Virtual space, real struggle

1
Virtual space, real struggle


Pentagon's “Digital Fortress” Prepares for Effective Defense

As expected, in December of this year, the new strategy of the United States - cybernetic, should be made public, which so far has received the name “3.0 Cyber ​​Strategy”. However, one of the main "players" on the cyberwar field - the cyber command of the US DoD could not reach October 1, as was required in last year’s order by Defense Secretary Robert Gates, of a state of “full operational readiness.”

Pentagon spokesman Brian Whitman declined to give a forecast on the timing of the execution of the order of his chief and said that "the exact date is not a very important component" of the actions that Washington is taking today to ensure an adequate degree of US cyber security.

Meanwhile, according to an assessment outlined in the September-October this year, the issue of the Foreign Affores magazine by Under Secretary of Defense William Lynn, the Pentagon’s regular “digital fortress”, which has about 15 000 of computer networks and more than 7 of millions of computers, has recently been tried »More 100 special services and intelligence organizations of various countries of the world. According to the American intelligence community, “governments of foreign countries are developing offensive tools for cyber warfare,” and Brigadier General Stephen Smith, emphasizing the importance of IT security for the US military, was even more categorical: “We are not network-centric, but network-dependent!”.

And now, on the wave of such turmoil, only the cyber warfare of the US Air Force - the 24-I Air Army - turned out to be “fully combatant” to the war of the new type, which was officially announced by the head of the Space Command of the Air Force, General Robert Kahler, on October 1.

SIMPLE, CHEAP, EFFICIENT

“Welcome to the 21st century war,” said Richard Clark, a recent adviser to former US President George W. Bush on cyber security issues. “Imagine flashing electric generators, trains coming off the rails, falling planes, exploding gas pipelines, weapon systems that suddenly stop working, and troops who don't know where to go.”

This is not a retelling of an episode from the next Hollywood blockbuster - this is a brief description of a high-class American expert of the consequences that a new format war can cause - cyber war. However, Hollywood noticed in time the tendency of IT crime to move to a completely new level - from lone hackers and “hacker groups of interest” to groups of professional cyber fighters who have a more global goal than just annoying Big Brother or stealing a couple of million bucks.

It was cyber warfare, however, of a limited nature, that formed the basis of the script of the last film about the famous Die Hard. So far, of course, still far away, but, as noted in the statement of Kaspersky Lab, the recent case with the identified “industrial” virus “StaxNet” (StuxNet) is very similar to the “combat cyber attack” of a certain special service, whose main purpose According to various foreign experts, there were either the Iranian nuclear power plant in Bushehr, or, according to experts quoted by the Israeli newspaper Haaretz, the uranium-235 enrichment plant in Natanz. The complexity of the virus, its extremely high selectivity indicate that this malicious program was created not by a self-taught hacker, but by a group of highly qualified specialists who, without exaggeration, had a huge budget and resources for integrating resources. After analyzing the worm code, Kaspersky Lab experts concluded that the main task of StaxNet is “not spying on infected systems, but disruptive activity”.

"StuxNet does not steal money, does not send spam and does not steal confidential information," says Evgeny Kaspersky. - This malware was created to control production processes, literally manage huge production facilities. In the recent past, we fought cybercriminals and Internet hooligans, now, I fear, the time of cyber terrorism, cyber weapons and cyber warfare is coming. ”

But the main goal of hackers and cybercriminals today is still the United States, which has the most valuable, really hidden, secrets of a military, industrial and financial nature. According to US analysts, in the period from 2005 to 2010, the number of cyber attacks on IT systems of US government organizations increased threefold. And the current head of the Pentagon’s cyber command and the head of the NSA, General Alexander, even stated at the hearings of the Committee on the Affairs of the US Supreme Council of the House of Representatives that cyber weapons have an effect comparable to weapons mass destruction.

