The New ICBM? The Arms Race is on in Cyberwarfare

In an ironic but not surprising twist on world war, a major study, the Virtual Criminology Report, contends that the United States, Israel, France, China and Russia are now cyberarmed. The fact that major world powers seek protection from rogue people, gangs and countries is not a shock. What’s ironic, though, is that the five countries named also have been or are now allegedly cyber attackers.

The Virtual Criminology Report includes insights from more than two dozen of the world's leading experts in international relations, including Dr. Jamie Saunders, counselor at the British Embassy in Washington D.C. and security experts with experience at the U.S. National Security Agency and the Australian Attorney-General's Department. Former White House advisor Paul Kurtz compiled the report on McAfee's behalf.

The report for the first time provides a model to define cyberwar, identifies the countries involved in developing cyberoffenses and cyberdefenses, dissects examples of politically-motivated cyberattacks and reveals how the private sector will get caught in the crossfire. Government disclosure is also a major issue, as cyber initiatives and information are often classified by the government, hindering cybercrime defense in the public and private sector.

This year's report identifies the following challenges: Cyberwarfare is a Reality - Over the past year, the increase in politically motivated cyberattacks has raised alarm and caution, with targets including the White House, Department of Homeland Security, U.S. Secret Service and Department of Defense in the U.S. alone. Nation-states are actively developing cyberwarfare capabilities and involved in the cyberarms race, targeting government networks and critical infrastructures. The result of a cyberattack of this nature can result in physical damage and death -it's not just a war between computers, cyberwarfare can cause real devastation.Cyberweapons Are Targeting Critical Infrastructure - Attackers are not only building their cyberdefenses, but cyberoffenses, targeting infrastructure such as power grids, transportation, telecommunication, finance and water supplies, because damage can be done quickly and with little effort. In most developed countries, critical infrastructure is connected to the Internet and lacks proper security functions, leaving these installations vulnerable to attacks. Without the appropriate protection combined with the current lack of preparedness, an attack on these infrastructures would be detrimental and will cause more destruction than any previous attacks.Cyberwar is Undefined - Cyberwarfare entangles so many different actors in so many different ways that the rules of engagement are not clearly defined. Additionally, there is debate on how much responsibility should be placed on organizations to protect and educate the public on preventing cyberattacks. Without a proper definition in place, it is nearly impossible to determine when a political response or threat of military action is warranted.Private Sector is the Most at Risk - Critical infrastructure is privately-owned in many developed countries, making it a huge target for cyberwarfare. The private sector relies heavily on the government to prevent cyberattacks. If virtual shooting starts, governments, corporations and private citizens may get caught in the crossfire. Without insight into the government's cyberdefense strategy, the private sector is not able to be proactive and take the proper precautions. Experts call for a public discussion on cyberwarfare, bringing it out of the shadows.

"Over the next 20 to 30 years, cyberattacks will increasingly become a component of war," William Crowell, a former Deputy Director of the U.S. National Security Agency, is quoted as saying in the Virtual Criminology Report. "What I can't foresee is whether networks will be so pervasive and unprotected that cyber war operations will stand alone."

The McAfee Virtual Criminology Report 2009 is available for download to Security Magazine Bloggers at http://resources.mcafee.com/content/NACriminologyReport2009NF