Cyber-Warfare, a Fifth Dimension to Modern Warfare
During the last years, a new era has been introduced as a fifth to modern warfare. Cyber warfare has started to utter more loudly than ever since several serious attacks were experienced by all over the world. Thus, for the last decade the nations have started to develop their own systems and make their preparations to fight with the hackers and cyber terrorism. Consequently, the term cyber security is more in sight of NATO and other military organizations as well.
Cyber security can be defined as “the information security for protection of cyber space and the assets that includes policies, security protocols, safeguards, actions, tools, technologies, etc.” In this cyber environment, including users, networks and devices, the main objective is to secure and store data safely by means of comprising CIA (Confidentiality, Integrity and Availability).
It is inevitable to give essential importance to cyber space where all the classified data and operation- electronic communication, information sharing, image processing- is stored and managed in cyber environment. As cyber-crimes and organized cyber-attacks can be considered as one of the biggest problems of the national security, laws and regulations have been introduced based on the clarification of terminology and the precautions to fight against them. However, international laws are still in process and studies in this field are limited.
Although the IS community are familiar with cyber security and attack, cyber war is beyond all of these. According to UN terminology, cyber war means “a type of war aiming to give harm or destroy computer systems of enemy by using yours”. There is no international treaty among states related with this subject so the term, cyber war, is open to debate as it can be considered whether it is a war threat or not.
Threats to cyber environment are not limited by giving harm or destroying system as they may bent on cyber espionage (cyber spying). The main aim on this is to infiltrate the system, steal classified national security information, audio surveillance and capture valuable assets. Today, espionage is not indigenous to spying other nations but also used for industrial spying in order to capture valuable data. Based on the researches made, it was found out that £3.7 billion was lost because of fraud and cyber theft just in UK.
At the present time, the attacks are made by various ways for different intents. The major and popular ones are listed below:
Malware: is the collection of any software intending to give harm to a computer system. It may be computer viruses, worms, trojan horses, spyware, adware, etc... It can include executable codes, scripts or active content.
Botnet & Zombie computer: is a type of attack that a set of zombie computers forms a zombie network carrying bots, malicious programs that unite computers into botnets. Botnets can simply be defined as networks of malware-infected machines. Once the computer is infected by a bot, the victim will join the botnet. After that, this computer will be used for sending spam mails, launching DDoS attacks or stealing personal data. Based on this, the infected computer will act like zombie computer.
DDoS: is one of the best known attacks and rapidly growing that attempts to make computers and network tools unavailable to legitimate use of service. DDoS attack is consisted of packet streams from distributed resources. These stream packets were sent to network service of victim in order to consume the key resources - bandwidth- and cause the service to become inaccessible to intended users.
Worm: is different from others that it is a standalone computer program, used for the intent of distributing the virus, script or program. It replicates itself and spreads through the network. It may distribute the copies without user intervention unlike Trojans or malwares.
During the past few years, massive amount of cyber-attacks have been committed all around the world. Most of them are very minor damage but some of them are extensive. Brief illustration of notorious cyber-attacks can be summarized as follows:
The Original Logic Bomb: Cyber-attacks do not always hurt and is not bounded any networks or systems. Sometimes it may have terrible physical effects as well. In 1982, The CIA used a technique, called Logic Bomb, just insertion of a small piece of code into target device, to explode the target. Logic Bomb can change a system’s behavior and lead abnormal functioning. The main target of this attack was against the Soviet gas pipeline in Siberia. After using logic bomb, the pipeline exploded. It was described as “the most monumental non-nuclear explosion and fire ever seen from space”. Without using bombs, missiles or any kind of weapons, just a very small portion of computer code, physical targets can be destroyed in an effective manner.
Titan Rain: Titan Rain was occurred in the years between 2003 and 2007. This codename was given by the FBI for multiple attacks to U.S. Military and the contractors after the investigation of its traces/roots. It is known to be the one of biggest cyber-attacks of all the time time. The origin of the attack is believed to be from China. By penetrating the networks of the departments of Defense, Energy, State, and Homeland Security, besides those of defense contractor including Lockheed Martin, NASA, Redstone Arsenal, the Attackers were able to download terabytes of data in result of this cyber-attack. It was indicated that The British Foreign Office was also targeted according to the report published in 2007. After the traces investigated clearly, it was come up that the Attackers not only got access military intelligence and the classified information but also left backdoors and “zombify” computers in order to make and support their future attacks easier.