And for the battles in the new war, the old methods of warfare are not suitable. So far, there is not even a clear definition of the term “cyber war” and an understanding of when a cyber crime or hacker attack goes into the category of “an act of cyber war against a sovereign state”. Moreover, one of the main problems in ensuring cybersecurity is the extremely high complexity of identifying the exact source of a specific cyber attack. Without knowing the enemy “in person” and his location, one cannot make a final decision on retaliation. A vivid example of this is the situation with the sensational last year’s July attack on the 12 servers of agencies and departments of the American government: Initially, Washington blamed the DPRK, but South Korean intelligence officials who were tracking the “digital strikes” directions soon found that captured "computers, located in 16 countries, including even the United States and South Korea. But the DPRK was absolutely nothing to do with.

On the other hand, it is easier and cheaper to acquire cyber weapon and cyber warfare than to build and purchase modern weapons, military and special equipment (VVST), to prepare the necessary number of divisions. Especially if you do not form your own cyber subdivisions, and resort to the services of single hackers or cybercriminals. Thus, according to Stephen’s vice-president for intelligence and information systems development at Stephen Hawkins, for just a few million dollars the state or organization can hire people with cyber skills necessary to prepare relevant cyber war and cyber weapons. And one of the former employees of the NSA, Charles Miller, even calculated that the organization of a cyber structure capable of successfully attacking America and completely paralyzing the activities of the United States would require only 98 million dollars.

CORPORATIONS COMPETE

One of the “consequences” of increased attention on the part of the US government and military to cybersecurity issues, in particular, is that American companies that previously specialized in contracts for aircraft, missile weapons, and warships, tanks and military satellites, have recently been actively tackling a completely new business for them - cybersecurity.

“For us, this is one of the main promising areas,” said Stephen Hawkins, vice president of intelligence and information systems development at Raytheon, at a briefing with journalists. “We expect the market to grow by two orders of magnitude, its value will be billions of dollars.” There is something to fight for - the cyber budget this year has reached 8 billion dollars, and will increase to 2014 billion by 12. At the same time, if the annual increase in spending on other areas is on average 3-4% in the short term, then in terms of cybersecurity - not less than 8% annually. The leading role in the war of a new type, naturally, is allotted to the military, they will also get the lion's share of the cyber budget: the Pentagon will receive more than 50% from 8 billion dollars 2010 of the year.

According to John Sly from Input, which analyzes and markets high-tech markets for the US government, the priority cybersecurity services that will be needed by US security agencies in the short to medium term will be to identify and prevent unauthorized entry into information systems ( network), ensuring the general information security of various departments and agencies of these agencies, the implementation of basic training th composition of the security agencies in the field of computer (information) security, the current service systems, providing concurrent access to information, and more. Naturally, it will require not only services, but also software or hardware. Moreover, the volume of customer inquiries, experts believe, will begin to increase in this area constantly, as they say, exponentially.

Of course, companies such as Lockheed Martin, Raytheon or Northrop Grumman that are well-known on the international market of the Higher Air Force are going to take a leading position among those who take on providing warring parties - either one or which is not excluded, both at once - by the appropriate means of cyber-combat. Consequently, the developers of protection against cyber attacks should be constantly one step ahead of those who create methods of attack.

For example, Lockheed Martin relies on a special technology, a kind of “information wonder-weapon”, with the help of which they can actually create means allowing the military and law enforcement forces to get at their disposal a cyber-weapon capable of opposing the cyber threat that has not yet appeared and is unknown to analysts.

Another priority area is the creation of such software and such hardware, which, when impacted by the cyber attack by the enemy, will be able to recover to their original operational state.

Experts of another company, Ratheon, have also recently stepped up efforts to regain their niche in the promising cybersecurity market. One of the areas of its work is to create tools that can effectively identify in the IT security systems the gaps of the so-called zero-day (zero-day detection). In “Reiteon”, it is emphasized that today the fight against cybercriminals takes place mainly in one scenario: antivirus programs have massive databases with already known various malicious programs and check all the information coming into the system (network) for the presence of these most well-known “enemies” », After which they start to fight with them In addition, suspicious "pieces" of information that may be malicious programs are detected. And now, one of the company's divisions is already engaged in software that will be able to more effectively detect unknown viruses that have not been cataloged, and not only detect, but also immediately undertake an automatic counter-action. By the way, in “Raytheon” they believe that success can be achieved through a wider introduction of elements of artificial intelligence into cybersecurity systems.

