Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

When is a cybercrime an act of cyberwar?

Tony Bradley | Feb. 21, 2012
There is growing talk of cyberwar, as opposed to run-of-the-mill cybercrime.

There is growing talk of cyberwar, as opposed to run-of-the-mill cybercrime. There are also terms that lies somewhere in the middle called cyber espionage, and cyber hacktivism--which is sort of like cyber terrorism for good guys. At the heart of the debate is an attempt to define the scope of an appropriate response to each type of threat.

Former U.S. cyber-security tsar Richard Clarke describes scenarios in his book Cyber War: The Next Threat to National Security and What to Do About It of nationwide power blackouts, poison gas clouds and burning oil refineries, aircraft dropping from the sky and crashing subways. Those are the types of attacks that would seem to clearly indicate an act of cyberwar, but there are also many nuanced attacks in between that muddy the waters.

What Is In a Name?

The problem is that there are subtle semantic differences in the way different parties apply the terms cybercrime, cyberwar, cyber espionage, cyber hacktivism, or cyber terrorism. There is no clear consensus, which complicates the process of determining what level of law enforcement or government should be engaged to address a given attack.

Richard Stiennon, chief research analyst at IT-Harvest and author of Surviving Cyberwar, explains that the methods used can be identical. That means it takes a deeper investigation into the goals and motives of the attack to assign a label to it.

Mike Reagan, CMO of LogRhythm, believes that the lines are definitely getting blurred, but the distinction matters in terms of defining whether an incident is the responsibility of law enforcement or the military. "Cyberwar could be characterized as the use of cyber weapons to destroy enemy capabilities and/or populations. Cyber-crime could be defined as the use of cyber weapons/tools to execute a criminal act driven by any number of reasons."

Stiennon draws some distinctions in the definitions as well. A cybercriminal is generally motivated purely by profit. That is a different goal than cyber espionage, which seeks to access intellectual property for military or industrial strategic advantage, or cyberwar, which focuses on actually sabotaging infrastructure, disrupting critical systems, or inflicting physical damage on an enemy.

Take Away the "Cyber"

Andrew Storms, director of security operations for nCircle, suggests a fitting and helpful analogy. "Remove the prefix from 'cyber crime' and apply the same judgment used in other contexts. Does stealing some cereal from the corner market constitute a crime or an act of war against the market owner? This analogy holds true even at larger scales; does a data breach at a Fortune 500 company call for the FBI or the Marines?

Storms also draws a parallel between the naval blockade during the Cuban Missile Crisis, and a denial-of-service (DoS) attack against a nation's infrastructure. The point being that its possible to have state-sponsored hostilities or acts of aggression that don't cross the line to become an "act of war".


1  2  Next Page 

Sign up for Computerworld eNewsletters.