Has the Stuxnet worm ushered in a new era of cyberwar, or is it simply the latest iteration of familiar strategic instruments? Has the Internet irrevocably shifted the balance between individuals and states, or will governments adapt to regain the upper hand? Does the real threat to cybersystems lie within cyberspace, or in the real world? Cyberwar has become a permanent feature of the strategic landscape, but we might hardly know it.
Corporate Cyberwar chronicles the daily battle between technical criminals and law enforcement. As new and advanced ways to cheat and financially ruin companies are discovered, many authorities not only have to figure out ways to stop it, but they also have to create new laws in order to prosecute the perpetrators. This book addresses how businesses/corporations can protect themselves against this increasingly vicious attack. To help convey the importance of protection and awareness, Cyberwar explores two very important cases, WikiLeaks and Stuxnet. Businesses/corporations are given a better understanding of such similar attacks in the future. Corporate Cyberwar does not only focus on problems, it also provides solutions. There is a point by point explanation of how Crimeware, Bot Networks and DDoS (Distributed Denial of Service) take place, which helps businesses/corporations understand exactly what needs to be done in order to prevent the attacks. Cyberwar is not only for those with a moderate understanding of technology, it is also for those with limited understanding of this threat and its devastating effects.
In September 2010, media reports emerged about a new form of cyber attack that appeared to target Iran, although the actual target, if any, is unknown. Through the use of thumb drives in computers that were not connected to the Internet, a malicious software program known as Stuxnet infected computer systems that were used to control the functioning of a nuclear power plant. Once inside the system, Stuxnet had the ability to degrade or destroy the software on which it operated. This book examines the discovery of the Stuxnet worm which has raised several issues for Congress, including the effect on national security, what the government’s response should be, whether an international treaty to curb the use of malicious software is necessary, and how such a treaty could be implemented.
In September 2010, media reports emerged about a new form of cyber attack that appeared to target Iran, although the actual target, if any, is unknown. Through the use of thumb drives in computers that were not connected to the Internet, a malicious software program known as Stuxnet infected computer systems that were used to control the functioning of a nuclear power plant. Once inside the system, Stuxnet had the ability to degrade or destroy the software on which it operated. Although early reports focused on the impact on facilities in Iran, researchers discovered that the program had spread throughout multiple countries worldwide.
From the perspective of many national security and technology observers, the emergence of the Stuxnet worm is the type of risk that threatens to cause harm to many activities deemed critical to the basic functioning of modern society. The Stuxnet worm covertly attempts to identify and exploit equipment that controls a nation’s critical infrastructure. A successful attack by a software application such as the Stuxnet worm could result in manipulation of control system code to the point of inoperability or long-term damage. Should such an incident occur, recovery from the damage to the computer systems programmed to monitor and manage a facility and the physical equipment producing goods or services could be significantly delayed. Depending on the severity of the attack, the interconnected nature of the affected critical infrastructure facilities, and government preparation and response plans, entities and individuals relying on these facilities could be without life sustaining or comforting services for a long period of time. The resulting damage to the nation’s critical infrastructure could threaten many aspects of life, including the government’s ability to safeguard national security interests.
Iranian officials have claimed that Stuxnet caused only minor damage to its nuclear program, yet the potential impact of this type of malicious software could be far-reaching. The discovery of the Stuxnet worm has raised several issues for Congress, including the effect on national security, what the government’s response should be, whether an international treaty to curb the use of malicious software is necessary, and how such a treaty could be implemented. Congress may also consider the government’s role in protecting critical infrastructure and whether new authorities may be required for oversight.
Increasingly, the power of a large, complex, wired nation like the United States rests on its ability to disrupt would-be cyber attacks and to be resilient against a successful attack or recurring campaign. Addressing the concerns of both theorists and those on the national security front lines, Chris C. Demchak presents a unified strategy for survival in an interconnected, ever-messier, more surprising cybered world and examines the institutional adaptations required of our defense, intelligence, energy, and other critical sectors for national security.
Demchak introduces a strategy of “security resilience” against surprise attacks for a cybered world that is divided between modern, digitally vulnerable city-states and more dysfunctional global regions. Its key concepts build on theories of international relations, complexity in social-technical systems, and organizational-institutional adaptation. Demchak tests the strategy for reasonableness in history’s few examples of states disrupting rather than conquering and being resilient to attacks, including ancient Athens and Sparta, several British colonial wars, and two American limited wars. She applies the strategy to modern political, social, and technical challenges and presents three kinds of institutional adaptation that predicate the success of the security resilience strategy in response. Finally, Demchak discusses implications for the future including new forms of cyber aggression like the Stuxnet worm, the rise of the cyber-command concept, and the competition between the U.S. and China as global cyber leaders.
Wars of Disruption and Resilience offers a blueprint for a national cyber-power strategy that is long in time horizon, flexible in target and scale, and practical enough to maintain the security of a digitized nation facing violent cybered conflict.