Security Sentinel: Computer Viruses Are Changing The Definition of War

By Toni McConnel
iApplianceWeb
(02/27/03, 09:05:56 AM EDT)

In a story on the Wired News website, Security firm Symantec is reported to have withheld information about the January Slammer worm attack for hours after they first spotted it, releasing the information only to paid subscribers to their DeepSight Threat Management System.

In a Feb. 12 press release Symantec stated that the company "discovered the Slammer worm hours before it began rapidly propagating ... then delivered timely alerts and procedures (to DeepSight users), enabling administrators to protect against the attack."

But they didn't tell anybody else.

Slammer did an immense amount of damage, collapsing Korea's entire communicaitons system and bogging down Internet traffic all over the world.  It is supposed to have infected 75,000 host systems.  What is ironic is that the virus is easily defended against simply by blocking port 1434, where it enters the system.  So everybody is mad at Symantec because they did not act in a socially responsible manner and issue a general alert so everyone could initiate this very simple defense.

In the Wired News story, security researcher Robert Ferrell is quoted as saying, "If I witness a felony but refuse to call 911 because the victim hasn't paid me money to do so, I'm technically an accessory to that crime, not to mention a really rotten citizen."

Well, yes, I agree, but the problem goes a lot deeper than that.  We are living in an era where the dizzying rate of change in the world brought about by technology has caught us with no means of coping with it -- not only are individuals hard pressed to adjust intellectually, emotionally, and morally, but business and government are not equipped with laws and procedures to deal with what amounts to new ways of waging war.  We now live in a time where a single individual, or a handful of individuals, can use communications technology to wage a hugely destructive war against the whole world, using the same technology to hide themselves so effectively that no one can figure out where the attack originated.  We not only don't know what hit us, most of the time we don't even know who hit us.

I am purposefully not making a distinction between hackers and cyberterrorists because the only meaningful distinction between them is that cyberterrorists may intend to do physical harm to people for fanatical political or religious purposes, while hackers seem to be motivated mostly by aberrations of character having to do with power and/or malice, although sometimes under the guise of a political agenda. 

But while hackers may not intend to injure or kill people, nevertheless they succeed in doing immense economic harm, and when a virus such as Slammer can bring the Internet to its knees and do billions of dollars in damage, real people suffer.
 

The dictionaries define war as “armed and hostile conflict” and some add “between nations”.  This doesn't fit anymore.  Let us suppose that the theorists who postulate that the Slammer was launched by a single individual are right.  Then it is unavoidable to conclude that a single individual can wage war against the entire world, “armed” with only a virus program.  Viruses are weapons of destruction, are they not?  The idea that “weapons” include only explosive devices and guns is extremely outdated.  So we need to not only reefine our notion of what war is, but also our notion of who it is that wages it.  Historically the initiators have been nations or large groups with a collective identity.  We have to acknowledge that we have come to place where a single individual can effectively launch a war against a society. 

Which brings me to the most insane of the denials we are living.  The Bush administration's long-awaited National Strategy to Secure Cyberspace was released February 16.  The report advocates increased spending on cyber-security research and a greater degree of coordination between high-tech firms and government agencies to track down cyber attacks.  OK, fine, but it also states, "In general, the private sector is best equipped and structured to respond to an evolving cyber threat.  A federal role ... is only justified when the benefits of intervention outweigh the associated costs."

Huh?

Did the government say that the businesses housed in the World Trade Center should have been prepared for the suicide hijackers and planned a defense against them?  And how huge do the benefits of intervention have to get to “outweigh the associated costs”?  Trillions and trillions of dollars instead of billions?  What does the government figure the “associated costs” are going to be?

One of the constitutionally mandated responsiblities of the federal government is to protect us from attack, but as long as the threats from Internet spying and virus propagation are not seen as “armed and hostile conflict”, the government obviously feels no obligation to defend us. 

The madman ready to launch missiles at neighboring nations or at the U.S. may never in fact push that button; even in his madness he knows that retaliation will be swift and final.  The enemy the government should be defending us against is pushing a button every week or so -- but it is a 'send' button on a computer in Pakistan or Iraq or Paris or Bejing or Berkeley, California. 

We need to take off the blinders and see things as they really are.  We are under attack, and this is war.