Cyber War is Part of Real-World Conflicts Today

On August 8, 2008 Nino Doijashvili, CEO of Atlanta-based hosting company Tulip Systems was paying a visit to her home town in Tsiblinki, Georgia, thus putting her at the nexus of the first modern use of cyber attacks in conjunction with an invasion. While Russia amassed a force of 150 tanks on the border of Georgia, and while the world was occupied with the Olympics in Beijing, and coincidently just after NATO decided to postpone voting on admitting Georgia into its alliance, there began a concerted denial of service (DoS) attack against Georgia.

Knowing something about bandwidth and server hosting Doijashvili offered the services of her hosting facilities to the Georgian government who agreed. Now attacks targeted against Georgian government websites were finding their way to Atlanta, Georgia in the U.S. I am sure the customers of Tulip Systems did not expect that their hosting provider would embroil them in a shooting war between Eastern European states.

In retrospect, the damage done to innocent bystanders was minimal. But if there is one thing I have found to be true—in the universe of cyber threats paying attention to early harbingers of trouble is the best way to prepare for what eventually becomes the status quo. That said, and based on this example, the new threat to prepare for is a network outage caused by warring nations. Estonia, Lithuania, and Ukraine have all suffered nationwide outages thanks to targeted Russian cyber attacks.

It may or may not come as a surprise that there is yet another threat to your IT infrastructure looming on the horizon. If you are not surprised it is because you are a veteran IT professional who has seen the escalation of threats from casual hacking all the way through the current chaos of cyber criminals going after credit cards and identities. I am one of those veterans so I am not surprised. I have been presenting on cyber threats since 1994.

Up until now it has been easy to illustrate why each threat was something the typical IT department should worry about: insider hacking is common, vandalism and hacktivism will evidence themselves on your webpages, and cyber crime gave rise to drive-by downloads, worms and viruses as well as targeted attacks against data stores of banks and retailers.

Yet, the mounting evidence that nations are engaging in cyber attacks against each other’s data, communications and infrastructure is harder to depict as a threat to the typical IT department. A hospital, insurance firm, or university may claim they are not targets and cyber warfare is something only the defense department should be concerned with. They are wrong. There is a real and present danger that real-world shooting skirmishes can boil over into network outages that impact everyone.

Best Practices

Some of the things you should already be doing include multiple hardened DNS servers on separate netblocks; burstable bandwidth contracts with multiple providers; load balanced servers; and DoS defense products that can handle large amounts of syn-floods, and get-floods.