National Post

Wednesday, January 02, 2008

War on the Web

Canada needs to protect itself from cyber attacks, CSIS says

Stewart Bell,  National Post  Published: Wednesday, January 02, 2008

Dimitar Dilkoff, AFP, Getty Images

The bronze statue in Estonia's Tallinn Military Cemetery depicts a Soviet Red Army soldier with a war-weary face and a helmet in his hand.

It is a memorial to those who fought in the Second World War, but this year it became a symbol of how international conflicts are fought in the Information Age.

In April, Estonia removed the two-metre monument from its original perch at Liberators' Square in central Tallinn and placed it in the more inconspicuous cemetery, sparking Russian outrage.

The Russian government denounced the apparent slight and nationalist demonstrators gathered outside the Estonian embassy in Moscow but then something else happened: Estonian Internet sites started crashing.

The Web sites of the Estonian Prime Minister, Parliament, Foreign Ministry, Ministry of Internal Affairs and Ministry of Economic Affairs and Communications all went down.

Estonian officials traced the source of the problems and discovered that their Web sites were being attacked -- by computers located inside the Russian government. It was cyber war.

And according to a newly declassified report by Canadian intelligence analysts, Ottawa had better be prepared for it.

Whether it is Peru and Chile feuding over a fishing zone, or Japan and China in a squabble over a Second World War shrine, when countries quarrel, they strike each other's computer networks.

"Any potential political or diplomatic dispute can now be expected to include a significant online component," the Canadian Security Intelligence Service report said.

Written two months after the diplomatic spat between Estonia and Russia, the CSIS Intelligence Brief is marked "Secret," but a declassified version was obtained by the National Post under the Access to Information Act.

It said the lesson of the fight over the war monument is that Canada needs to be ready to defend itself against the cyber attacks that will come as inevitably as the next diplomatic dispute.

"This is just going to be part of the future of international politics, and so we have to adjust to that," said James Lewis, a senior fellow at the Center for Strategic and International Studies in Washington, D.C.

He said attacks like the one that took Estonia's Web sites offline are costly and disruptive but not that damaging-- yet.

"The problem, though, is it wouldn't be that much more of an effort to move to that more damaging attack," said Mr. Lewis, director of the think-tank's Technology and Public Policy Program.

"Suppose they scramble all the databases? Suppose they scramble all the tax records? Suppose they scramble everyone's SIN numbers? Suppose they change your medical prescription? There's a lot of things you could do to damage information that would be messy."

Russia's online assault on Estonia is part of an emerging field called Information Operations. Many countries now have both a doctrine and capability to fight in cyberspace, which some argue has become a fourth theatre of war after land, sea and air.

"Hacker" attacks are just one form of Information Operations. They can take many forms. Viruses, Trojans and worms can be used to disable computers. Internet sites can be defaced, or so overloaded with access requests or incoming e-mails that they go down--a "denial of service" attack.

The attacks usually last two to four weeks, CSIS said. They are often the cyber equivalent of a slap in the face, or muscle flexing. In other words, they have not caused the targeted countries to collapse.

Martin Libicki, a senior analyst at Rand Corp. who specializes in information technology and security, said while countries can make their networks less vulnerable to attacks, others may look at the Estonia example and wonder why they should b other.

"Russia gained nothing from the attack … except to deepen its reputation as a bully," he said. "And Estonia did not bend to Russia but clung even more tightly to NATO."

But the CSIS report warned that attacks are getting more advanced.

"The recent history of cyber conflicts demonstrates an increased sophistication in the nature of cyber attacks that includes … variants of distributed denial of service attacks, defacements, e-mail spam and other attack tools."

Concerns about cyber attacks stem from a simple dilemma: As nations have become more dependent on computers, they have also become more vulnerable.

"This goes on all the time and it's a hell of a lot worse than anybody knows," said Winn Schwartau, the author of Information Warfare: Chaos on the Electronic Superhighway, who divides his time between the United States and British Columbia.

Mr. Schwartau said although the Russian-Estonian cyber war received a lot of press, the problem is not new. But he said countries are nonetheless unprepared. "It's a joke," he said. "It's so bad, so ridiculously bad."

Canada's vulnerability to cyber attacks was highlighted in 1999 by the Special Senate Committee on Security and Intelligence, which urged the government to "give immediate and careful attention" to the issue.

Later that year, the Chinese government orchestrated a cyber attack on a Hamilton-based Internet provider that was hosting the Web site of the Falun Gong spiritual movement, which is outlawed by Beijing.

In 2005, Ottawa set up the Canadian Cyber Incident Response Centre, which co-ordinates the government response to attacks. It can convene what is called the cyber-triage unit, which includes the RCMP, CSIS and Communications Security Establishment. The centre also works with international partners.

"They share information about threats and vulnerabilities and they co-ordinate activities to defend against cyber attacks," said Jean Tessier, a spokesman for Public Safety Canada.

High-profile government targets such as the head of state, legislature, foreign ministry and major finance and business Web sites "face the greatest risk since they are the public face of an organization or government," the CSIS report said.

Is Canada prepared? The title of the CSIS intelligence report is Online Component of Country-to-Country Conflicts: Are We Ready?

The answer to that question was not disclosed in the report.




1999 NATOWeb sites are attacked from within Serbia after alliance warplanes begin bombing Yugoslavia in an effort to stop then-president Slobodan Milosevic's ethnic cleansing campaign in Kosovo.

1999 China attacks a Canadian Internet service provider that had been hosting a Web site of the Falun Gong spiritual movement, which is outlawed by Beijing. The attacks temporarily shut down the site.

2000 The Internet sites of the Palestinian Authority, Hezbollah and Hamas are attacked after three Israeli soldiers are abducted. In an apparent act of retaliation, the Israeli Knesset, ForeignMinistry, Bank of Israel and Tel Aviv Stock ExchangeWeb sites are taken down.

2005 Peru and Chile engage in hacker attacks against each other during a dispute over a fishing zone between the two countries. Targets include the Web sites of the Peruvian judiciary and Chilean National Emergency Office.

2005 Cyber attacks increase between Japan and China after a controversial visit by Japanese lawmakers to a SecondWorld War shrine.

2007 The Russian government mounts a cyber war against Estonia in apparent retaliation for Estonia's decision to relocate a SecondWorld War memorial honouring the Soviet Red Army.


CSIS on Information Operations

http://www. backgrounders/ backgrounder11.asp

Canadian Cyber incidents Response Centre

Communications Security Establishment


Winn Schwartau

Estonian government

Vladimir Putin's Web site