Cyber War: The Next Threat to National Security and What to Do About It
Page 29
Cyber weapons are not, as some have claimed, simply the next stage in the evolution of making war less lethal. If they are not properly controlled, they may result in small disagreements spiraling out of control and leading to wider war. And our goal as signers of the United Nations Charter is, as pledged in San Francisco well over half a century ago, “to save succeeding generations from the scourge of war.” I ask you to join me in taking a step back from the edge of what could be a new battlespace, and take steps not to fight in cyberspace, but to fight against cyber war.
It could be a beautiful speech, and it could make us safer.
Glossary
A Guide to the Cyber Warrior’s Acronyms and Phrases
Authentication: Procedures that attempt to verify that a network user is who he or she claims to be. A simple authentication procedure is a password, but software can be used to discover passwords. “Two-factor” authentication is the use of a password and something else, such as a fingerprint or a series of digits generated by a fob, a small handheld device.
Backbone: The Internet backbone consists in the coast-to-coast trunk cables of fiber optics, referred to as “big pipes,” run by the Tier 1 ISPs.
Border Gateway Protocol (BGP): The software system by which an ISP informs other ISPs who its clients are so that messages intended for the client can be routed or switched to the appropriate ISP. Sometimes an ISP may have other ISPs as clients. Thus, for example, AT&T may list on its BGP table an Australian ISP. If a packet originates on, for example, Verizon, and Verizon does not connect to the Australian network, a Verizon router at a telecom hotel (see below) would look at a BGP table to see who does have such a connection and would, in this example, route the packet to AT&T for onward routing to the Australian network. BGP tables are not highly secure and can be spoofed, leading to the misrouting of data.
Botnet: A network of computers that have been forced to operate on the commands of an unauthorized remote user, usually without the knowledge of their owners or operators. This network of “robot” computers is then used to commit attacks on other systems. A botnet usually has one or more controller computers, which are being directly employed by the operator behind the botnet to give orders to the secretly controlled devices. The computers on botnets are frequently referred to as “zombies.” Botnets are used, among other purposes, to conduct floods of messages (see DDOS).
Buffer Overflow: A frequent error in computer code writing that allows for unauthorized user access to a network. The error is a failure to limit the number of characters that can be entered by a non-trusted user, thus allowing such a user to enter instructions to the software system. For example, a visitor to a webpage may go to a section of the page where he should only be able to enter his address and instead enters instructions that allow him to gain the same access as the network’s administrator.
Civilian Infrastructure: Those national systems that make it possible for the nation’s economy to operate, such as electric power, pipelines, railroads, aviation, telephony, and banking. In the U.S., these separate verticals usually consist of nongovernmental entities, privately held or publicly traded corporations that own and/or operate the systems.
Crisis Instability: In a period of rising tensions or hostilities between nations, there may be preconditions or actions taken by one side that cause the other nation to believe it is in its best interest to take further aggressive action. Crisis instability is that condition that may lead to decisions to escalate military actions.
Cyber Boundary: The cyber/kinetic boundary is the decision point when a commander must decide whether and how to move from a purely cyber war to one involving conventional forces, or kinetic weapons. Crossing the boundary is an escalatory step that may lead to the war spiraling out of control.
DARPA (also seen as ARPA): The Defense Advanced Research Projects Agency is a component of the U.S. Defense Department charged with funding innovative research to meet the needs of the U.S. military. DARPA funded the initial research that created the Internet. In 1969 ARPANET became the first packet-switched network connecting four universities.
Deep-Packet Inspection: A procedure that scans the packets of data that make up an e-mail, webpage, or other Internet traffic. Normally only the “header” of a packet is scanned, the top part that gives the to and from information. A deep inspection would scan the digital pattern in the content but would not convert that content into text. The inspection looks only for digital patterns that are identical or highly similar to known malware or hacking tools.
Distributed Denial of Service (DDOS): A basic cyber war technique often used by criminals and other nonstate actors in which an Internet site, a server, or a router is flooded with more requests for data than the site can respond to or process. The result of such a flood is that legitimate traffic cannot access the site and the site is in effect shut down. Botnets are used to conduct such attacks, thus “distributing” the attack over thousands of originating computers acting in unison.
Domain Name System (DNS): A hierarchy of computers that converts words used as Internet addresses (as in www.google.com) into the numerical addresses that the networks actually use for routing message traffic (as in 192.60.521.7294). At the lowest rung of the hierarchy a DNS server may know only the routing information within a company; at a higher level a computer might know routing information for within a “domain,” such as the dot-net (.net) set of addresses. The highest-level DNS computers may contain the routing information for a national domain, such as dot-de (.de) for Germany—the “de” standing, of course, for “Deutschland.” DNS computers are vulnerable to floods of demands (see DDOS) and to unauthorized changes in routing information, or “spoofing,” in which a user is sent to a fraudulent look-alike version of the intended webpage.
