Some Early Lessons from The Georgian Cyberwar
illustration fron Arbor Networks
There’s some interesting writing going about the Georgian Cyberwar. This from VNUnet, which seems to confirms my earlier suspicion that this was the first time we’re seeing two parallel wars:
“We are witnessing in this crisis the birth of true, operational cyber warfare,” said Eli Jellenc, manager of All-Source Intelligence at iDefense.
“The use of cyber attack assets in conjunction with kinetic military operations in the current crisis now stands among the most significant developments ever seen in the field of information security or cyber conflict studies.”
Others suggest that in fact there are examples of earlier parallel conflicts: Kosovo, among them, says Arbor Networks’ Jose Nazario.
ZDNet’s Dancho Danchev takes the idea that this is all about denying participants a chance to get their message out a stage further: those put out of action are being forced to get their message out through other channels. Georgia’s foreign ministry, for example, has set up a blog at Blogger and the website of the Polish president.
The mainstream press is having a go at the story, too, including the Journal and the NYT. The main culprit, the articles suggest (following Georgia’s own claims), is the Russian Business Network, a St. Petersburg-based gang.
But as this article points out, finding out who is responsible is a slow business. Indeed, this is a strange feature of cyberwar that makes it more akin to terrorism than to warfare. This kind of makes the notion of establishing responsibility a little beside the point. Cyberattacks are a chance for ordinary (well, sort of ordinary) citizens to do their bit for the war effort. In this sense the government is a customer for the services of botnet and hacker groups or individuals with skills the government is happy to see deployed on its behalf, while able to plausibly deny it has anything to do with.
Indeed, we may be missing the more interesting aspect of this, one that predates South Ossetia. Now we’re just seeing cyber attacks work alongside the physical, or kinetic, attacks. A sort of psywar, since it’s mainly about getting the word out and winning hearts and minds.
But what about a cyberwar conducted on its own, but one that leads to a physical war—at least, a cold one? Joel Hruska at arstechnica points out in a piece written a week ago, that an uncovered little cyberwar—or rather cyber-hacktivism—in Lithuania, led to a serious cooling of relations between its government and that of Russia. As with Estonia last year, the attack “marked the first time I was aware of in which a single individual with a computer was able to notably impact relations between two neighboring nations.”
Georgia, however, represents the first time we’ve seen a government almost wiped off the Internet. Whether this is a prelude to it being wiped off the map is something we’ll have to wait and see. But already some conclusions are becoming obvious:
- Cyberwar is too powerful a tool for any government to ignore, both offensively and defensively;
- Cyberwar is not just about putting citizens of a target country in the dark; it’s about making it impossible for the target government, and its citizens, to get their side of the story out.
- As these tools get more powerful, when will we see cyberwar as a specific phase in a physical war designed to achieve what used to be done by the physical bombardment of communication centers?
- Botnets, and their owners, are powerful players beyond the underworld of spam and phishing. A government that has them operating within their borders must surely know of their existence; if it hasn’t shut them down already, is it too great a leap of logic to suggest there must, at some level, be a relationship between them?