Sysadmins in BDUs

The Army forces were under attack. Communications were down, and the chain of command was broken.

Pacing a makeshift bunker whose entrance was camouflaged with netting, the young man in battle fatigues barked at his comrades: “They are flooding the e-mail server. Block it. I’ll take the heat for it.”

These are the war games at West Point, at least last month, when a team of cadets spent four days struggling around the clock to establish a computer network and keep it operating while hackers from the National Security Agency in Maryland tried to infiltrate it with methods that an enemy might use. The N.S.A. made the cadets’ task more difficult by planting viruses on some of the equipment, just as real-world hackers have done on millions of computers around the world.

The competition was a final exam of sorts for a senior elective class. The cadets, who were computer science and information technology majors, competed against teams from the Navy, Air Force, Coast Guard and Merchant Marine as well as the Naval Postgraduate Academy and the Air Force Institute of Technology. Each team was judged on how well it subdued the threats from the N.S.A.

Cyberwar: Cadets trade the trenches for firewalls (New York Times, 11 May 2009)

War in cyberspace

The discussion of cyberattacks and cyberwarfare is complicated by widespread disagreement over how to define these terms. Many cyberattacks are really examples of vandalism or hooliganism, observes Bruce Schneier, a security guru who works for BT, a British telecoms operator. A cyberattack on a power station or an emergency-services call centre could be an act of war or of terrorism, depending on who carries it out and what their motives are.

For a cyberattack to qualify as “cyberwar”, some observers argue, it must take place alongside actual military operations. Trying to disrupt enemy communications during conflict is, after all, a practice that goes back to the earliest telecommunications technology, the telegraph. In 1862, for example, during the American Civil War, a landing party from Thomas Freeborn, a Union navy steamer, went ashore to cut the telegraph lines between Fredericksburg and Richmond. The Russian navy pioneered the use of radio jamming in the Russo-Japanese war of 1905. On this view, cyberattacks on infrastructure are the next logical step. The attacks on Georgia might qualify as cyberwarfare by this definition, but those on Estonia would not, since there was no accompanying military offensive in the real world. As Mr Schneier puts it: “For it to be cyberwar, it must first be war.”

Not everyone agrees. For years there has been talk of a “digital Pearl Harbour”—an unexpected attack on a nation’s infrastructure via the internet, in which power stations are shut down, air-traffic control is sabotaged and telecoms networks are disabled. There have even been suggestions that future wars could be waged in cyberspace, displacing conventional military operations altogether. Why bomb your enemy’s power-stations or stockmarkets if you can disable them with software? So far there have been no successful attacks of this type, but that does not stop people worrying about them—or speculating about how to launch them.

Do cyberattacks count as war? (The Economist, 4 December 2008)