RealTime IT News

Net Ushering in Era of War Without Borders

NATIONAL HARBOR, Md. -- As President Obama endeavors to remake the nation's cybersecurity operations, one of the thorniest challenges he is facing is how to deal with a geopolitical upheaval where foreign enemies route cyber attacks through friendly nations.

Here at research firm Gartner's annual Information Security Summit, David Sanger, the New York Times' chief Washington correspondent, outlined the shaky territory policymakers are venturing into as they embark on the sweeping cybersecurity revamp.

"We don't know yet whether any of this is likely to be successful," Sanger said.

The threats against critical infrastructure like the power grid and defense systems are real enough, as is the development of an offensive cyber program to disrupt foreign enemies and preempt attacks.

But those efforts are confounded by the shape-shifting nature of cyber threats, where attacks from an enemy in one country often emanate from servers located in a friendly nation, or even in the United States itself.

By way of contrast, Sanger, a veteran security reporter, looked back to a Cold War world where a preemptive strategy might be as simple as identifying and executing a strike against a complex of Russian nuclear silos.

"All of those notions are basically useless in a cyber age, because there will be no distinction between the kind of attack that emanates abroad and the kind of attack that emanates from the United States," Sanger said. "A national border does not exist."

The new face of cyber war was illustrated in dramatic fashion last July, when Russian hackers with shadowy connections to the government launched a wave of attacks against Georgia's digital infrastructure weeks before the tanks rolled across the border. Security experts geolocated one of the servers responsible for the attacks to Turkey, housed inside a server farm that also contained the machine that managed much of the air-traffic control operations in the Middle East, a splendid reminder of why cyber attacks can't be fought with bombs.

The challenge of combating a foreign attack that could be launched through a U.S. server operating as a proxy invite "some of the hardest national security decisions you'll have to make," Sanger said.

Yet that is exactly what the government is trying to do. In the month since Obama announced his plan to appoint a czar to coordinate the government's far-flung security operations, Defense Secretary Robert Gates issued an order creating a military cyber command to oversee both defensive and offensive cyber operations.

In his White House address, Obama pledged that he would not permit intelligence operatives to probe U.S. networks to monitor the Web activities of its citizens, a point that has been widely interpreted as an effort to distance himself from the controversial domestic surveillance program implemented by the Bush administration.

But Sanger and others wonder if privacy might be an inevitable casualty of a borderless cyber war. Already, privacy watchdogs have raised concerns about a legislative proposal in the Senate that would give the government authority to bypass privacy laws in the event of an attack.