Archive for the ‘Computers’ Category

Cyber attack from al Qaeda: the bad news and the good news

Friday, December 1st, 2006

You may have noticed that the U.S. government issued a warning to online stock and banking services about the possibility of cyber attacks from terrorists, due to an al-Qaeda message encouraging such attacks. The timeframe for the possible attacks is precisely during the entire month of December–starting today.

I will explain why this development has a bright side. But first, let’s look at the bad news.

Although it hasn’t received much attention before this, the possibility for cyber warfare is huge. By breaking into computer networks, enemies could disrupt economic transactions or even vital services. It’s almost a certainty that cyberwar will eventually be used in a major assault on a nation, because it’s such a cheap and potentially easy way to cause disruption and harm from a distance.

Officials may mutter the obligatory words of downplaying this threat, as they always do, but in reality, there is little to be comforted about. Cyber attacks are not a theoretical future threat; they are a current menace. I’m not talking specifically about al Qaeda; terrorists might be able to launch a successful online attack, but they are not distinguished in this area. That honor belongs to China’s military.

Chinese hackers have gained access to Department of Defense computers hundreds of times per year. The known (or reported) intrusions have targeted computers on unclassified networks, but China’s cyber warfare units are believed to have obtained sensitive information about items such as a future command and control system, flight-planning software, and a helicopter mission-planning system. The PLA is placing emphasis on information technology in warfare.

Of course, targeting civilian systems for financial institutions, utilities, and so on could be devastating. I consider it likely that China’s military can find ways to attack some of these institutions. The Chinese government’s quest for asymmetrical warfare capabilities are well known, although the exact details of the “assassin’s mace” are a matter of speculation. China and the U.S. are on a likely collision course due to the question of Taiwan’s future. For an easy-to-read look at some cyberwar and other scenarios, see the book Showdown by Jed Babbin and Edward Timperlake.

But the key element is surprise. The ideal cyber attack would involve the enemy waking up one morning with vital service missing–electrical outages, disruption in communications, corrupted financial data. This could be used alone, or to set the stage for other types of military attacks.

This brings us to the positive aspect of the current news. America, having been actually hit by terrorists in 9/11, has learned not to ignore threats from terrorists. So, we may well benefit from having terrorists call for cyberwar, because this ensures that the threat will receive more attention, and as a result, important systems may be better protected than they would have been otherwise. Indeed, this month’s proclaimed threat may be a blessing in disguise, reducing the possibility of a very nasty surprise in the future.