Policy makers have their work cut out for them as they create a doctrine for handling the military and international implications of cyber conflict, concludes a report released last week.
The analysis completed by James Lewis, director of the Technology and Public Policy Program at the Center for Strategic and International Studies found that the July attacks that appeared to emanate from Korean cyberspace had many of the hallmarks of a cyber conflict, but that the impact of the attacks fell well short of the threshold of warfare.
"It was more like a noisy demonstration," Lewis wrote. "The attackers used basic technologies and did no real damage. To date, we have not seen a serious cyber attack."
In early July, widespread distributed denial-of-service attacks inundated U.S. government and South Korean Web sites. The targets of the attack, which lasted days, suggested a connection to the tensions surrounding the two countries and North Korea, but so far, no group has taken credit for the incident. The attack was not the first to seemingly involve the two countries: A year ago, South Korea claimed that North Korea attempted to infect some of its military systems with spyware.
While the United States is still trying to formulate doctrine for conflicts in the virtual world, the nation did establish a joint military command in June to conduct strategic operations in cyberspace.
CSIS's Lewis downplayed the current risk of terrorists using cyber attacks to cripple the infrastructure, arguing that the six countries with the most advanced cyber capabilities China, France, Israel, Russia, the United Kingdom and the United States are unlikely to cooperate with would-be cyber jihadists.
Yet, the countries do not have long before the capabilities will be outside of their control, Lewis warned.
"We have, at best, a few years to get our defenses in order, to build robustness and resiliency into networks and critical infrastructure, and to modernize our laws to allow for adequate security," he wrote. "Frankly, many colleagues do not believe we as a nation will be able to do this and only a successful major attack will spur the United States to make the needed changes."
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos