With the recent publication of a book on cybersecurity, cyber intelligence expert and GreyLogic CEO Jeff Carr sat down with The New New Internet and talked about what seems to be the media’s biggest nightmare in cyberspace: cyber warfare.
Published last December, Jeff Carr’s “Inside Cyber Warfare” (O’Reilly Media) received critical acclaim from the cybersecurity community and has served as a guide to detail what cyber warfare means and how the Internet is used as an attack platform to gain military, political and economic advantages.
“What I tried to do with the book was take a more complicated view of the scope of cyber warfare and really even the public knowledge of cyber warfare, because there really isn’t any legal definition as such,” Carr said. “There is a cyber component to an actual act of war, but in terms of a battle in cyberspace, we have not really seen that and there is no real definition to that anyway.”
Carr got the idea for the book after working on Project Grey Goose, which examined the Russian cyber war conducted against Georgian Web sites in 2008. The report sought to determine if the cyber attacks came from the Russian government or a grassroots movement of patriot Russian hackers.
“In reality, what the book tries to do is look at the various ways that state and non-state actors try to utilize cyberspace, in order to exercise control or to commit crime or do espionage or any number of actions that network systems now enable actors to do,” Carr said.
One of the problems writing the book was finding a definition for cyber war, Carr said. However, he said he believes there will be a point in time when everyone comes to a consensus on an accepted definition of the term.
“I imagine in time such a thing will occur [but] it is going to take an awful long time,” Carr said. “The biggest problem I think is that the existing models of what treaty regimes do is something that might not work for cyberspace, and I touch on this in the book–I’m not really certain that this is a good idea.”
Rather than it being an issue that can be treated through a treaty similar to Weapons of Mass Destruction, it is more of a law enforcement issue, Carr said.
“I think those treaties will just not be effective, however, I do hope that one day that the principal nations will agree on the principals of a collaborative law enforcement effort to crackdown on abuses that are committed in that plane,” he said.
Speaking of the various incidences of cyber attacks and cyber espionage since the late 1990s, Carr listed three different entities involved in cyber crimes: state actors, state-sponsored actors and non-state actors.
“The best example of that is in China, when Chinese activists respond to an action that negatively affects their country,” Carr said referring to non-state actors. “There is also the distinction when what you look at what is referred to as hactivists between Russia and China. In the case of China, they are defensive. People act against their country; Chinese hackers react. In the case of Russia, it is not. It is much more offensive.”
Identifying these three groups can help determine where a cyber attack originated from, Carr said.
“When the plans for the F 35 fighter jet were accessed via an act of cyber espionage you have to figure, ‘who is going to have an interest in that?’ Well, it is going to have to be a state,” Carr said.
While the U.S. government knows how devastating a cyber attack can be, it has not acted quickly enough to take appropriate measurements, Carr said. Citing a recent report published by Host Exploits, Carr said on the list of top 50 badware Internet Service Providers (ISP) in the world, 20 were located in the United States.
“That is just an intolerable situation, as far as I am concerned,” Carr said.
With suggestions on what the nation and its citizens can do to enhance cybersecurity, Carr said better-monitored ISPs would be a first step.
“Apart from that, what other steps could be taken would be you have to recognize that you cannot protect and defend everything,” Carr said. “For that reason, you need to begin to do a survey of your assets and identify what the most critical assets are, and that is what you need to protect. It is up to you to include it and remove it from your networks.”
Predicting how the next five years will be with regards to cyber warfare, Carr said countries will continue researching and developing computer network operations and computer network defenses, as well as plan attacks and conduct espionage.
“Since the U.S. military is so far advanced in its capabilities, potential adversary states, like Russia and China and nations of the Middle East, would have an interest in doing whatever they can in expediting their own R&D,” Carr said. “The easiest way to do that of course is through espionage. So I see all of that continuing to grow over the next five years. But five years is almost impossible to predict because it moves so fast.”