Cyber Zombies V. Civil Liberties

America faces a potential threat that could have consequences far beyond the 9/11 attack.  There are no bullets, bombs or enemy soldiers — just digits; zeroes and ones in fact, the stuff of the Internet.  The perpetrators could be in the U.S. or hidden in distant lands analyzing our vulnerabilities and raising an invisible army that on command could rapidly strike our economy, infrastructure and military defenses.

This isn’t a fairy tale or a sci-fi movie like The Matrix.  It is a clear and present danger and as close as your PC.

Last week, national security officials reported that cyberspies had penetrated the U.S. electrical grid and embedded software programs that could be used to disrupt or destroy the grid.  Unfortunately, such occurrences are increasing and the threat is growing more sophisticated.  Our government and society must either quickly adjust to the threat or face dire consequences and hopefully this won’t become a license for the Obama administration to trash our civil liberties.

“Over the past several years, we have seen cyber attacks against critical infrastructures abroad, and many of our own infrastructures are as vulnerable as their foreign counterparts,” Director of National Intelligence Dennis Blair told Congress.  

But damage from cyber attacks has been reported.  Central Intelligence Agency officials report cyber attacks have darkened cities outside the U.S. and some experts claim the massive 2004 blackout in America’s Northeast was due to a cyber attack on the power grid.

Cyber warfare is not only the newest major threat to our way of life, but it’s also an instrument of military power.  Last summer, well before Russian tanks invaded the Republic of Georgia, Moscow blinded that tiny country by attacking its cyber infrastructure.  Attacks launched from a server based at a telecommunications firm in Moscow with a server based in the U.S. rendered useless the command-and-control web site of Georgian President Mikhail Saakashvili and other Georgian government and commercial servers and web sites.

Similarly, in 2007, Russia conducted a cyber campaign against Estonia, a Baltic country that upset Moscow by removing a Soviet-era monument.  Moscow retaliated by launching a month-long barrage of cyber attacks that contaminated web sites with disinformation and fraudulent postings and Estonia’s cyber infrastructure became so overloaded with traffic that it ceased to function.

Cyberspace is also an attractive battleground for individuals, non-state actors and nation states with malicious intentions who wish to remain anonymous.  The culprits leave no “fingerprints” but can damage, steal material and remotely control the networks tethered to the World Wide Web — nuclear reactors, water and sewage, telecommunications, aviation, banking, commerce, and security.  

Further, cyber attacks are desirable operations as opposed to kinetic attacks, because they are usually effective, low cost and provide immediate results without physically going to the objective.  Besides, the entire Internet connected world — all 243 countries — and every computer on the web — government and private — is vulnerable to compromise and to becoming a tool in the cyber enemy’s hands.  That’s a billion devices globally creating a breeding ground for security problems and manipulation.

The challenge for those seeking to protect their networks connected to the Internet is to understand and counter the constantly changing nature of the cyber attacker’s tactics, techniques and procedures.  Some hackers plant malicious software, “malware,” to hijack, compromise or damage computers and networks.   Others use “phishing” to attempt to acquire sensitive information such as usernames, passwords, personal information by masquerading as a legitimate person or activity.  The stolen information is then used to gain access for espionage or to damage the network.

A common cyber technique is to inundate the target with a Distributed Denial of Service (DDoS) attack which overloads the target making it become virtually non-functional.  The computers involved in these attacks are often home computers that come under the control of hackers without the knowledge of their owners.  These “zombies” are activated to run planted programs or “bots,” software that automates routine, repetitive tasks.  There are an estimated 50 million “zombies” ready for war and many are for rent to would-be attackers.

The level of cyber malicious activity is rapidly increasing.  Last fall, the Atlanta-based security firm Secureworks counted 20.6 million attacks against its customers that originated inside U.S. borders in the first eight months of 2008.  Secureworks’ study is a strong indication that there is no shortage of “zombie” computers on U.S. soil which are standing by to attack America’s vulnerabilities.  

The Pentagon reportedly experiences hundreds of daily computer network attacks.  The nature of that threat is large and diverse and includes recreational hackers, various groups with nationalistic or ideological agendas, transnational actors, and nation states.  Some attacks succeed.  A cyber attack in June 2007 crippled Secretary of Defense Robert Gates’ computer system leaving 1,500 Pentagon computers off-line for weeks.

China and Russia are America’s primary nation-state cyber threats.  Beijing has the most advanced and robust cyberwar capabilities ranging from monitoring dissidents to extensive mapping of foreign computer systems such as our electric grid.  Entire Chinese university networks remain under the control of hackers and one report states China employs 39,000 full-time Internet police who double as hackers.

The Pentagon’s 2009 annual report on China’s military addresses Beijing’s growing cyber capabilities.  The Chinese stress asymmetric strategies to leverage its advantages while exploiting the perceived vulnerabilities of potential opponents, the report states.  

In 2008, China is suspected of attacking numerous computer systems including those in the U.S. government.  Those intrusions focused on espionage — exfiltrating information such as how to miniaturize atomic weapons and the technology on silent-running submarines — but the same spy capabilities are similar to the skills necessary to conduct network attacks.  

So what should be done to address this serious threat?

Last year, President Bush asked the Center for Strategic and International Studies (CSIS), a Washington think tank, to study the cyberspace problem and make recommendations. In January, President Bush approved directives based on that study to formalize continuous efforts to safeguard government cyber systems and reduce vulnerabilities, protect against intrusion attempts, and better anticipate future threats.  The directives also created a National Cyber Security Center to address threats and increase security efforts.  

Apparently, President Obama didn’t trust the Bush administration’s cyber plans.  Obama directed his administration to conduct another comprehensive review of cyber security programs.  That review is due April 17th and it’s expected to recommend many of the findings identified in the CSIS study and perhaps establish a cyber “czar” to oversee an interagency cyber strategy.

The challenge for the Obama administration will be to find the right balance between securing America from cyber attacks without trampling on civil liberties.  Government-surveillance of Internet traffic, even in the name of national security, will be a hard sell for the public. On the other hand, government actions to surveil the Internet are likely to be kept from the public eye and hence there is a clear risk of infringing on our liberties.

Americans tend to tolerate more intrusion when it comes to their security.  For example, in the wake of 9/11 we accepted longer waits at the airport as the cost for better airline security.  But many of those same people now waiting in longer airport security lines will be skeptical of an Obama proposal to monitor the Internet because the president has shown too much enthusiasm for big government solutions that tend to trample Americans’ freedoms.  

The Internet is a wonderful tool but it is also an environment ripe for nefarious activities.  We must find a way to protect our nation from cyber “zombies” without surrendering our freedoms.