The Estonian Cyber war: In 2007, it was seen that how a country can be vulnerable to a cyber-attack during its execution. In a short period of time, by using various attacking techniques to penetrate (such as ping floods, DDOS and botnets... etc.), attackers was able to take down major government web sites, online banking systems. The main part of the attack was a distributed denial of service (DDOS) by using remotely commanded computers (known as a botnet) to get the targets and make them offline. At the densest times of the attack, Bank’s ATM cards, GSM phone were even inoperable all over the country. It is believed that it was Russia behind the scenes. Relocation of The Bronze Soldier of Tallinn, which is important to Russian citizens, triggered this devastating massive scale attack.
The August war: During the August 2008 Russia – Georgia war, important Georgian websites, comprising the web site of President, the Ministry of Foreign Affairs, the Ministry of Defense and also various corporate and press web sites were brought down via cyber-attacks. The Parliament’s web site was replaced with photos for political propaganda. It was blamed a cyber-hacker group, Russian Business Network, on committing the attack but, it is denied by the Russian President. Even though effect of this attack on the services or systems was very little or none; but put very much political pressure on Georgian government on that time.
GhostNet: In 2009, Massive electronic spying/espionage network compromised of over the 1200 computers in more than 100 countries was discovered by Canadian researchers after 10 months investigation. Some of the targets (30%) were Ministries of foreign affairs and embassies in Germany, Iran, Pakistan, Indonesia, Thailand, India, Bangladesh, and South Korea were also affected. It is believed that China was responsible for this attack but not officially blamed on this. According to the report published about the GhostNet, who created or used GhostNet is less important than the chance of strategic intelligence organization. When a computer is infected by GhostNet, that device turns into a generic listening/tapping device. Hackers can also turn on its camera, microphone to record what is going on around the device. It was devastatingly effective for forming an espionage network and gathering information by using this.
StuxNET: It is discovered in 2010. StuxNET is a worm that exploits in Windows to attack Siemens industrial systems including nuclear power plants. Even though various countries including USA were affected, Iran was the worst damaged country. Over the 16000 Iranian computers were infected. Later, it is found out that the target of the worm was specifically Iran’s nuclear program. Tehran’s over 1000 nuclear centrifuges were destroyed and set back the country’s atomic program by at least two years because of the worm. It is thought that Israel was the main suspect of this cyber-attack and in 2011 a New York Times investigation revealed that the worm had been developed and tested in Israel.
Sony: In 2011, over 75 million of PlayStation Network and Sony Online accounts, comprising users’ credit and debit card information were stolen by unrevealed group of cyber attackers. The cost of this attack was estimated at $1 to $2 billion dollars, making it the costliest hacking event ever. It took seven days to recover and restore all services for Sony then they announced the event to public. It was a hacktivist group, called Anonymous, and committed this hack operation in response to protest Sony’s suing the PS3 jail break inventor guy GeoHot.
Operation Red October: In 2012, a Russian Security Firm Kaspersky revealed a worldwide cyber-attack and named it as “Red October” and found out that it had been operating for over 5 years. The prime target of this attack was Eastern Europe and the aim was to gather sensitive information from documents owned by intelligence organizations, to access secret computer networks and data from personal mobile and network devices. There were nearly 1000 computers all around the world effected but all of them carefully selected for attack. Not only diplomatic and governmental agencies of various countries but also energy and nuclear groups and research institutions were targeted. This was a malware attack and gathered information from smartphones of government workers comprising of IPhones, Windows Mobile electronically. As soon as a victim opens the malicious document on a system, malicious code embedded in the document initiates itself and setup software on that device then the attackers can communicate with these devices. The effected devices by this malware were also received spying software modules from the attackers’ servers. Nearly seven terabytes of data has been stolen since beginning of the initial attack.
Last year, Ministry for Foreign Affairs of Finland and the Finnish Security Intelligence Service were the victims of two different cyber espionage campaigns. They thought that hackers were working for two foreign countries but never revealed the name of the responsible countries. Finnish media has been reporting that Russia and China are responsible the campaign, which was detected by Finnish authorities after a tip from Sweden on the first days of 2013. The interesting point is that the second more sophisticated attack was discovered while looking into the first case. The Finnish government established a Cybersecurity Center at the start of this year to monitor threats.
As historical events, these are the most well-known cyber-attacks happened in the past. One of the up-to-date events related to NATO is given below:
15 March 2014, a group of Pro-Russian Ukrainian attackers, called Cyber Berkut, alleged responsibility for a DDoS attack taking down several NATO web sites during rising tensions over military incursions into the Crimean peninsula.
