SA is right to take the threat seriously, says an ITWeb Security Summit 2008 speaker.The SA National Defence Force`s contingency planners are mulling the threat posed to the country by information warfare (IW), the state-to-state equivalent of cyber-crime.
“If our information systems go down, whether they are defence systems or national systems, it could cause total chaos,” says the SANDF`s chief director of operations, rear admiral Phillip Schoultz. “Imagine the total failure of the banking system.”
An IW attack would be regarded as an assault on the territorial integrity of the republic and would be an act of war.
Lumension Security EMEA VP Alan Bentley says IW is “something all intelligence agencies [and governments] are taking very seriously for the same reason we [the ICT industry] are taking cyber-crime seriously. In both cases it`s all about the data”.
“Countries have been spying on each other for centuries,” adds Bentley, who spoke at ITWeb Security Summit 2008 last week. “Governments, like everybody else, keep data electronically and some of this can be very sensitive, such as its nuclear weapons secrets or troop movements, for example.”
Spies seeking access to such data would use the same tactics, techniques and procedures as online criminals, Bentley says. “They have ways and means of getting at that information, using cyber attacks similar to those used by criminals.
“I`m sure SA as a country is constantly being spied on. Without sounding too melodramatic, the next major war will be fought on the information front as much as in the physical world,” he says.
This would include spying, but also attacks to shut down or hijack the ICT supporting critical government and private sector infrastructure, such as the power grid, financial system and broadcast media – and could precede old-fashioned military activity.
But it is often used in peacetime too. “It has been publicly announced that the Chinese have on several occasions attempted to get an understanding of some pretty sensitive US information,” Bentley says.
The media, last October, reported Chinese attacks on US, British, German and French government computer networks. The Times of India last week quoted senior government officials as saying China has been systematically attacking its IT infrastructure for at least the last 18 months.
“The core of the assault is that the Chinese are constantly scanning and mapping India`s official networks,” the paper said. “This gives them a very good idea of not only the content, but also of how to disable the networks or distract them during a conflict. This, officials say, is China`s way of gaining ‘an asymmetrical advantage` over a potential adversary.”