Because of unfettered innovation in digital warfare exhibited during the Russian/Georgia conflict in 2008, it has become a defining event in cyber operations and gave a heart-stopping foretaste of the future.
“The Russians conducted a cyberattack that was well coordinated with what Russian troops were doing on the ground,” a long time specialist in information operations told Aviation Week in May. “It was obvious that someone conducting the cyberwar was talking to those controlling the ground forces. They knew where the cyber talent was, how to use it, and how to coordinate it. It looked like a seamless, combined operation that [linked] the use of a range of cyberweapons from the sophisticated to high school kids that thought it was cool to deface official web sites. The techniques they used everybody knows about. The [innovation and new threat] was how effective they were as part of a combined operation.”
A report that came out this week examines the forensics of the Russian conflict with Georgia in 2008 and reveals more details.
Altered Microsoft Corp. software was fashioned into cyberweaponry and hackers collaborated on U.S.-based Twitter and Facebook Inc, and other social-networking sites to coordinate attacks on Georgian digital-based targets, according to the report by the U.S. Cyber Consequences Unit. The substance of the report was confirmed by IT industry officials. It was written by John Bumgarner, chief technical officer at the USCCU and a former employee of the National Security Agency and the Central Intelligence Agency.
He backtracked the attacks to 10 web sites registered in Russia and Turkey. Nine were registered using identification and credit-card information stolen from Americans; one site was registered with information stolen from a person in France. They were used to coordinate "botnet" attacks, which co-opted thousands of computers around the world to disable the Georgian government, banks and media outlets. The Russian and Turkish computer servers used in the attacks had been previously used by cybercriminal organizations, according to the USCCU.
U.S. industry response significantly pre-dates the new report, however.
Boeing officials say they have been focused by Russia’s cyberattack on Georgia as well as Israel’s spoofing of Syria’s integrated air defenses in 2007. The company bought six cyber-related companies in the last year and created its Cyber Solutions unit led by Steven Oswald, vice president and general manager for intelligence and security systems. He says the organization wants to build devices that can lift signals and messages out of heavy internet traffic and penetrate closed SCADA networks used to run power distribution, fuel pipelines and water systems.
Nor has the U.S. military failed to notice both dangers and opportunities.
There are cyber threats to U.S. air and missile defenses, for example, as well as the reciprocal offensive opportunity for the U.S. to strike a foe’s networks.
For U.S. Pacific Air Forces planners, for example, with responsibility for tracking potential threats from China and Russia, “the buzzword is cyberwarfare,” says Lt. Gen. Chip Utterback, commander of the 13th Air Force. Combating network integrated air defenses has changed dramatically in the past 10-15 years, he says.
“Access has a whole different definition that starts with electronics and cyber,” Utterback says. “Today, a [GPS-guided] 2,000-lb. bomb, Tomahawk or JASSM can’t get to a target without entering the cyberworld to achieve the survivability that’s given to us only by electronic attack. If you can influence, impact and affect an adversary’s ability to command and control, you can defend yourself. But now [those new cyber-realities have] grabbed the attention of our combatant commanders.”
U.S. industry is already testing network attack and counter-attack weapons for the non-expert to move response out of the purview of a few engineers and scientists.
A device shown to Aviation Week involves cyber-sleuthing, technology analysis and tracking of information flow to locate digital weaknesses. It then offers suggestions to the operator on how best to mount an attack and it also reports on its level of success. The heart of the attack device is its ability to tap into satellite communications, voice over Internet, proprietary Scada networks and virtually any wireless network.
Industry officials contend that the attacks do point out an increase in complexity in the way IT activities were combined, says a U.S. based analyst. It reveals the security loopholes in applications available on social networking software that is vulnerable to many intrusion techniques.
“What is obvious is the level of sophistication in integrating multiple layers of the network is increasing,” says an industry specialist. “It appears that some para-military organizations are trying out any and all social networking tools to determine their usefulness in a cyber attack.”