An intense but largely unseen cyberespionage contest between various nation states is finally starting to gain some mainstream attention. Not only has cyberespionage played a significant role in the leaking of emails belonging to the chairman of the Hillary Clinton presidential campaign, it turns out that cyberattacks on the databases that individual states use to keep track of voter registrations is underway. The U.S. government is attributing cyberattacks on variety of voter registration databases to hackers acting on behalf of Russia.
Those attacks come in the wake of reports of systematic probing of critical infrastructure around the globe that might be viewed as a precursor to developing some type of first strike cyberwarfare capability. In the meantime, as tensions increase it’s clear that IT in all its forms is a potential target.
One of the first things most military strategists are exposed to is an “On War” treatise written by Carl von Clausewitz, a Prussian general is credited with observing that war is the continuation of politics by other means. It’s fairly obvious that most nation states are extending those principles into the cyber realm.
Of course, what constitutes a war in the cyber realm is blurry. Technically, hacking a server physically located in another country is a violation of the sanctity of a border. In the old days that would be automatic cause for war. In the age of cyberespionage, it’s often difficult to prove beyond any shadow of doubt where any specific cyberattack was launched from or by whom. The one thing that is clear is that almost every nation state of any size, including the U.S., is involved in it to one degree or another. For the most part each of those nation states protestations to the contrary gives as it good as it gets.
The challenge is that like in any war there’s a lot collateral cyberwarfare damage. Most states don’t have the skills and resource needed to, for example, protect a voter registration database. A lot of the critical infrastructure is all but undefended. For IT security professionals these creates something of a dilemma. Most IT security professionals are over worked already. But many them also feel they have a moral obligation to lend their IT skills in the name of the national interest. The challenge that many of the organizations that hire these individuals also ace is to what degree do they want to make it possible for IT security professionals to donate their time to helping secure, for example, critical infrastructure in their local community. Obviously, IT security professionals could do that of their own accord. But it would be easier to do if such efforts were more coordinated by all the agencies and companies concerned.
The situation has not quite reached the level where countries are going to start mobilizing civilian IT security defense agencies. But IT security professionals should start to consider what role they want to play as tensions between nation states increase. No one is going to make it a requirement to lend their expertise unless there’s an all-out conflict. Hopefully, cooler heads will prevail. But it’s also now pretty clear to all concerned that IT security is the new front line in a long-running conflict that is increasingly moving out of the shadows.
Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot.Mike also blogs about emerging cloud technology for Intronis MSP Solutions by Barracuda.