However, any cybersecurity system requires testing, which can prove their viability. Testing them on customers' working systems is impractical and very insecure, therefore Lockheed Martin corporations and Northrop Grumman have already commissioned special cyberpolygons.



MAIN ENEMY

Whom does Washington see as its main potential cyber opponent? It is quite predictable - China is undoubtedly the leader among a dozen major countries from which territory attacks on American computer networks are carried out regularly. At the same time, as one of the leading US experts in the field of cyber security Kevin Coleman notes, Beijing here acts "quietly and secretly", gradually and systematically "pumping out" information of a military, political and economic nature of varying degrees of importance. According to American cyber defenders, this style of China’s actions makes it a much more dangerous cyber non-player than Russia, which in the West is considered “unconditionally guilty” of massive cyber attacks on Estonia (2007) and Georgia (2008).

As an example of a high degree of danger, Chinese cyber soldiers are usually given a series of successive hacker attacks carried out in 2003 year and received the designation “titanium rain”, during which the resources of Lockheed Martin, the national laboratory Sandia, were partially hacked and the largest nuclear research centers in the United States), the Redstone Arsenal (Rocket and Space Center of the Ground Forces of the USA), as well as NASA computer networks.

According to Larry Vortzel, one of the former officers of the “digital fortress” garrison of the American army, the attack was carried out by Chinese government hackers, whose “trophies” then became a significant amount of instructions, technical descriptions, design documentation, and other information constituting state military and commercial secrets of America. The damage was minimally estimated at several hundred million dollars.

However, according to the analytical report of Kaspersky Lab, published at the end of May this year, the list of countries from which the largest number of hacker attacks is carried out, according to the results of the first half of the year, was as follows: USA (27,57%), Russia (22,59%), China ( 12,84%) and the Netherlands (8,28%).

Nevertheless, the cries of "Chinese cyber threat" are getting louder in the United States. And in November last year, representatives of the expert community of the United States sent a report to Congress, in which they cited numerous data that viruses of "Chinese origin", "bookmarks" and various malicious programs were found in significant quantities in the computer networks of American oil and gas companies telecommunications and financial companies. According to the authors of the report, the scale of the cyberwar conducted by the PRC has grown from separate attacks to constant large-scale and well-planned and interrelated "front-line operations."

The Chinese cyber threat agitated Washington so strongly that it was decided to prepare a special report on this topic - last November, the commission to study the issues of economics and security in US-China relations presented the results of its research to Congress. Among other things, it was stated there - today in China there is a three-tier system for conducting cyberwar:

- the first level is the highly qualified cyber-soldiers of the PLA, who will start the attacks of others and the cyber defense of their computer networks with the start of hostilities (declaration of war);

- the second level - groups of civil or militarized cyber warfare specialists working in Chinese state and private corporations and various institutions or other organizations of a similar nature that also work for the military and will be mobilized in the PLA cyber war but will be in peacetime , leading constant "intelligence" attacks on computers of government and leading business structures of countries - potential opponents (rivals) of the Middle Kingdom;

- and, finally, the most numerous third level - the army of “hacker-patriots”, constantly working out their “skills” on the computer networks of other countries, mainly the United States.

However, the authors of the report found it difficult to answer the question: does the Chinese government control this army of “red hackers”?

While the US Congress is studying the report on the PLA cyber capabilities, the military Celestial Empire is essentially guided by the same strategy that their overseas rivals adhere to. As the Chinese media reported in July 2010, the PLA command decided to establish an information security office at the Ministry of Defense of the PRC - a kind of analogue of the American cyber command. For the main task, which, according to the official representative of the Chinese Ministry of Defense, is assigned to a new structure, is ensuring the cybersecurity of military computer networks of all levels.

