Elite 100 list for 2016.

Pam Baker is author of Data Divination: Big Data Strategies, which met with rave reviews and is currently being used in universities as a textbook for both business and tech courses. It's also sold to business audiences in the general market. The US Chamber of Commerce and ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
batye
50%
50%
batye,
User Rank: Ninja
12/6/2015 | 12:05:58 PM
interesting but sad reality of the new digital age...
interesting but sad reality of the new digital age... as technology changing it affecting our life for good or bad.... 
Slideshows
Strategies You Need to Make Digital Transformation Work
Joao-Pierre S. Ruth, Senior Writer,  11/25/2019
Commentary
Enterprise Guide to Data Privacy
Cathleen Gagne, Managing Editor, InformationWeek,  11/22/2019
News
Watch Out: 7 Digital Disruptions for IT Leaders
Jessica Davis, Senior Editor, Enterprise Apps,  11/18/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
Slideshows
Flash Poll