Scott Knight: Preparing for cyber-war

by Scott Knight

National Post 
February 6, 2013

What follows is the last of five excerpts from a newly released e-book, “The Canadian Forces in 2025: Problems and Prospects.” The publication was commissioned by the Strategic Studies Working Group — a partnership between the Canadian International Council and the Canadian Defence and Foreign Affairs Institute in Calgary. In today’s instalment, Scott Knight looks at Canada’s cyber-defence strategy.

We have entered the era of cyber weapons. Indeed, we already have seen them used. Cyber operations such as cyber espionage and cyber attack are now a recognized part of strategic influence and war fighting. Canada itself categorizes cyber operations alongside the traditional domains of land, sea, and air.

There are two kinds of cyber-adversaries: those who are attacking everybody; and those who are targeting us specifically.

Consider first the adversary who is attacking everybody. Every computer is a target. An attacker can steal personal and financial information from the computer. The victim machine can become part of a large network of compromised “robot” computers known as a botnet, and used to attack other computers. The “best-practice” defence uses commercial tools such as firewalls, anti-virus software, and network-intrusion detection systems. Defence against these broad-based attacks is the foundation of a secure and stable operating environment.

The more dangerous kind of adversaries target us specifically. These are foreign intelligence services, military adversaries and organized crime. These adversaries have access to commercial security products in the same way we do; they can test their attack tools against our commercial product-based defences and ensure they are effective and undetectable before they strike. Successful attacks against military and government computer networks in Canada and against our allies have been reported openly in the press.

Recent attacks have broadened the danger to include unique specialized industrial networks. The appearance of Stuxnet in 2010, apparently as part of an operation to cripple the Iranian nuclear program, raised the bar in what is publicly known about the sophistication of cyber weapons. That attack required expertise in both cyber attack and in nuclear engineering. Duqu (2011), and Flame (2012) are related cyber weapons, but their mission is cyber espionage.

The on-board computer systems of modern aircraft, warships, and air defence systems are not that different from the systems we have seen attacked. We have thought of these systems as being “off-line,” and too specialized to be vulnerable. Clearly this is no longer the case. The risk increases as we connect more on-board systems together and connect weapon systems and vehicle platforms to wide-area networks.

The United States has invested heavily in cyber forces. In the US Cyber Command, one Network Warfare Wing alone has a strength of 8,000. The US Air Force has declared that it “is pursuing cyber-methods to defeat aircraft.” The British and the Australians have also begun to set up military formations with responsibility for cyber operations, as have the Russians and Chinese. The risk of being unable to operate in this environment is recognized by the major world powers, and by our closest allies. Clearly, the Canadian Forces of 2025 will be required to operate in this environment.

In this field, our military’s regulars should be composed of Canadian Forces personnel and National Defence employees who are a mix of expert technologists in the cyber domain, alongside personnel with engineering depth to guide system design and provide leadership.

Although the Canadian Forces do not have a published policy on cyber espionage or cyber attack, it likely will become the role of a special force to conduct such operations against our adversaries. These will be our best hacking minds trying to out-think and anticipate the best attacking minds of the adversary. This force should be developed jointly by the military and Canadian intelligence services.

Ultimately, however, we are talking about a warfighting capability and soldiers will be involved. They must be competent and understand the subtleties of how cyberwar is applied, and the complex effects of its application. Now is the time to begin to prepare for this new era.

Scott Knight is head of the Department of Electrical and Computer Engineering at the Royal Military College. He founded RMC’s Computer Security Laboratory, which maintains a close working relationship with the Canadian Forces Information Operations Group.