A stingy official announcement of this fact sounded on July 19. And earlier, interestingly, the PLA command banned the servicemen from creating their own personal pages or blog entries on the web - the ban even applies to retired servicemen.



ON THE APPROACH TERRORISM

Another source of threat is cyberterrorism, which is still the lot of Hollywood “horror stories”, but, according to experts, it can become a reality in the very near future and present very unpleasant “surprises” to the government and society as a whole. Terrorists today use cyber weapons mainly to gather the information they need, stealing money and recruiting replenishment. As long as they strive to make loud bloody actions in order to shake the public of this or that country.

However, according to experts, if extremists resort to cyberterror, in some cases this can lead to large-scale disasters. For example, the disruption of air traffic control systems or train traffic, according to IT security experts, is fraught with no less terrible consequences than bombings on airplanes or trains. Therefore, while intelligence agencies are actively preparing to counter attacks by cyber-terrorists, a real threat, at least in the experience of the United States, is ordinary - national or international - cybercrime: in developed and not-so-such countries, most of the robberies of banks, companies and even individuals occur no longer with a pistol, crowbar, baton, knife or brass knuckles, but with the use of computers and other modern electronic devices.

In conclusion, the following should be noted. Understanding that the USMB and the IT security departments of state organizations and the business sector themselves cannot cope with a large-scale external cyber threat, the Pentagon leadership has changed its opinion on this issue. Last year, shortly before the official announcement of the creation of a cyber command, Deputy Secretary of Defense William Lynn openly declared the “unwillingness” of his department to protect non-military computer networks. However, within the framework of the new “Cyberstrategy 3.0”, representatives of the Ministry of Defense note, the directions for the stage-by-stage provision of cyber defense of not only all Pentagon objects, but also federal institutions and large companies are reflected. True, so far only those who fulfill the orders of the US armed forces.
Our news channels

Subscribe and stay up to date with the latest news and the most important events of the day.

VK Zen Telegram
1 comment
Information
Dear reader, to leave comments on the publication, you must sign in.
  1. Honory Rank
    Honory
    0
    16 July 2012 23: 03
    There’s nothing to be especially happy about. The Ketais and Russia don’t really favor. They will kill the Americans and start a great trip to the West. They have nowhere to live today, everyone is not climbing the Far East. So we need to strengthen our security system.

"Right Sector" (banned in Russia), "Ukrainian Insurgent Army" (UPA) (banned in Russia), ISIS (banned in Russia), "Jabhat Fatah al-Sham" formerly "Jabhat al-Nusra" (banned in Russia) , Taliban (banned in Russia), Al-Qaeda (banned in Russia), Anti-Corruption Foundation (banned in Russia), Navalny Headquarters (banned in Russia), Facebook (banned in Russia), Instagram (banned in Russia), Meta (banned in Russia), Misanthropic Division (banned in Russia), Azov (banned in Russia), Muslim Brotherhood (banned in Russia), Aum Shinrikyo (banned in Russia), AUE (banned in Russia), UNA-UNSO (banned in Russia), Mejlis of the Crimean Tatar people (banned in Russia), Legion “Freedom of Russia” (armed formation, recognized as terrorist in the Russian Federation and banned), Kirill Budanov (included to the Rosfinmonitoring list of terrorists and extremists)

“Non-profit organizations, unregistered public associations or individuals performing the functions of a foreign agent,” as well as media outlets performing the functions of a foreign agent: “Medusa”; "Voice of America"; "Realities"; "Present time"; "Radio Freedom"; Ponomarev Lev; Ponomarev Ilya; Savitskaya; Markelov; Kamalyagin; Apakhonchich; Makarevich; Dud; Gordon; Zhdanov; Medvedev; Fedorov; Mikhail Kasyanov; "Owl"; "Alliance of Doctors"; "RKK" "Levada Center"; "Memorial"; "Voice"; "Person and law"; "Rain"; "Mediazone"; "Deutsche Welle"; QMS "Caucasian Knot"; "Insider"; "New Newspaper"