Edge: That place on the Internet where local traffic connects to a larger, nationally connected fiber-optic cable. An edge router directs locally originating traffic onto the national network.
Encryption: The scrambling of information so that it is unreadable to those who do not have the code to unscramble it. Encrypting traffic (or “data at rest”) prevents those who intercept it or steal it from being able to read it.
Equivalence: The Cyber Equivalence Doctrine is a policy under which a cyber war attack will be treated like any other attack, including a kinetic strike, and will be responded to in a manner of the attacked nation’s own choosing, based upon the extent of the damage done and other relevant factors.
Escalation Dominance: When one party to a conflict responds to an attack or provocation by significantly expanding the scope or level of the conflict and at the same time communicates that if its demands (such as war termination) are not met it can and will go even further, this is referred to as “escalation dominance.” The expansion of the hostilities is meant to demonstrate seriousness of intent and strength of capability, as well as a refusal to tolerate a prolonged low-level conflict. It is similar to the poker move of significantly raising the stakes and bringing the contest to an end-game phase in the hopes of convincing an opponent to back down.
Espionage: Intelligence activities designed to collect information, access to which another nation (or other actor) is attempting to deny. Cyber espionage is the unauthorized entry by a nation-state onto the networks, computers, or databases of another nation for purposes of copying and exfiltrating sensitive information.
Hacker: Originally, a skilled user of software or hardware who can adapt systems to do things other than their intended or original use. In common parlance, however, the term has been used to denote someone who uses skills to gain access to a computer or network without authorization. As a verb, “to hack” means to break into a system.
Internet: The global interconnected network of networks intended for general access for the transmission of e-mails, the sharing of information on webpages, and so on. Networks may use the same software and transmission protocols, but not be part of the Internet if they are designed to be closed off from the
global interconnected system. Such closed networks are referred to as “intranets.” Often there are controlled connections between intranets and the Internet. Sometimes there are unintentional connections.
Internet Service Provider (ISP): A corporation (or government agency) that provides the wired or wireless connectivity from a user’s home, office, or mobile computer to the Internet. In the U.S. there are numerous small, regional ISPs and a handful of national ISPs. Often ISPs are also telephone companies or cable television providers.
JWICS: The Joint Worldwide Intelligence Communication System is the Defense Department’s global intranet for transmitting data that it has classified Top Secret/SCI (Specially Compartmented Information). TS/SCI information is derived from intelligence collection systems such as satellites (see NIPRNET and SIPRNET).
Latency: The extent to which a data packet is slowed from moving as quickly as possible on a network or path. Latency is measured in seconds or parts of seconds. The fastest, unimpeded speed is referred to as “line rate.” The size of a fiber-optic cable and the processing speed of routers along a network determine the line rate for that cable and/or router.
Launch on Warning: A strategy component that dictates that a nation will initiate conflict—in this case, a cyber war—when intelligence indicators suggest that an opponent has or is about to commence hostile activities.
Logic Bomb: A software application or series of instructions that cause a system or network to shut down and/or to erase all data or software on the network.
Malware: Malicious software that causes computers or networks to do things that their owners or users would not want done. Examples of malware include logic bombs, worms, viruses, packet sniffers, and keystroke loggers.
National Accountability: The concept that a national government will be held responsible for cyber attacks originating inside its physical boundaries. Also called the Arsonist in the Basement Theory (“If you are harboring an arsonist in your house and he is going out from your house and burning down others, you are just as responsible as he is”).
National Cyber Strength: A net assessment of a nation’s ability to fight cyber war, the national cyber strength takes into account three factors: offensive cyber capability, the nation’s dependence upon cyber networks, and the ability of the nation to control and defend its cyberspace through such measures as cutting off traffic from outside the country.
NIPRNET: Non-classified Internet Protocol Router Network is the Defense Department’s global intranet for information that is not classified. NIPRNET connects with the Internet at a limited number of portals. These are two other Defense Department intranets, SIPRNET and JWICS.
No First Use: In arms control, the concept that a nation will not employ a certain kind of weaponry until and unless it has been used on it. Implicit in the concept is that a nation will only use a certain kind of weapon on those that have already used it, and that the use of the weapon would be an in-kind retaliation.
NSA: The National Security Agency is a U.S. intelligence agency that is also a component of the Defense Department. NSA is the lead U.S. agency for collecting information through electronic means. It is headquartered at Fort Meade, Maryland, and is frequently referred to simply as “The Fort.”
