Home / Blogs

Is The Term "Cyberwarfare" Overstating the Case?

Don't miss a thing – sign up for CircleID Weekly Wrap newsletter delivered to your inbox once a week.
Terry Zink

At the Virus Bulletin conference last month, Andrew Lee from ESET gave a talk entitled "Cyberwar: Reality or Weapon of Mass Distraction?

In it, Lee talks about how the term "cyberwar" is thrown around a lot these days. However, he disagreed with the use of the term because it uses inflationary language and overstates the case; today's "cyberwar" is not the same as a conventional ware. We read in the newspapers things like "Stuxnet is the new face of 21-st century warfare: invisible, anonymous, and devastating" and "Very respected scientists have compared nuclear arms race to cyber arms race."

Really? Is it really a cyber arms race?

The Path to Cyberwar started with Kosovo in the late 1990's. It was the first war where information and disinformation over the Internet became very important. NATO forces were often fooled by this information. They were so reliant on aerial surveillance that the Serbs put up fake tanks, fake heat sources so as to divert campaigns.

More instances:

  • In 2007 in Estonia, they came under attack although later analysis showed it to be more of a cyber riot by patriotic hackers (the Russian Nashi youth group).
  • A similar instance occurred in Georgia in 2008, and again in Kyrgyzstan.
  • However, in Iran in 2010, Stuxnet was first instant where there was some kind of destructive element to the attacks.
  • China is interesting; although they are building a lot of infrastructure, they are trying to develop by getting secrets from other places

But are these examples of cyber warfare?

While Stuxnet was called a "Digital Apocalypse" it was really "just" a DOS attack. Iran possesses weapons grade reactors, and that's what Stuxnet damaged. No people were injured. It was not even close to a digital Hiroshima. The fallout of nuclear weapons is much, much worse than cyber weapons. Terms like these seriously devalue what real war looks like. A real act of war has to be violent, purposeful and political. Stuxnet does not meet this criteria.

It's as if we in the security industry have been talking about viruses that could destroy hard drives for years. Now that we finally got one, we cry "APT!"

Below is what real warfare looks like:

Left: The aftermath of Hiroshima, Japan in 1945 / Right: Fallujah during the War in Iraq

All of this matters for multiple reasons:

  • Use of resources – Cyberwar isn't just about malware, it involves militarization of civilians and civilian resources and these things may provoke a military response.
  • Politics – Furthermore, there is a possible politicization of public anti-malware efforts (e.g., should US companies issue malware signatures for US government malware?).
  • Special interests – In addition, cyberwar is being defined almost exclusively by and within the civilian sphere. You don't hear the military talking on and on about the cyberwar. They go to great pains to reduce the kind of hype. It's mostly by those who have a vested interest in selling something to government, or public.

Who are the possible targets in "cyberwar"?

The US has more to lose than anyone else because of the way its economy is linked to the online world. If you have the widest attack surface, your opponent's strength lies in your weakness. People with no reliance on cyber are the biggest threats because they don't need to worry about defense. They also don't worry about the threat of retaliation because they don't care about the loss of human life.

There is also the problem of "attribution pollution."

What happens when you don't know who the enemy is? Is it civilian? Military? False flag (i.e., a diversion to make it look like it came from someone else)? Furthermore, there is implausible deniability — if you did it, why would you ever admit it? Unless you are declaring war?

Ultimately, we must reduce the hype and increase our knowledge, and take responsibility for our own cyber hygiene: harden and strengthen defenses, include code review and test processes, educate people to the risks they face but with a practical slant that they can use.

Those are my notes from Lee's session at VB. I thought it was a good talk with plenty to think about.

By Terry Zink, Program Manager. More blog posts from Terry Zink can also be read here.

Related topics: Cyberattack, Security



To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Sponsored Topics

Promoted Posts

Now Is the Time for .eco

.eco launches globally at 16:00 UTC on April 25, 2017, when domains will be available on a first-come, first-serve basis. .eco is for businesses, non-profits and people committed to positive change for the planet. See list of registrars offering .eco more»

Boston Ivy Gets Competitive With Its TLDs, Offers Registrars New Wholesale Pricing

With a mission to make its top-level domains available to the broadest market possible, Boston Ivy has permanently reduced its registration, renewal and transfer prices for .Broker, .Forex, .Markets and .Trading. more»

Industry Updates – Sponsored Posts

Leading Internet Associations Strengthen Cooperation

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

2016 U.S. Election: An Internet Forecast

Government Guidance for Email Authentication Has Arrived in USA and UK

ValiMail Raises $12M for Its Email Authentication Service

Don't Gamble With Your DNS

Defending Against Layer 7 DDoS Attacks

Understanding the Risks of the Dark Web

New TLD? Make Sure It's Secure

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

How Savvy DDoS Attackers Are Using DNSSEC Against Us

Facilitating a Trusted Web Space for Financial Service Professionals

MarkMonitor Partners with CYREN to Deepen Visibility into Global Phishing Attacks

Verisign Named to the Online Trust Alliance's 2016 Honor Roll

Verisign Q1 2016 DDoS Trends: Attack Activity Increases 111 Percent Year Over Year

Is Your TLD Threat Mitigation Strategy up to Scratch?

i2Coalition to Host First Ever Smarter Internet Forum

Encrypting Inbound and Outbound Email Connections with PowerMTA

Resilient Cybersecurity: Dealing with On-Premise, Cloud-Based and Hybrid Security Complexities