Weapons to Malfunction!

Whose hackers pose a threat to the world?

The leading world powers are convinced that a large-scale clash in cyberspace is inevitable. The U.S. has been getting ready for cyber warfare since last year. NATO will adopt a strategy to repel a cyber-attack this year. According to some opinions in Russia, an international treaty on cyber-weapon use prohibition would help to avoid a disaster. Nevertheless, the negotiations about its conclusion are rather slow. But the arms race in cyberspace is accelerating rapidly.

In the opinion of American apologetics of the inevitability of inter-state clash in cyberspace, a scenario of the cyber-weapons usage may look the following way: management system paralysis, mass blackouts, air and on-land transport control systems’ chaos, banks and stock-markets’ disruption, tripping of the Internet and mobile connection. Charles Miller, a former leading specialist on cyber protection at one of the most sensitive intelligence services of the U.S., the National Security Agency, has recently estimated that in order to be ready for an attack strong enough to have consequences like that, an aggressor-country would need about two years to prepare. The cost of preparation for an attack and a number of people involved are rather modest: $98 million and 592 people to attack the U.S., $112 million and 750 hackers to defeat the E.U., $86 million and 517 cyber-warriors to implement aggression against Russia.

The expert has made these estimations assuming the aggressor-country would be the DPRK but, according to his words, they are viable for other countries planning an electronic attack from scratch, too. The countries that already have cyber security divisions will devise an attack faster than others. Such militarized agencies already exist in the U.S., the United Kingdom, China, India, Israel and a number of other countries.

The most active in this area are the Americans. The U.S. Cyber Command, led by General Keith Alexander reached full operational capability in October 2010. The U.S. Cyber Command has become a part of the U.S. National Security Agency and unified all the existing Pentagon cyber security divisions. USCYBERCOM employs about 1,000 people, but the military has already announced the launch of a large-scale recruiting program of cyber-specialists. Some of them will provide not only the military and state infrastructure security, but the security of the most important commercial objects of the country, said Thomas Carper, the head of the U.S. Senate Committee on Homeland Security, prior the launch of the “U.S. Cyber Challenge” initiative looking for 10,000 young computer geniuses.

The U.S. plans to adopt a new cyber security doctrine this year. The main objectives of the doctrine are revealed in a policy paper last September with a symbolic title, “Defending a New Domain” by William Lynn III, the U.S. Deputy Secretary of Defense. Its main idea is that, from now on, the U.S. will recognize cyberspace as a potential domain of warfare as land, sea and air.

NATO has also launched development of a collective cyber defense concept. The November NATO summit of the alliance resulted in making a decision to develop “A plan of action in cyber defense domain.” According to the Kommersant’s source, the document will be prepared by April and signed in June this year. The key point of the document will be devoted to the establishment of a NATO action center against cyber incidents. Initially, they planned to launch the center in 2015, but the U.S. insisted to reduce the term by three years.

Meanwhile, the alliance cannot come to an agreement on responsibilities of the Center’s cyber subdivisions. “Some countries think that there is already enough means of protection, others insist on the need to create a potential application of a warning strike,” a senior NATO representative explained to Kommersant. Also, there are disputes about how strong a cyber attack at one of the alliance countries has to be for other countries to respond under the 5th article of the treaty.

The official did not explain what countries specifically insist on regarding the need to develop offensive cyber weapons. But it is likely that Estonia is among them. American soldiers, including William Lynn III, think that the story of the Bronze Soldier and the attack of the Estonian websites in 2007 became a first example of inter-state cyber warfare, believing that it was Moscow who had waged the war. In 2008, the first NATO center of cyber security was opened in Tallinn. It holds training sessions for the IT-specialists of the alliance countries, and the first mini cyber warfare was modeled there recently. The U.S. named the breach of Georgian websites during the conflict in South Ossetia in August 2008 as another example of a state-initiated cyber attack. Behind this, in their opinion, was the Kremlin, too.

A special representative to NATO, Dmitry Rogozin, does not exclude that cyber weapons of the alliance may be directed against Russia in the future. His U.S. colleague, Ivo Daalder, assured Kommersant that “the alliance is not preparing for any conflict with Russia.” As for the absence of any dialog between Russia and NATO in this domain, Mr. Daalder said, “Because the alliance has just started to develop its positions on the matter, discussing a possible cooperation is simply too early yet.”

Meanwhile, Russia has been insisting on signing the international treaty on cyber weapons use prohibition for years. It would prohibit countries to develop and use various types of cyber weapons against each other. For example, “logical bombs” that can be secretly incorporated into computers just to stop them at critical moments or damage the system itself; “botnets” that can turn off or spy on websites and networks; microwave emitters that can “burn” computers’ micro schemes from a long distance, etc.

According to the data provided by the Institute for Problems of Information Security, Moscow State University, the main organization dealing with lobbying of the Russian concept of cyber security at the international level (run by Vladislav Sherstuk, a former head of the Federal Agency of Government Communications and Information), at least five countries are ready to start a sophisticated cyber war: the U.S., the PRC, India, Israel and the Russian Federation. The U.S. has been refusing to support Russia’s initiative to conclude the treaty on the cyber weapons use prohibition for a long time, explaining that agreements in cyber web would be ineffective. However, in November, a U.N. group of state experts agreed upon “The evaluation of threats of information security and further development of the cyber space issue” report that was signed by 15 countries, including the U.S. and Russia. The agreement recognizes the existence of a common threat, which is already an important thing. Now, Russia hopes to move from a dead point to the question of signing the international treaty at the meeting of the International Research Consortium on Information Security that will take place in April 2011.

Apart from the U.S. position on the effectiveness of the treaty, China’s position is not of less importance. While Western experts consider both Russia and China as a threat, China is more often considered to be the main threat to the world’s cyber space. The military capability of China in cyberspace is discussed in the “Capability of the People’s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation” The report says that the Liberation Army of China has adopted a doctrine of seizing control of an adversary’s information flow and has divisions to support these operations. The number of fighters, from experts’ estimation, is not less than 30,000 people. Effectiveness of Chinese cyber divisions is mainly explained by its close connection to state bodies and hackers.

At the same time, skeptical voices are becoming louder in the U.S. and many other countries. Many believe that the threat of cyber warfare is grossly exaggerated and growing tension is beneficial only to MIC (Military-Industrial Complex). Their words are fact-based: that the Pentagon Deputy, Mr. Lynn, was vice-president of the Raytheon Corporation before his nomination to the U.S. Department of Defense. This MIC giant has made profit over $26 billion on state contracts. A lump sum of that money is used for cyber weapons and cyber protection development.