It’s War! It’s a Cyberwar!

Saturday, September 24, 2011

Joel Harding


Mitsubishi Heavy Industries in Japan is under attack. 45 servers and 38 computer terminals are infected. Some are calling this a cyberwar. 

In the article at ITPro, Tom Brewster wisely changes his tune from ‘this is war’ to outright questioning that fact.  I agree, as do most experienced people who have a background in National Security, as well.

Why is this not a cyberwar?  Besides the obvious legal definitions where this doesn’t even remotely resemble a war (no declaration of war  nor is there an ‘act of war’ as in the US Code), there is certainly no death and destruction. 

So the IT department at MHI is going to have to put in a ton of overtime while maintaining evidence for computer forensics..  Where’s the damage?

Which leads me to a the question: What will a cyberwar look like if it’s even possible? Two factors will be discussed here.  Targets and thresholds.


Forget about your silly little network where you work.  If you’re getting hammered, deal with it.  Let’s look at the big picture. Nation State warfare.  What are the critical pieces which can cause a nation to drop to its knees?  It is called critical infrastructure.  In the United States it is identified in Homeland Security Policy Directive HSPD-7.

According to DHS, this is the definition:

Critical infrastructure are the assets, systems, and networks, whether physical or virtual, so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, public health or safety, or any combination thereof.

Depending on when and where you look on the DHS website, here are those critical assets:  Agriculture and Food, Banking and Finance , Chemical, Commercial Facilities, Communications, Critical Manufacturing, Dams, Defense Industrial Base, Emergency Services, Energy, Government Facilities, Healthcare and Public Health, Information Technology, National Monuments and Icons, Nuclear Reactors, Materials and Waste, Postal and Shipping, Transportation Systems and Water


I am not going to pretend to be an expert on critical infrastructure.  What I am going to do, however, is propose a ‘threshold’ be established.  This relates back to a previous post where I proposed that definitions need to be virtual. 

The threshold I am proposing is something along the line of establishing a percentage of any one critical infrastructure and if it is not available, this would be considered an act of war by the United States. 

For instance, if 15% of all government IT networks, Domain Name Servers and other critical components are rendered unusable or inaccessible, this might be a point where we declare that the US is ‘in a state of war’ to preserve our national information network and enable our national economy. 10% of the water reservoirs.  10% of the banks.  The devil, again, is in the details, DHS has a huge job here.

For this to be possible DHS, who has this responsibility for the US government, must track all critical infrastructure and determine the percentage of systems that are not functional. Once we have established thresholds then we can advise our senior leaders if a certain amount of cyber attacks meets a definition of an act of war.

Now I’ve thrown a marker on the wall.  Who at the national level is going to run with this?

Cross-posted from To Inform is to Influence

Possibly Related Articles:
Government Cyberwar Infrastructure DHS National Security Cyber Defense Mitsubishi Heavy Industries
Post Rating I Like this!
JT Edwards If you maintain a narrow definition of war we in all probability will never see a “cyberwar”. The issue is defining war within traditional terms especially as they relate to formally declared wars. The last of which was WWII. Do we feel any better calling this stuff cyberconflicts versus cyberwar? There is lots of FUD related to cyberwar, but the people running around saying there is no such things are using far too strict of a definition! Post World War II should have taught all of us that war is far more complex then any one definition.
Joel Harding JT, the problem with a lose definition for cyberwar is just that, a legal definition truly drives what we as a nation will do, how we allocate resources and so on.

The second problem is a threshold. Five years ago what we would have considered an act of war would be considered almost negligible today.

I guess I would also have to throw in a third factor, size of the country and 'how wired' is that country. The attacks against Estonia almost devastated that country... and if we can ever get past the attribution piece we might declare that an actual act of war in cyberspace. The cyber attacks which accompanied the conventional attacks against Georgia in South Ossetia are a classic example of warfare over multiple domains, cyber and land (not sure if there was an air component as well).

I agree, we need a new way to define war, but it cannot be too loose.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.