What is cyber warfare?

In the classic 1983 film War Games, a teenage computer hacker played by Matthew Broderick accidentally hacks into the US military’s nuclear command computer while looking for the latest computer games to download, and nearly starts World War III.
At the time it seemed like a far-fetched cautionary tale but recent news reports have put what they call ‘cyber war’ firmly on the agenda.

Why is it in the news?

The Government’s strategic defence and security review is part of the overall programme of cuts being planned. It covers the role of Britain’s armed forces and security services and how that will change as threats to the nation change.

The last defence review was carried out back in 1998, before the world of computers had become relevant to the question of Britain’s defence, but the new review is expected to include a section on ‘cyber-security’.

Alongside the defence review, the Government published a national security strategy. According to the report, the top four priorities for national security are terrorism, natural hazards, international military crises and ‘cyber attack’.

What does it mean?

This kind of threat is distinct from the common virus and phishing attacks most of us face. The report is concerned about ‘hostile attacks on UK cyber space by other states, and large-scale cyber crime’.

In the past, people who wrote viruses were attention seekers, doing it to gain notoriety. Nowadays, it’s easy and cheap to hire a hacker to create a custom-made attack for profit.

At the moment, the targets are financial: phishing attacks asking you to sign into a fake bank page are being run by criminal syndicates who take the proceeds and plough them into other rackets.

What’s new?

One way of attacking a company or organisation is the denial of service attack, in which the ‘enemy’ sends millions of requests to the target’s computers. This will normally cause the target to become unavailable to other users, which is the effect desired by the attackers. Using a sustained bombardment, it’s possible to take a website or an organisation offline for several hours.

On a larger scale, a denial-of-service attack may be conducted against an entire country. In April 2007 computers in Estonia experienced just such a bombardment, parts of which came from inside Russia.

Although this is the best-known example of ‘cyber war’, it’s not known who actually conducted the attack, whether it was parts of the Russian security apparatus or just a group of individuals with no connection to the state.

For that reason it’s unwise to draw any conclusions from this kind of attack. And while it’s possible for states to attack one another in this way, it’s by no means clear that it has yet happened.