The general in charge of U.S. cyberwarfare forces said Tuesday that future computer-based combat likely will involve electronic strikes that cause widespread power outages and even physical destruction of thousand-ton machines.
Army Gen. Keith Alexander, commander of the new U.S. Cyber Command, also said that massive losses of private and public data in recent years to computer criminals and spies represent the largest theft in history.
Threats posed by cyber-attacks on computer networks and the Internet are escalating from large-scale theft of data and strikes designed to disrupt computer operations to more lethal attacks that destroy entire systems and physical equipment.
“That’s our concern about what’s coming in cyberspace — a destructive element,” Gen. Alexander, who is also the director of the National Security Agency, the electronic spying agency, said in a speech at a conference on cyberwarfare.
Gen. Alexander said two cases illustrate what could happen in an attack.
The first was the August 2003 electrical power outage in the Northeast U.S. that was caused by a tree damaging two high-voltage power lines. Electrical power-grid software that controlled the distribution of electricity to millions of people improperly entered “pause” mode and shut down all power through several states.
The example highlighted the threat of sophisticated cyberwarfare attackers breaking into electrical grid networks and using the access to shut down power.
“You can quickly see that there are ways now to get in and mess with [electrical] power if you have access to it,” he said.
The second example was the catastrophic destruction of a water-driven electrical generator at Russia’s Sayano-Shushenskaya dam, near the far eastern city of Cheremushki, in August 2009.
Gen. Alexander said one of the dam’s 10 650-megawatt hydroturbine generators, weighing more than 1,000 tons, was being serviced and, by mistake, was remotely restarted by a computer operator 500 miles away. The generator began spinning and rose 50 feet into the air before exploding. The flood caused by the accident killed 75 people and destroyed eight of the remaining nine turbines.
A similar deliberate attack remains a huge problem, Gen. Alexander said, saying that destruction by cyber-attacks was outranked only by nuclear bombs or other weapons of mass destruction.
In developing cyberwarfare strategies, Gen. Alexander said, the U.S. will respond to computer-based attacks as it will to other attacks. The government is adopting what he termed an “active defense” strategy aimed at bolstering the readiness of computer networks to respond.
The Pentagon’s cyberstrategy announced last summer calls for treating the cyberdomain as equal to the air, land, sea and space domains and leveraging U.S. technology to improve cyberdefenses for government and the private sector.
On information theft, Gen. Alexander said the problem is so pervasive that there are two categories for major companies: firms that are aware they have been hacked and the rest who remain unaware of the problem.
“What’s been going on over the last few years in the networks … is the greatest theft that we’ve seen in history,” he said. “What we’re losing in intellectual property is astounding.”
The four-star general said estimates of the value of lost corporate and government information range as high as $1 trillion. In one recent case, a U.S. corporation that he did not identify by name lost $1 billion worth of proprietary technology that was “stolen by the adversaries.” The technology took the company more than 20 years to develop.
The problem is “on a massive scale that affects every industry and every sector of the economy and government, and it’s one that we have to get out in front of,” he said.
Recent attacks on corporate computer networks include Sony’s system that affected 7.7 million video users in April and a second incident affecting 2.5 million users in May. Google, defense contractor Booz Allen Hamilton and the security company RSA also were targets of sophisticated computer attacks.
In May 2007, computer networks in Estonia were disabled by computer operatives from neighboring Russia.
“They had to disconnect their international connections to stop these attacks after several days. It was huge and greatly impacted Estonia,” Gen. Alexander said.
Asked about conducting offensive operations, Gen. Alexander said that current cyberdefenses are “far from adequate” and that more needs to be done before adopting more offensive tools.
“In cyber, we have not solved the defensive portion,” he said. “From my perspective, there is a lot that we can do to fix that before we take offensive actions.”
Response actions to cyber-attacks need to be carefully measured to avoid escalating from a conflict in the cyber-arena to full-scale conventional warfare, he said.
One example would be to “take down ‘botnets’” — malicious computer software packages — from the Internet.
Gen. Alexander defended the U.S. government practice of not identifying major cyberthreats such as those emanating from China and Russia.
Confronting foreign government complicates efforts to track cyber-activity, he said.
“Candidly, if every time we say, ‘We know you’re doing A,’ they say, ‘Oh, you can see that?’ We don’t see it anymore. We don’t see them for a while.”
The foreign governments also seek to learn information about U.S. tracking capability and, when confronted, “all they do is deny it,” he said.
Gen. Alexander warned that cyberwarfare is expected to continue and that defenses need to be improved. “Whether or not we do that, it’s coming,” he said. “It’s a question of time. People say, ‘Aw that’s five years out, it’s two years out.’
“What we don’t know is how far out it is, an attack in cyberspace, and what that will be? Will it be against commercial infrastructure, government networks? Will it be against platforms? We don’t know.”