This past weekend, both NATO and U.S. Central Command (CENTCOM) were the targets of cyber attacks. Whether they were actually infiltrated, however, remains to be seen.
The Syrian Electronic Army (SEA), a group of “hacktivists” that is aligned with Syrian President Bashar al-Assad, allegedly breached CENTCOM’s systems following the publication of an article in the New York Times explaining Obama’s determination to conduct cyber operations against the SEA.
The SEA ostensibly stole hundreds of documents that it intends to release to the public. To demonstrate that its intrusion had been successful, the group even posted a screenshot of some files it had stolen on Twitter.
But CENTCOM is not concerned. Many officials are denying that the Command was hacked at all, whereas others are convinced that, if the SEA did penetrate CENTCOM’s networks, they did not get very far. These persons assert that the SEA may have been able to penetrate the Command’s Army Knowledge Online servers, which act as an unclassified intranet for members of the United States Army, but were unable to access the military’s classified Secret Internet Protocol Router Network, or SIPRNet.
Meanwhile, Cyber Berkut, a group of hackers loyal to former Ukranian President Viktor Yanukovych who fled to Russia last month, purportedly conducted distributed denial of service (DDoS) attacks against NATO, rendering the organization’s sites temporarily unusable. In response, NATO is now seeking to enhance its security against DDoS attacks with the help of its member states.
It is not believed at this time that the two attacks were connected.
While these attempts may not have resulted in sizable damage, it would be wrong to ignore them. What these attacks reveal is that in war and conflict, one or both sides may launch small-scale cyber operations against one another. Warfare has changed and is now characterized by the notion of network-centric operations (NCOs) in which computers are integral to the coordination of forces on the battlefield. Acknowledging this, it is not unreasonable to expect that conflicts in the future will be marked by attempts at hacking, web defacement, and cyber espionage.
But these attacks reveal something else as well. Even if NATO and CENTCOM were successfully hacked, it can be argued that it is in their interest to deny it. Martin Libicki, a researcher at RAND, explores this argument in his book Cyberdeterrence and Cyberwar when he asks whether a policy of insouciance, or general indifference to and denial of an attack, might be able to successfully deter attackers from launching future attacks. Doing nothing and denying the attack might signal to the attacker that the intrusion was unsuccessful or that it was too weak to goad the target into action. The victim therefore appears strong and the attacker an inept bully.
The phenomenon of cyber terrorism will likely continue to grow in frequency. But as Libicki and the cases above demonstrate, different responses convey different messages. It is therefore up to the victim to choose how they can best protect themselves against future attacks.
David Bisson | @DMBisson
Bio: David is currently a senior at Bard College, where he is studying Political Studies and writing his senior thesis on cyberwar and cross-domain escalation. He also works at the Hannah Arendt Center for Politics and Humanities at Bard College as an Outreach intern. Post-graduation, David would like to leverage his extensive journalism experience as well as his interest in computer coding and social media to pursue a career in cyber security, both its practice and policy.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.