Obligation to Assist: The proposal that each nation in a cyber war agreement would take on a requirement to help other nations and/or the appropriate international body in investigating and stopping cyber attacks originating from within its own physical boundaries.
Out of Band: Communications, frequently about the management of a network, that use a different channel or method of communicating than the network being managed.
Server: A computer usually accessed by many others, in order to interact with information stored on it, such as web pages or e-mails. Typically, servers are meant to operate without constant human monitoring. Routers, which direct the movement of Internet traffic, are a type of server.
SIPRNET: Secret Internet Protocol Router Network is the Defense Department’s global intranet for transmitting confidential and secret-level information. The Defense Department classifies information into five catergories: unclassified, confidential, secret, top secret, top secret/SCI (specially compartmented information). The SIPRNET is supposed to be air-gapped from, i.e., not physically touching, the unclassified NIPRNET and the Internet.
Supervisory Control and Data Acquisition System (SCADA): Software for networks of devices that control the operation of a system of machines such as valves, pumps, generators, transformers, and robotic arms. SCADA software collects information about the condition of and activities on a system. SCADA software sends instructions to devices, often to do physical movements. Instructions sent to devices on SCADA networks are sometimes sent over the Internet or broadcast via radio waves. Instructions are not encrypted. When the devices receive orders, they do not validate who sent the instructions.
TCP/IP: Transmission Control Protocol/Internet Protocol. The format used to divide information such as e-mails into digital “packets,” each with its own to and from data so that the packet can be routed on the Internet.
Telecom Hotels: Buildings that house large numbers of network routers, often places where major networks connect to each other. Internet and other cyber traffic, including voice telephony, are switched in such a facility. Large telecom hotels are sometimes called gigapops (points of presence). Early Internet switching centers were called Metropolitan Area Exchanges (MAEs); two examples are MAE East in Tysons Corner, Virginia, and MAE West in San Jose, California.
Tier 1: The five Internet service providers (ISPs) in the U.S. that own and operate the large, national network of fiber-optic cables on which Internet and other cyberspace traffic runs to the major cities. Smaller or regional ISPs use a Tier 1 to connect to Internet addresses that are on their own network.
Trapdoor: Unauthorized software maliciously added to a program to allow unauthorized entry into a network or into the software program. Often after an initial entry, a cyber criminal or cyber warrior leaves behind a trapdoor to permit future access to be faster and easier. Also referred to as a Trojan, or Trojan horse, after a ruse supposedly employed by Bronze Age Greek warriors to leave behind at Troy a commando team hidden inside a statue of a horse.
About the Authors
RICHARD A. CLARKE has served in the White House for Presidents Ronald Reagan, George H. W. Bush, George W. Bush, and Bill Clinton, who appointed him as National Coordinator for Security, Infrastructure Protection, and Counterterrorism. He teaches at Harvard University’s Kennedy School of Government, consults for ABC News, and is chairman of Good Harbor Consulting. He is also the author of the national bestseller Your Government Failed You: Breaking the Cycle of National Security Disasters.
ROBERT K. KNAKE is an international affairs fellow at the Council on Foreign Relations. He holds a master’s degree in international security studies from Harvard University’s Kennedy School of Government and has written on security issues for the Boston Herald, the San Antonio Express-News, and other publications. He lives with his wife in Washington, D.C.
WWW.HARPERCOLLINS.COM/RICHARDACLARKE
Visit www.AuthorTracker.com for exclusive information on your favorite HarperCollins author.
ALSO BY RICHARD A. CLARKE
NONFICTION
Against All Enemies
Your Government Failed You
FICTION
The Scorpion’s Gate
Breakpoint
Credits
Jacket design by Milan Bozic
Jacket Image © Feng yu/Shutterstock
About the Publisher
Australia
HarperCollins Publishers (Australia) Pty. Ltd.
25 Ryde Road (PO Box 321)
Pymble, NSW 2073, Australia
http://www.harpercollinsebooks.com.au
Canada
HarperCollins Publishers Ltd.
55 Avenue Road, Suite 2900
Toronto, ON, M5R, 3L2, Canada
New Zealand
HarperCollinsPublishers (New Zealand) Limited
P.O. Box 1
Auckland, New Zealand
http://www.harpercollins.co.nz
United Kingdom
HarperCollins Publishers Ltd.
77-85 Fulham Palace Road
London, W6 8JB, UK
http://www.harpercollinsebooks.co.uk
United States
HarperCollins Publishers Inc.
10 East 53rd Street
New York, NY 10022
http://www.harpercollinsebooks.com