In August, Russian troops moved into Georgia. Observers dispute who fired first, but there was a little noticed dimension of the conflict that will have major repercussions for the future.
Computer hackers attacked Georgian government Web sites in the weeks preceding the outbreak of armed conflict. The Russia-Georgia conflict represents the first significant cyber attacks accompanying armed conflict. Welcome to the 21st century.
Cyber threats and potential cyber warfare illustrate the increased vulnerabilities and loss of control in modern societies. Governments have mainly been concerned about hacker attacks on their own bureaucracy’s information technology infrastructure, but there are social vulnerabilities well beyond government computers.
In an open letter to the US president in September last year, US professionals in cyber defense warned that “the critical infrastructure of the United States, including electrical power, finance, telecommunications, health care, transportation, water, defense, and the Internet, is highly vulnerable to cyber attack. Fast and resolute mitigating action is needed to avoid national disaster.”
In the murky world of the Internet, attackers are difficult to identify.
In today’s interconnected world, an unidentified cyber attack on non-governmental infrastructure might be severely damaging. For example, some experts believe that a nation’s electric power grid may be particularly susceptible. The control systems that electric power companies use are thought vulnerable to attack, which could shut down cities and regions for days or weeks. Cyber attacks may also interfere with financial markets and cause immense economic loss by closing down commercial Web sites.
Some scenarios, including an “electronic Pearl Harbor,” sound alarmist, but they illustrate the diffusion of power from central governments to individuals. In 1941, the powerful Japanese navy used many resources to create damage thousands of miles away. Today, an individual hacker using malicious software can cause chaos in far-away places at little cost to himself.
Moreover, the information revolution enables individuals to perpetrate sabotage with unprecedented speed and scope. The so-called “love bug virus,” launched in the Phillipines in 2000, is estimated to have cost billions of dollars in damage. Terrorists, too, can exploit new vulnerabilities in cyberspace to engage in asymmetrical warfare.
In 1998, when the US complained about seven Moscow Internet addresses involved in the theft of Pentagon and NASA secrets, the Russian government replied that phone numbers from which the attacks originated were inoperative. The US had no way of knowing whether the Russian government had been involved.
More recently, last year, China’s government was accused of sponsoring thousands of hacking incidents against German federal government computers and defense and private-sector computer systems in the US. But it was difficult to prove the source of the attack, and the Pentagon had to shut down some of its computer systems.
When Estonia’s government moved a World War II statue commemorating Soviet war dead last year, hackers retaliated with a costly denial-of-service attack that closed down Estonia’s access to the Internet. There was no way to prove whether the Russian government, a spontaneous nationalist response, or both aided this transnational attack.
In January, US President George W. Bush signed two presidential directives that called for establishing a comprehensive cyber-security plan, and his budget for next year requested US$6 billion to develop a system to protect national cyber security.
President-elect Barack Obama is likely to follow suit. In his campaign, Obama called for tough new standards for cyber security and physical resilience of critical infrastructure, and promised to appoint a national cyber adviser who will report directly to him and be responsible for developing policy and coordinating federal agency efforts.
That job will not be easy, because much of the relevant infrastructure is not under direct government control. Just recently, US Deputy Director of National Intelligence Donald Kerr warned that “major losses of information and value for our government programs typically aren’t from spies ... In fact, one of the great concerns I have is that so much of the new capabilities that we’re all going to depend on aren’t any longer developed in government labs under government contract.”
Kerr described what he called “supply chain attacks” in which hackers not only steal proprietary information, but go further and insert erroneous data and programs in communications hardware and software — Trojan horses that can be used to bring down systems. All governments will find themselves exposed to a new type of threat that will be difficult to counter.
Governments can hope to deter cyber attacks just as they deter nuclear or other armed attacks. But deterrence requires a credible threat of response against an attacker. And that becomes much more difficult in a world where governments find it hard to tell where cyber attacks come from, whether from a hostile state or a group of criminals masking as a foreign government.
While an international legal code that defines cyber attacks more clearly, together with cooperation on preventive measures, can help, such arms-control solutions are not likely to be sufficient. Nor will defensive measures like constructing electronic firewalls and creating redundancies in sensitive systems.
Given the enormous uncertainties involved, the new cyber dimensions of security must be high on every government’s agenda.
Joseph Nye is a professor at Harvard University and an author.
Copyright: Project Syndicate
In 1976, the Gang of Four was ousted. The Gang of Four was a leftist political group comprising Chinese Communist Party (CCP) members: Jiang Qing (江青), its leading figure and Mao Zedong’s (毛澤東) last wife; Zhang Chunqiao (張春橋); Yao Wenyuan (姚文元); and Wang Hongwen (王洪文). The four wielded supreme power during the Cultural Revolution (1966-1976), but when Mao died, they were overthrown and charged with crimes against China in what was in essence a political coup of the right against the left. The same type of thing might be happening again as the CCP has expelled nine top generals. Rather than a
Former Chinese Nationalist Party (KMT) lawmaker Cheng Li-wun (鄭麗文) on Saturday won the party’s chairperson election with 65,122 votes, or 50.15 percent of the votes, becoming the second woman in the seat and the first to have switched allegiance from the Democratic Progressive Party (DPP) to the KMT. Cheng, running for the top KMT position for the first time, had been termed a “dark horse,” while the biggest contender was former Taipei mayor Hau Lung-bin (郝龍斌), considered by many to represent the party’s establishment elite. Hau also has substantial experience in government and in the KMT. Cheng joined the Wild Lily Student
When Taiwan High Speed Rail Corp (THSRC) announced the implementation of a new “quiet carriage” policy across all train cars on Sept. 22, I — a classroom teacher who frequently takes the high-speed rail — was filled with anticipation. The days of passengers videoconferencing as if there were no one else on the train, playing videos at full volume or speaking loudly without regard for others finally seemed numbered. However, this battle for silence was lost after less than one month. Faced with emotional guilt from infants and anxious parents, THSRC caved and retreated. However, official high-speed rail data have long
Taipei stands as one of the safest capital cities the world. Taiwan has exceptionally low crime rates — lower than many European nations — and is one of Asia’s leading democracies, respected for its rule of law and commitment to human rights. It is among the few Asian countries to have given legal effect to the International Covenant on Civil and Political Rights and the International Covenant of Social Economic and Cultural Rights. Yet Taiwan continues to uphold the death penalty. This year, the government has taken a number of regressive steps: Executions have resumed, proposals for harsher prison sentences
RSS