US Naval War College Logo
Search
|
Contact Us
|
Alumni
|
Library
|
Site Map
|
Intranet
|
Home
NWC on Facebook NWC on Twitter NWC on Flickr NWC on Blackboard
|
Visitors
|
Foundation
By Richard Alexander, Navalog editor
Feb. 22, 2013

NEWPORT, R.I. -- Because cyberspace links the world underneath everything of value in our society, it is a perfect highway allowing malicious, criminal, or foreign state hackers to operate.
 
From the simple theft of personal identities and credit card numbers, to the disruption of military security systems and infiltrated corporate accounts, cyber attacks can potentially cripple the critical systems of the most powerful nations in the world.
 
So reports Dr. Chris C. Demchak, professor in the Strategic Research Department at the Naval War College, and also co-director for the NWC’s Center for Cyber Conflict Studies.
 
Dr. Demchak spoke in the Newport Art Museum’s Winter Speaker Series Feb. 16 on the topic of “How Cyberspace has Changed War: the Emerging Struggle for Cyber Power through Resilience and Disruption.”
 
As a civilian researcher, her comments are not the expressed views of the War College the Navy, or the U.S. government, but she builds on 20 years of research on security, conflict, and surprise in large-scale socio-technical systems such as militaries and whole nations.
 
Cyberspace has changed warfare, Demchak said.
 
“There is an emerging struggle for cyber power through resilience and disruption.”
 
Cyberspace is changing the nature of conflict.
 
“You are an idiot if you ever opt for armed conflict as your first choice,” she said, “when you can stay covert and use cyber access, tools and knowledge to get the outcome you want.”
 
It used to be if you wanted to pick a fight, you needed the money to organize a military force to the right scale; you needed to get physically close enough in proximity to know your adversary (through reconnaissance); and you needed considerable knowledge in advance to know with acceptable precision what to hit so that your enemy could not get back up again.”
 
Cyberspace has massively reduced all those obstacles to striking opponents, she said.
 
“I can be 5 feet or 5,000 miles away from you.”
 
Walking through the audience, Demchak pointed to one woman, saying, “I‘ll just erase her data, I’ll close down her Facebook account, I’ll take out most of Ghana, and maybe part of Detroit’s auto accounts.
 
“I can do this at my whim while sitting with my buds in the Ukraine, and hiding behind a lot of servers whose administrators try not to know what I am doing or don’t care if I do.”
 
Demchak said the U.S. has been arguably in a cyber conflict with China for the past 10 years. Hackers hide behind the Chinese government, which pretends it is unaware of the practice, denies any involvement, and claims it is as much as a victim as we are.
 
Several years ago, Chinesemade routers from Huawei Technologies were discovered with outdated security protections, and easy-to-detect vulnerabilities for hackers. The inexpensive routers were popular for home and small business operations. When the security holes were reported, the company denied they had done it intentionally. But it has been alleged that they and other companies use automatic updates to reintroduce
covert access code to replace what was found.
 
Another problem is the potential “poisoning” of the supply chain of computer hardware and software, even new weapons systems, Demchak said.
 
“We’re seeing brand new technology arrive, you open the box, undo the wrap, and there already imbedded in
the machine or software in malware.” She reminded the audience that anything you can digitally program, you can digitally maliciously program.
 
Military and corporate cyber-security is being taken much more seriously, she said, and anti-virus programs and firewalls are getting better and better, but it remains an uphill battle.
 
But what can the average home computer user do? Follow basic “computer hygiene.”
 
Demchak said back up your system according to how long you can live without the data on it. Be sure to do a backup of your accounts and records, perhaps save to CDs or external hard drives.
 
Update your home PC’s anti-virus programs, and let Microsoft or your reputable operating system firm update your operating system with patches.
 
Do not click on dialog boxes that just pop up randomly asking to update. That dialog box could easily be a fake, luring you to open your machine to a hacker.
 
(NOTE: The Department of Homeland Security offers home computer security tips at http://www.dhs.gov/cybersecurity-tips)