C-note: Are We Entering a Period of Cyber War?

by Rick Dakin, CEO, Coalfire

Deputy Secretary of Defense Lynn has become a vocal representative of the federal government on the potential for cyber war.  While he may be standing a little close to the flame and labeled as the one who is crying “wolf”, I think his warnings have merit.  We should start planning to address potential cyber attacks launched by our adversaries from foreign governments.

The cost of conducting nuclear warfare is too high. Even the Iranians with billions of our petro-dollars cannot close the gap quickly.  And the cost of conducting terrorism is going up.  What is left?  Cyber warfare.

For the cost of a laptop with a good Internet connection, cyber warriors can launch devastating weapons.  When we look at our dependence on computers and the Internet, we can quickly see that our systems are the soft underbelly of national security.  If I were an adversary of the United States, I would certainly consider cyber attacks as an alternative to other forms of warfare.

In fact, I am very concerned about the cyber attack capabilities we have discovered from our forensic investigations in recent months.  The ability of "bad actors" to gain access to sensitive systems and inflict damage is an absolute.  Critical infrastructure within the United States is highly vulnerable to cyber attack and we are seeing early evidence that attacks have begun.

At the high end, the attack on RSA was more significant than the media has reported.  The loss of 24,000 sensitive documents at a DoD contractor, Lockheed Martin, is indicative that someone who wanted defense information gained access to highly secure systems … and yes, Lockheed Martin maintains an awesome security program.  If they can lose sensitive documents, it raises the question of who owns the keys to systems that RSA previously secured.  Who else has those RSA keys and what else can they gain unauthorized access to? 

As we in the commercial sector read the warnings issued by William Lynn, we typically respond without much context or knowledge.  Remember, Mr. Lynn has access to what the U.S. Cyber Command is doing and what the Defense Intelligence Agency has uncovered. By the way, why isn't the press covering the U.S. Cyber Command?  If we are developing offensive cyber weapons, what makes us think that our adversaries are not doing the same thing?  Or, are we just responding to known offensive cyber capabilities in Russia, China and now Iran?

If there is any doubt that offensive cyber weapons are not already deployed, just ask the Iranians.  They are now 6 – 12 months behind plan on a highly sensitive uranium enrichment program because some western countries decided to slow them down.  Stuxnet is a cyber weapon of great sophistication.  Do not underestimate what the ramifications for building and deploying that weaponry will have on the United States. Very quietly, the Iranians hired hackers from Belarus to identify the attack vector, launch counter measures and … are they currently under contract to develop similar offensive capabilities to launch on the West?

In short, William Lynn may be leading the discussion about cyber war with the enthusiasm of understanding the full context of what we (the United States) are already doing to infiltrate our adversaries.  My guess is that his closeness to "the flame" influences his dialogue with us to a point where he may not be viewed as credible.  I just ask that he and other DoD officials share their knowledge with the commercial sector. 

Over 85% of all critical infrastructure is owned or managed by commercial entities.  We cannot allocate the resources to respond to known cyber risks unless we perceive that those risks are real.  Our forensic work provides Coalfire with the knowledge to more readily accept Mr. Lynn's evaluation of cyber war but we need to involve more of the critical infrastructure operators in the bulk electric grid, banking, healthcare, transportation and local government.  Help us understand why a well respected government official is issuing severe warnings of pending cyber attack.