Rick Forno, Program Director for UMBC's Graduate Programs in Cybersecurity, was recently interviewed for a Public Radio International article on Cyberwar. Read the full text of the article below, or view the original story to listen to the interview.
Even as cyberwar rages, we can't really decide what cyberwar is
This story original appeared on Public Radio International on May 27, 2014.
You've heard it in reference to recent exchanges with China. And don't forget the 2012 cyberattack on the world's largest oil producer, Saudi Aramco. A cyberwarfare virus called Shamoon took down 30,000 Aramco computers. And then there is the Stuxnet worm that sabotaged Iran's nuclear centrifuges- many believe the US, and maybe Israel were behind that one.
But this is such a new area of conflict that even the definition of what constitutes cyberwarfare is constantly up for debate.
Rick Forno can describe in a broad sense what it means. He directs the University of Maryland Baltimore County's Graduate Cybersecurity Program. "Cyberwarfare is using computers to attack other computers as a way of exercising your national power or supporting your foreign policy or your military strategy."
But he says the rules of such warfare are still being written. He says there is no international agreement over what constitutes cyberwarfare and what does not, or what level of cyberwarfare is acceptable.
Forno says the sinister thing about cyberwarfare is that it’s stealthy in nature. Sometimes, you don't even know if someone has taken over your computer, or if your data has been manipulated, until it's too late. That's why the National Security Agency recommends covering your laptop's camera.
This is the world we live in.
So how ready is the United States to fight? Forno says it's tough to say. Much of the information on US capabilities is speculative. Official information on capabilities and strategy remains highly classified. That said, Forno believes the US has vulnerabilities that make the US susceptible to attacks. The reason? Much of how we live exists online. Power grids. Water treatment plants. Medical facilities. Businesses. Many of these facilities and organizations do not have adequate protection from hackers.
That’s why international power players battle each other. Take the sports analogy: you see a vulnerability and you capitalize on it. There are problems with going all out, of course. In the Cold War the phrase mutually assured destruction, M.A.D., warded off an all-out nuclear war. Forno says the same acronym is being reused to describe the consequences of cyberwarfare. “M.A.D. in one case can be viewed as mutually assured dependence,” he says. “We are all dependent on the same infrastructures.”
If a terrorist tries to shut down the Internet, he shuts it down for himself, too. So there’s this realization you can be victimized by your own attacks. Forno calls it a boomerang effect — what prevents many countries and entities from going all out. There won’t be a cyber-Armageddon, or a cyber-Pearl Harbor. Instead, he thinks we’ll see smaller sized battles waged with weapons like the Stuxnet virus.
“I think we’ll see more and more things like that versus a grandiose cyberwarfare that you can easily describe,” he says.
As for where cyberwarefare is headed, Forno isn’t sure. He says there are too many unknowns to say definitively where it will go. He think we’re going to muddle our way through as a society. He says when problems emerge, we’ll have to address them locally, and internationally.
“There really is no road map that we can say, ‘You know, we’re going to have a cyber detente, like we did during the Cold War.’”
NOTE: An earlier versin incorrectly stated the Stuxnet virus took down Saudi Aramaco computers. We regret the error.