What is Cyber Warfare?
January 6, 2016
Over the last couple decades the Internet of things has expanded rapidly. Individuals, businesses, and governments worldwide rely on Internet connectivity for daily activities. As this dependency begins to extend into our nations infrastructure, we find ourselves increasingly vulnerable to cyber attacks.
Now more than ever we are in need of cyber security professionals who can defend our nations infrastructure, and ensure the security and integrity of sensitive data and critical lines of communications. The implications of a successful cyber attack have resulted in the need for cyber warfare training.
What is Cyber Warfare?
Cyber warfare is when a nation-state or multinational corporation launches a cyber attack in attempt to cause disruption to another nation-state or corporation’s computers and networks. This is done though the theft of data (like the recent OPM hack) denial of service attacks, or launching various forms of malware to targeted systems. Clever groups of hackers could disrupt an entire nation by shutting down stock exchange servers, disabling areas of the power grid, and could even cause physical destruction by hacking into automobiles.
Recent Hacking Incidents Defined as Acts of Cyber Warfare
There are quite a few incidents that may be attributed to cyber warfare, but it’s often hard to pin down exactly what happened. It doesn’t help that accused countries will never admit to having taken part in an attack of this nature, as it may be ground for some sort of repercussions depending on the nature of the attack.
The OPM attack that I referenced earlier and the Sony Pictures attack (late in 2014) are prime examples of cyber warfare. China denied allegations of their involvement in the OPM attack. North Korea denied having any part in the Sony attack that prompted cancellation of a film’s premier and the release of private employee information. Despite insistence by the U.S Government of their involvement, various masking techniques used by skilled hackers mean that it takes a very long time to track down exactly what happened.
As of now, these attacks are largely reminiscent of the Cold War. There is a lot of espionage and trying to out do each other intellectually, but nothing has led to large scale physical conflict. That’s not to say that it couldn’t though. Simply disabling communications and power over a sustained period could cause mass hysteria. People often get very upset when a storm knocks out their power for just a few days and a sustained large scale attack could result in public unrest on a massive scale. A cyber attack timed to coincide with a land invasion could have devastating consequences.Cyber Warfare is a very real threat that is capable of harming far more than computers.
A look Into the Minds of Hackers
Back in 2013 at a Black Hat USA convention, Craig Heffner’s presentation (below) on the security (or lack thereof) on various security cameras revealed some startling exploits. Although the video of this talk is a bit dated now, it showcases how easily certain systems can be exploited.
Craig went into detail about how he could download camera firmware from vendor websites, which allowed him to search for exploits without even having physical access to the camera. He was even able to acquire root access on some devices because they were Linux based. This meant he had a great platform to attack other devices on that network and disable or freeze cameras feeds, leaving facilities using these cameras open to a coordinated cyber and physical attack.
The ISP (Internet Service Provider) is generally responsible for providing the services required to enable communication between networks. This means at some point security falls into the hands of a third party. This is a huge vulnerability. At the DefCon 22 convention in late 2014, Shahar Tal’s presentation (below) went into detail about how he managed to hack the auto-configuration server of an ISP. To put it simply, he found a single point of attack on an ISP, exploited a vulnerability, and had the potential to exploit millions of routers. He had the ability to steal private data, upload new configurations, and set parameters for things such DNS servers. Had he been a malicious hacker, he could cause massive problems within an entire ISP’s customer base. Luckily for us that was not the case.
How do we defend against these threats? We invest in intensive training, implementation of strict security policies, and education for all employees to prevent them from accidentally compromising secure networks at home and the office.
Cyber Warfare Training Programs
Whether you are looking to join in the fight against cyber terrorism or just secure your own network, there are a variety of cyber warfare courses that help you stay secure from cyber attacks. Here is the rundown on five popular training programs and certification courses for those seeking further knowledge or for those getting started in a cyber security career:
Wounded Warrior Cyber Combat Academy
If you are ex-military and in the wounded warriors program, the Wounded Warrior Cyber Combat Academy might be of interest to you. Many of our wounded soldiers still have a desire to serve. Their strength under pressure, knowledge of battle tactics, and capacity to dedicate themselves to rigorous training, all lend themselves very well to becoming a skilled cyber warrior. Visit the W2cca enrollment page to learn more about the requirements to enter this program.
Those who aim for a career in cyber security would do well to start here. Security+ is a good entry level certification that will get you up to speed on network security, the basics of security best practices, how to identify and deal with threats, and all the essentials for a future cyber warrior.
CompTIA recommends that you have a bit of background experience before jumping into this course, particularly Network+ (or a solid grasp of Network+ concepts) and around 2 years of experience dealing with concepts of cyber security. Networking knowledge is very helpful when you are trying to fortify a network. So don’t go jumping straight into this (or any other course) because you are eager to learn about security!
Certified Ethical Hacker
A Certified Ethical Hacker (CEH) course walks you through the steps it takes to become proficient in the detection of network vulnerabilities. When securing networks, red/blue team exercises are useful in determining where your infrastructure has weaknesses, as well as determining your ability to respond to attacks. Just as our military conducts combat training by pitting soldiers against one another with non-lethal rounds, cyber warriors can sharpen their skills and learn to react faster and more efficiently by experiencing these situations.
Ethical hackers are a critical part of cyber warfare training, and this is a great certification to get you up to speed on ethical hacking. Visit the EC-Council page for more information on CEH and related courses.
Cyber Warfare for Practitioners
If you are an information security analyst/manager, system administrator, or IT auditor/manager, this course is directed towards you. This class teaches the best practices for dealing with attacks, spotting internal threats, and so much more.
EC-Council Incident Handler (ECIH)
No matter how good your network security is, at some point a security incident will arise. When it does, having properly trained staff is critical. Those who earn their ECIH will be able to efficiently respond to network attacks, insider threats, malware, and create policies to help organizations handle and respond to cyber security incidents. In cyber warfare, an incident handler is a bit like a medic. They do their best to respond and recover from successful attacks.
Looking Towards the Future
There is no end in sight to cyber warfare. Networking technology continues to grow and evolve, and with these changes come new exploitation opportunities. Governments and corporations are already looking for, and in need of talented cyber security experts.
Those who are looking to work in cyber security can look forward to an exciting career with endless opportunities. If you aren’t sure if a career in cyber security is right for you, check out this great blog post to see what it takes to become a cyber security professional.