RealTime IT News

Cyberspace, The Next Battlefield

While our grandparents and parents had to deal with world wars fought on land, sea and air, future generations are going to have to worry about the threat of attack on a new level: cyberspace.

A study released Tuesday by Gartner Research predicts voice over IP and other converging network technologies make the possibility of a national-level cyberwar possible by 2009.

In the next couple years, the U.S. and other countries will likely have the capability to wage cyberwar, the Gartner report states, while "brute force," or distributed denial of service (DDoS) attacks, on VoIP systems could become commonplace by 2007.

The research points to the telecommunications industry's movement away from a circuit-switched telephone network to the more efficient packet-switching . The migration opens critical communication services to Internet-like attacks.

VoIP is the most vulnerable, the report indicates, as the inherent latency found in the communication medium makes it an easy target for an enemy to launch a DDoS attack.

"Just like standard IP networking equipment, VoIP-specific equipment is susceptible to traditional IP threats such as worms, viruses and unauthorized system access," the report stated.

Signaling System 7 , the circuit-switched technology used to route telephone calls today, is pulling double duty on many of today's telephone networks. Not only is it handling the day-to-day copper-wire telephone traffic but also being tapped more often by IP networks passing off data information between telephone providers.

Technologies like SS7, LAN/WAN telephony and the data switches used by the telephone companies will find itself the target of many of these communications-based attacks.

First a fad, VoIP as a viable communications alternative is gaining serious clout in the U.S. Telephone carriers AT&T , Qwest , SBC and Verizon have rollouts planned for this year, to stay in reach of startup Vonage's network.

Government oversight in the technology is minimal, with FCC Chairman Michael Powell taking a hands-off approach and putting discussion of the technology in working groups. A bill introduced Tuesday by U.S. Sen. John Sununu looks to keep VoIP out of federal and state regulations altogether.

"VoIP providers should be free from state regulation, free from the complexity of FCC regulations, free to develop new solutions to address social needs, and free to amaze consumers," Sununu said recently.

While certain segments of the U.S. government are seeking unfettered VoIP deployments, the U.S. Department of Homeland Security has been looking at the vulnerabilities the technology brings to critical communications services.

The National Infrastructure Protection Center (NIPC) published "Risk Management: An Essential Guide To Protecting Critical Assets," in November, 2002, mainly as a guideline for land-based threats to communications facilities in the U.S. However, it included the Internet as a source of critical information services.

"Any organization that connects critical networks to the Internet must be aware of events in the larger environment," the report stated. "When short-term periods of intense politically-motivated protests take place, the infrastructure community can expect that it may be attacked, physically or via cyber means, regardless of the individual organization's involvement in the event being protested."

The NIPC reports private sector companies should focus on risk management, not just risk avoidance. It suggests fives steps every company should take: asset, threat, vulnerability and risk assessments as well as identification of countermeasure options.

The Gartner report stated preparation for a cyberwarfare attack should be proportional to the perceived risk. The tools are out there, the report said, to protect the network.

"Most security technology, when used in conjunction with 'best practices,' is appropriate to the proportional risk presented by the threat of cyberwarfare.