McAfee has revealed that the global cyberarms race has moved from fiction to reality, according to its fifth annual Virtual Criminology Report. The report found that politically motivated cyberattacks have increased and five countries – the United States, Russia, France, Israel and China – are now armed with cyberweapons.
“McAfee began to warn of the global cyberarms race more than two years ago, but now we’re seeing increasing evidence that it’s become real,” says Dave DeWalt, McAfee president and CEO. “Now several nations around the world are actively engaged in cyberwar-like preparations and attacks. Today, the weapons are not nuclear, but virtual, and everyone must adapt to these threats.”
The Virtual Criminology Report includes insights from more than two dozen of the world’s leading experts in international relations, including Dr. Jamie Saunders, counselor at the British Embassy in Washington DC and security experts with experience at the U.S. National Security Agency and the Australian Attorney-General’s Department. Former White House advisor Paul Kurtz compiled the report on McAfee’s behalf.
The report for the first time provides a model to define cyberwar, identifies the countries involved in developing cyberoffenses and cyberdefenses, dissects examples of politically-motivated cyberattacks and reveals how the private sector will get caught in the crossfire. Government disclosure is also a major issue, as cyber initiatives and information are often classified by the government, hindering cybercrime defense in the public and private sector.
Experts call for a clear definition and an open debate on cyberwarfare. Without an open discussion among the government, private sector and the public, future cyberattacks targeting critical infrastructure could be devastating.
This year’s report identifies the following challenges:
* Cyberwarfare is a reality – Over the past year, the increase in politically motivated cyberattacks has raised alarm and caution, with targets including the White House, Department of Homeland Security, US Secret Service and Department of Defense in the US alone. Nation-states are actively developing cyberwarfare capabilities and involved in the cyberarms race, targeting government networks and critical infrastructures. The result of a cyberattack of this nature can result in physical damage and death –it’s not just a war between computers, cyberwarfare can cause real devastation.
* Cyberweapons are targeting critical infrastructure – Attackers are not only building their cyberdefenses, but cyberoffenses, targeting infrastructure such as power grids, transportation, telecommunication, finance and water supplies, because damage can be done quickly and with little effort. In most developed countries, critical infrastructure is connected to the Internet and lacks proper security functions, leaving these installations vulnerable to attacks. Without the appropriate protection combined with the current lack of preparedness, an attack on these infrastructures would be detrimental and will cause more destruction than any previous attacks.
* Cyberwar is undefined – Cyberwarfare entangles so many different actors in so many different ways that the rules of engagement are not clearly defined. Additionally, there is debate on how much responsibility should be placed on organisations to protect and educate the public on preventing cyberattacks. Without a proper definition in place, it is nearly impossible to determine when a political response or threat of military action is warranted.
* Private sector is the most at risk – Critical infrastructure is privately-owned in many developed countries, making it a huge target for cyberwarfare. The private sector relies heavily on the government to prevent cyberattacks. If virtual shooting starts, governments, corporations and private citizens may get caught in the crossfire. Without insight into the government’s cyberdefense strategy, the private sector is not able to be proactive and take the proper precautions. Experts call for a public discussion on cyberwarfare, bringing it out of the shadows.
“Over the next 20 to 30 years, cyberattacks will increasingly become a component of war,” William Crowell, a former Deputy Director of the US National Security Agency, is quoted as saying in the Virtual Criminology Report. “What I can’t foresee is whether networks will be so pervasive and unprotected that cyber war operations will stand alone.”