NEW YORK CITY -- Imagine a situation where a powerful country wants to annex its small neighbor, so it launches a week-long campaign of cyberattacks aimed at disrupting the financial, energy, telecom and media systems of its neighbor's biggest ally. A week later, the aggressor launches a full-scale cyberwar on its neighbor that includes air and naval defenses. With its ally's defenses weakened, the neighbor agrees to become a province of the aggressor in less than a week.
This scenario is not so far-fetched, according to several experts from the National Defense University who spoke at the Cyber Infrastructure Protection Conference held here last week.
The panel discussion on cyberwarfare is timely given the Obama administration's push to raise awareness and federal spending on cybersecurity initiatives. The president issued a cybersecurity plan earlier this month that includes naming a new high-level cybersecurity coordinator who reports to both the National Security Council and the National Economic Council.
President Obama has said it's clear that the cyberthreat is "one of the most serious economic and national security challenges we face as a nation. It's also clear that we're not as prepared as we should be, as a government, or as a country."
Experts from the National Defense University, the premier academic institution providing professional education to U.S. military forces, say it is critical for the private sector to realize it will be a target of future cyberwarfare.
"Our adversaries are looking for our weaknesses," says Dan Kuehl, professor of information operations at the National Defense University. "We conduct military operations that are increasingly information dependent and becoming more so. We have a global society that is increasingly dependent on critical infrastructure, and those infrastructures are increasingly interconnected in a global economy."
Kuehl points out that it's inexpensive for terrorists or hactivists to launch a cyberattack, but it's very expensive and difficult for a country such as the United States to defend its networks and systems against these threats.
"The weaker party may have a very important asymmetric advantage," Kuehl says. "And the first actor may have a very important advantage....Winning in the cyber realm may decide the course of the war."
One example of how weaker parties have an advantage in cyberwarfare is the recent terrorist attacks in Mumbai. Stuart Starr, distinguished research fellow at the National Defense University, said the attackers used Google Earth and GPS technology to locate themselves with respect to everybody else.
"They took advantage of hundreds of billions of dollars of investment by buying low-end equipment," Starr said. "These guys are getting a phenomenal benefit from taking advantage of commercial investments."
Based on conventional wisdom of these military experts, here is a list of 10 things you probably didn't know about cyberwarfare:
1. You need to win the first battle.
In conventional warfare, the country that wins the first battle doesn't necessarily win the war. Think Pearl Harbor. But with cyberwarfare, you need to win the first battle because there may not be a second. The enemy may have so wiped out your critical infrastructure through coordinated cyberattacks that you can't mount an effective defense and are forced to surrender.
2. The first battle could be over in nanoseconds.
Unlike Pearl Harbor, cyberattacks are stealthy. The enemy has already penetrated your networks, attacked your systems and stolen or manipulated your data before you realize that anything is wrong. Once you discover the cyberattack, you have to figure out who did it and why. Today, this type of computer forensics can take days or weeks. By then, you may have lost the war.