Cyber War Nightmares
August 29, 2006: For several years, U.S. Cyber War officials have been conducting wargames, or simulations, to determine just how, and where, the United States is vulnerable to a major attack on its Internet resources. Currently, there are over a dozen nations known to have a credible Cyber War capability, and several of these nations (like China, North Korea and Iran) are some, or all the times, hostile to the United States.
China always gets the most attention, because China has the most resources. These wargames usually expect those playing the Chinese to use their imaginations. Couple that with some geeks on the Chinese team who know a bit about Internet infrastructure, and a good scare is had by all. What's even scarier is that some of the most damaging attacks on the Internet don't need a lot of money or people, just the right information. However, that information is extremely expensive, and consists primarily of previously unknown flaws in Internet software, especially software used to run routers and other core elements of the Internet.
China also has anti-satellite capability. Ten years ago, that was a big deal, or at least a bigger deal, than it is now. While communications satellites are essential for some key military uses ( GPS, satellite phones and moving information from remote locations, like battlefields), most of the Internet now travels over earthbound fiber optic cables. But the major Internet weakness is not these cables, but the software that makes the Internet work. The battlefield is hundreds of key bits of software (everything from browsers to switching programs for routers) and millions of hardware items (especially server computers and routers).
The wargames point out that there are an enormous number of vulnerabilities, and it is, for all practical purposes, impossible to protect oneself from all of them. To that end, the Department of Defense established a separate Internet (SIPRI). It looks like the Internet, but you can't get to it from the regular Internet. Moreover, SIPRI sends most of its data encrypted, so that even if you do tap into it, you have to decrypt the data you capture. Even with SIPRI, much of the military use of the Internet is over the Internet we all use. More to the point, commercial firms, and government agencies, are very dependent on the public Internet.
The wargames have shown that military operations could be crippled even if SIPRI remained intact. That's because so many things the military needs (especially in terms of supplies, equipment maintenance and administration) are dependent on the public Internet. The wargames also reveal lots of potential enemy vulnerabilities. No one is safe. The big question is, how does one deal with the situation? The answer is lots of scenarios, contingency plans, and more simulations (including wargames), to get a better idea of where American offensive and defensive Cyber War capabilities are. The Internet is always evolving, so any Cyber War plans must as well.
Most of the details are classified, lest the enemy know where you are strong, or weak. How well prepared anyone is for Cyber War won't be revealed until someone starts one. There may be some small scale skirmishes down the road, as a sort of 'short of war' type action during a time of tension. If that happens, watch carefully. Because you will probably be seeing something no one expected.