Cyber war is not the stuff of science fiction any more. More than disruptive hacks and information theft, cyber attacks are now a significant part of the conflicts in Eastern Europe and the Middle East.
At a press conference in Wales last week, NATO Secretary General Anders Fogh Rasmussen made it clear that cyber attacks would be treated like military actions.
“We agree that cyber attacks can reach a level that threatens the prosperity, security and stability of our countries, and the Euro-Atlantic area,” Rasmussen said. “They could harm our modern societies as much as a conventional attack. So today, we declare that cyber defense is part of NATO’s core task of collective defense.”
There is a cyber component to many of the current major conflicts. Both sides of the Syrian civil war have engaged in malware campaigns, impacting more than 10,000 systems, according to Kaspersky Labs. The attacks have not been very sophisticated but have caused the country’s network to drop off the Internet at times.
“If you look at the real world context for all of this, you have a real melting pot going on out there across the Middle East,” David Emm, Kaspersky senior security researcher told eWEEK. “Therefore, you have governments and opposition groups, each using cyber as an element in their arsenal.”
This is true of the Islamic State in Iraq as well, and some of their attacks have reached far beyond Iraqi borders, including a recent attack on the Japanese entertainment company Sony.
Estonia, the little Eastern European country that’s made a big investment in Internet, has made plans to protect its critical systems in case of an attack, cyber or otherwise. It’s planning backup data centers in allied countries or “digital data embassies” that will protect Estonian businesses and its wide range of e-services in case a crisis overwhelms the country’s networks.
Estonia is all too familiar with the impact such attacks can have. In 2007, a dispute over a Russian war memorial spurred a round of cyber attacks that effectively shut down many business and agency sites. Estonian officials blamed the Russian government for the attacks, but the Kremlin has denied any involvement.
This highlights the problem of finding definitive proof of who is behind a cyber attack. Not knowing who is responsible makes it extremely difficult to mount an effective defense. For example, experts say a series of attacks on energy firms in the United States and in Europe were likely from a foreign government either in Eastern Europe or Russia. Another recent break-in to JPMorgan computers has been traced to a Russian city. However, it’s not clear whether it was criminal activity or a government-sponsored effort.
This is an especially important problem to address, considering that as NATO’s Rasmussen indicated, a major cyber attack could result in a military response.