In this challenging cyber environment, necessary steps have been taken by the government in Turkey to counter possible cyber-attacks. In this context, the Cyber Security Council has been established in 2012 to determine the precautions for cyber security, to approve and to ensure implementation and coordination of the plans, schedules, reports, procedures, principles and standards. Then, The Council approved “National Cyber Security Strategy and 2013-2014 Action Plan” in 2013.
In line with the activities addressed in “National Cyber Security Strategy and 2013-2014 Action Plan”, STM A.Ş., has developed a cyber-security approach which highlights the importance of Integrated Cyber Security, situational awareness, resiliency, and secure IT infrastructures.
Integrated Cyber Security and Situational Awareness
Integrated Cyber Security (ICS) is based on the coordination and cooperation of all composing elements of cyber security infrastructure. Accordingly, first of all, critical assets and properties, topologies and vulnerabilities of them should be identified, and then threats stem from those vulnerabilities need to be analyzed. Integrating all those collected information, a cyber-common operating picture should be created so that decision makers can see this picture and decide accordingly. Event information collected from sensors or disparate sources can be incorporated into this picture and by this way changes of security status can be monitored in real time. By correlating the collected event logs, making a clear judgment about the events which can be treated as unrelated individually. In addition, cyber-common operating picture should ease planning, analyzing and implementation activities in order to countermeasure to threats.
In order to realize these objectives, STM A.Ş. developed a prototype named ICSS (Integrated Cyber Security System) and prepared a feasibility study report for the name of SSM.
Within the scope of this prototype, An ontology and a national vulnerability database covering aspects of cyber defence have been created, A Cyber Security Risk Analysis and Evaluation System to be available to all organizational units has been realized,The technical infrastructure of a Cyber Security Coordination Centre, which will be able to make Cyber Security vulnerability and risk assessment, which will gather instant data to perform data fusion has been created, A system, which can create Joint Cyber Security Picture from the data fused, has been developed.
ICS approach is not only limited by a product but also covers stakeholders and processes as well. In this context, besides having internal situational awareness in the organizations, it is necessary to increase the strength of the inter-organizational cooperation and information sharing. Therefore, it is important that the prototype and similar products consist of infrastructures of process management and information sharing.
Resiliency and Secure IT Infrastructure
Nowadays, cyber-attacks are becoming more and more complicated. Cyber-attacks can cause a dramatic effect on IT and communication infrastructure and disrupt the business continuity of an organization.
Organizations need new technologies in addition to conventional defense systems in order to complete their missions even the cyber-attack succeeds.
To be able to show resilience to cyber-attacks, changes are required in IT infrastructure and architecture along with technical, managerial and political changes in operational processess of organizations.
Within this scope, official and private organizations need to develop solutions in order to increase the resiliency of the organizations to cyber-attacks in a cost effective manner by cooperating with universities and companies.
For the provision of resiliency, using of capabilities of cloud computing such as back-up, load balance and scalability, deciding the proper of hardware and software in critical infrastructure, giving preference to open source and national solutions, and increasing the hardware level security come to the fore. In this respect, STM A.Ş. brought the usage of open source and national software to the fore within ICSS project.
Mission Support, Education and Training
STM A.Ş. with its highly-trained personnel, is involved in engineering activities such as concept and process development required in creating cyber security awareness at national level, requirement elicitation and analysis, system design and consultancy and certification services by performing R&D projects such as ICSS, etc.
Moreover, STM A.Ş., as part of test and evaluation services, has the competency of determining security level of organizations and cyber security products and testing products which are not related to cyber-security as well.
STM A.Ş. supports education and training activities to increase cyber security awareness for especially manager, employee, and end user levels of public organizations for the aim of countering against cyber security threats and protecting critical infrastructures.
University-Academy and National and International Cooperation
Because new and complicated techniques are emerging in the cyber-security era day after day, it is being more important to monitor this era closely. Therefore, cooperation with the universities and academia becomes more important than ever. At the same time, due to their new propagation and usage manner, the new cyber-attack methods make it possible to attack to a targeting country by using the IT infrastructure of another country without their intention. Therefore, international cooperation is also becoming more important than before.
As a consequence, it is required to participate in the cyber-security activities within the organizations such as EU and NATO and to participate actively in the international workshops and conferences in this era.
