How real is the threat of cyberwar?

Leon Panetta, the US secretary of defense, says the US government will do whatever it takes to defend itself against any online attacks – calling it a “cyber Pearl Harbour”, but how serious is the threat and what would a cyberwar mean for the US and the rest of the world?

“What Panetta was referring to was the real concern by a number of nation states of the potential for the cyber domain – like the other domains of air, land and sea to be used not only for international in formulations but also a platform for conflict for armed hostilities.“ – Catherine Lotrionte, a Georgetown University professor

Panetta warns that the US is vulnerable, and that it is only a matter of time before power grids, transport systems or financial networks are attacked.

“The most destructive scenarios involve cyber actors launching several attacks on our critical infrastructure at one time in combination with a physical attack on our country. Attackers could also seek to disable or degrade critical military systems and communications networks. The collective result of these kinds of attacks could be a cyber Pearl Harbour,” he said.

Now the US says it could use pre-emptive strike in order to eliminate the cyber threat and the government is busy finalising ‘rules of engagement’ for cyberspace.

Some recent cyber attacks include:

– ‘Operation Shady RAT’ – a hacking campaign believed to have originated in China. Over the last six years it has targeted about 70 public and private-sector organisations in 14 countries.

“This is the new arms race – it is a cash cow. I think there needs to be some questions asked as to whether you need to spend this amount of money on this kind of technology on this kind of warfare, because at the end of the day you will always be able to hack someone … I think you need get the fundementals right before you start spending billions on this kind of thing.“ – Jason Moon, white hat hacker

– Just last year, the Stuxnet worm targeted an Iranian nuclear facility. It is believed to be part of a US-Israeli operation against Iran called “Operation Olympic Games.”

– And in August, the world’s largest oil company – Saudi Aramco – was hit by a virus called Shamoon that damaged 30,000 workstations. The virus replaced files with the image of a burning US flag.

– That was quickly followed by an attack on Qatar’s RasGas, one of the world’s largest producers of natural gas for which a so-called hacktivist group in the Middle East claimed responsibility.

So, how real is the threat of a cyberwar? Is the US recasting itself as victim of cyber attacks after conducting its own online assaults on other nation states? And what would a cyberwar mean for the US and the rest of the world?

Inside Story, with presenter Jane Dutton, speaks to guests: Catherine Lotrionte, a professor at Georgetown University; Rob Densmore, a defence journalist who is a former US navy airman; and Jason Moon, a white hat hacker. 

“We need to be really clear about what Panetta is saying. I think there is some subtext to what he is talking about. The tone he is using and the messages he is using are quite different from what was said by the Pentagon in 2011 which is something on the order of: “We will send missiles down chimneys for cyber attacks against the US”. In other words we will retaliate with physical attacks if we are attacked through the cyber domain …. Panetta is recasting these kinds of attacks against the US, placing the US as a potential victim – and this changes the dynamic completely …  [But] there is no denying the US has played a role in active cyber offensives.”   – Rob Densmore, a former US navy airman