Monday, September 08, 2008

War Comes to the Internet

When Russian troops attacked the Georgian province of South Ossetia last August 8, tanks and guns weren't the only weapons they were using. Starting in July, websites operated by the Georgian government suffered repeated attacks that intensified when the war on the ground started, and continued for days afterwards. The cyber-attacks took the form of distributed-denial-of-service (DDoS) assaults in which hundreds or thousands of "bot" computers make so many synchronized requests to a website that it crashes, and shuts out legitimate users. The bots can be owned by unwitting users who may not even know their computer is being shanghaied for nefarious purposes. This is one of the first times when a cyber-attack was coordinated with a real war. But it's likely that it won't be the last. Of course, the Russian government denies all involvement, but it's easy to hide behind anonymous websites in cases like this.

War has always been one of the main incentives in advances of technology. And conversely, advances in technology—high-tech factories, communications centers, and military installations—become the target of wartime attacks, precisely because they are so valuable. So we shouldn't be surprised that as the Internet becomes an increasingly important part of a nation's infrastructure, war spills over into cyberspace too. More than ever, the engineering and software development that goes into vital Internet services such as banking, military communications, and public-safety coordination now needs to include some consideration of the possibility that terrorists or others with malign intent may mount a DDoS-type attack on them.

Fortunately, judging by the general level of reliability of these services, nothing like what happened to the Web in Georgia has happened here—yet. So far, terrorists have gone in mostly for the big splashy bombings that make gory headlines all over the world. But times and tactics change. As software expertise becomes more widespread in more parts of the world, terrorists or other nations may accumulate the expertise needed for a truly effective assault on the Internet infrastructure. It wouldn't have the drama or bloodiness of a bombing, but it might affect a lot more people, and for that reason alone it might prove more effective than a bomb thrown here or there.

The fact that such an attack hasn't happened yet says one of two things. Either our level of defenses against such attacks are so high that such attacks are not worth the effort, or else the people who would like to cause us problems simply haven't bothered to mount a major attack.

The trouble with knowing how much to spend on preparing for war is that the only way you know for sure that you didn't spend enough, is that you lose. And by then, it's too late. There will always be a measure of uncertainty in trying to answer the question, "Are we safe against a hostile Internet-based military attack?" But lower-level attacks by freelance blackmailers are always happening somewhere or other, and while deplorable, they do furnish a good testing ground for defenses against a larger attack.

As happened with the September 11, 2001 World Trade Center attacks, we may not find out the true extent of our Internet vulnerability until something really serious takes place. Sometimes it takes a major disaster to muster the political and technical will to do what should have been done a long time earlier.

And while attention is focused on software, we shouldn't forget that the Internet relies on physical fiber-optic cables whose routings and switch points are fairly well known. Every now and then some stray bulldozer takes out the main cable between San Marcos and Austin, and for a day or so our local Internet service is disrupted, or used to be. While it would take a lot more coordination than even the 9/11 attacks, you can imagine that a determined group of terrorists could fan out to remote unprotected areas and simultaneously slice the backbone cables that carry the bulk of domestic Internet traffic. It would take several days to fix that, and in the meantime our economy would suffer a serious hit.

Well, let's hope that none of these dismal speculations comes to pass. Like it or not, the Internet is an integral part of our lives now. And anyone who wants to disrupt it has only to try from the safety of their hideouts halfway across the world. But when or if they do, it will fall to the engineers and technicians who have made the Internet what it is to make sure that the thing keeps running.

Sources: An Agence France-Presse story on the Georgian cyber-attacks can be found at


  1. I am a tech comm instructor for engineering and computer science students, and I have been learning about ethics and engineering to better prepare me as an instructor. Your website is a great resource--thank you!--and you presented some ethical issues that I'd never considered.

  2. I am a tech comm instructor for engineering and computer science students, and I have been investigating engineering ethics so I can better prepare myself to instruct and challenge these students. Your website introduced some ideas and topics I had not considered. Thank you!