Note – I am not taking sides in the Georgia/Russia conflict as I think the governments on both sides are equally acting like children.

In reading this article entitled How I became a soldier in the Georgia-Russia cyberwar, I started thinking about the validity of so called Cyber Warefare. Is it media hype because it’s the new sexy topic to discuss (i.e. the new generations Cold War) or is it actually happening? We truly haven’t seen concrete results from either camp and I’m not sure if we ever will (*cough* WMD’s *cough*).

The article describes how easy it was for the author to find out how to attack the Internet infrastructure of a foreign nation. (I won’t even touch the topic of someone downloading a webpage and accessing it on their system – that’s another article entirely). From the article:

Not knowing exactly how to sign up for a cyberwar, I started with an extensive survey of the Russian blogosphere. My first anonymous mentor, as I learned from this blog post, became frustrated with the complexity of other cyberwarfare techniques used in this campaign and developed a simpler and lighter “for dummies” alternative. All I needed to do was to save a copy of a certain Web page to my hard drive and then open it in my browser. I was warned that the page wouldn’t work with Internet Explorer but did well with Firefox and Opera. (Get with the program, Microsoft!) Once accessed, the page would load thumbnailed versions of a dozen key Georgian Web sites in a single window. All I had to do was set the page to automatically update every three to five seconds. Voilà: My browser was now sending thousands of queries to the most important Georgian sites, helping to overload them, and it had taken me only two to three minutes to set up.

Now this really made me think. If there is a Cyber War going on in Georgia, how can we be certain that the attacks originate from Russia and not sympathetic expatriates in the Western hemisphere? How can we be sure that the attackers are not opportunistic attackers looking to exploit an attack vector that will be blamed on an entire nation? How can we be sure that the Georgian army isn’t taking their own infrastructure offline in order to draw sympathy to their cause?

From the article:

In less than an hour, I had become an Internet soldier. I didn’t receive any calls from Kremlin operatives; nor did I have to buy a Web server or modify my computer in any significant way. If what I was doing was cyberwarfare, I have some concerns about the number of child soldiers who may just find it too fun and accessible to resist.

The bottom line is that we can’t be sure of any of these issues without extensive network and system monitoring. I’m not talking about watching the traffic and logs for one or two sites, but rather a city-/region-/country-/nation-wide monitoring infrastructure with centralized consolidation of information for trending and situational awareness. This type of infrastructure allows nations to detect probing of their infrastructure (a.k.a. reconnaissance), help determine the source of the attackers (a.k.a. intelligence), and ultimately help mitigate the attack (a.k.a. digging in).