The mouse that roared
<p class="info">Sep 5th 2007 | NEW YORK<br>From <a href="http://Economist.com">Economist.com</a></p><h2>Is cyberwarfare a serious threat?</h2>
<br>
<div class="content-image-full" style="width: 391px;"><span>EPA</span><img src="http://www.economist.com/images/ga/2007w36/PentagonChina.jpg" alt=" " title="" height="140" width="391"></div>
<p>A DECADE or so ago, thinkers and pundits were fond of discussing the
emerging threat of cyber attacks as a matter of international affairs.
The growing reliance of advanced economies on the internet, and the
increasing use of the internet by governments and armies, seemed to
offer vulnerability along with riches and convenience. The scare of the
"Y2K bug" seemed to highlight the danger, at least until it became
obvious that the bug was of no threat to anyone.</p>
<p>Now, despite preoccupation with more old-fashioned sorts of
terrorism and war, is there, again, reason to fret about the cyber
sort? Revelations this year that hackers successfully broke into
Pentagon computers, followed by off-the-record confirmation by
officials speaking to the <em>Financial Times</em> this week that the
assailants were connected to China's army, have brought the issue back
to the fore. Reports suggest that the online intruders were probably
engaged in espionage, downloading information. The ability to spy is
threatening enough. But hackers may also discern vulnerabilities in
computer systems and inflict damage. One fear is that hackers who
peeked into the American government's networks could possibly, one day,
work out how to shut them down, at least for a time.</p>
<div class="banner">
<div align="center">
                
        
        
        
<a href="http://ad.doubleclick.net/click%3Bh=v8/35c6/3/0/%2a/x%3B133411613%3B0-0%3B0%3B15075680%3B799-350/300%3B22467006/22484889/1%3B%3B%7Esscs%3D%3fhttps://www.economistsubscriptions.com/il/online/" target="_blank">
<img src="http://m1.2mdn.net/711766/185075_1189087749_IL_250x250.gif" border="0" height="250" width="250"></a>
        
        
         <noscript><a target="advert" href="http://ad.doubleclick.net/jump/daily.economist.com/dailyart;pos=v5_art350x300;sect=news;sz=350x300;tile=1;ord=90118738?"><img src="http://ad.doubleclick.net/ad/daily.economist.com/dailyart;pos=v5_art350x300;sect=news;sz=350x300;tile=1;ord=90118738?" border="0" alt="Click Here!" align="middle" hspace="2" vspace="2">
</a></noscript>
</div>
</div>
<p>The Pentagon is presumably better able to protect itself against
cyber attacks than most. Other targets have been shown to be more
vulnerable. The potential impact of cyber-vandalism became obvious this
year when Russian hackers unleashed the biggest-ever international
cyber-assault on tiny Estonia, after the Baltic country caused offence
by re-burying a Russian soldier from the second world war. "Denial of
service" attacks, when huge numbers of visitors overwhelm public
websites, crippled Estonian government computers. Some breathlessly
called it the first direct Russian attack on a NATO member.</p>
<p>The Russian government claimed in that incident that the hackers
were incensed ordinary Russians. But some experts said they saw Kremlin
footprints. In the current Chinese case the script has been repeated;
some at the Pentagon say they can pin the attacks on the People's
Liberation Army. Germany's government has protested to China's rulers,
saying it too was once hacked by the PLA. Other governments, such as
the British one, say that cyber-attacks are increasingly common
problems. China, too, says it has been a victim of cyber-assault, and
that it takes the issue seriously. In all likelihood—as with the more
traditional spying of the cold war days—many countries are attempting
some sort of cyber-attacks, while condemning others who do it.</p>
<p>Some of the more effective cyber snoops and vandals may not be
government employees. Rather, as pirates would once loot on behalf of
particular governments, a few of today's more effective hackers may be
freelancers acting perhaps with tacit official approval. But
governments are also developing capability themselves. A Pentagon
report this year on China's military forces said baldly that the
country was developing tactics to achieve "electromagnetic dominance"
early in a conflict. It added that, while China had not developed a
formal doctrine of electronic warfare, it had begun to consider
offensive cyber-attacks within its operational exercises.</p>
<p>Cyber-attacks present an attractive option to America's foes, as a
form of guerrilla or asymmetrical warfare. In 2002 the Pentagon ran a
war-game with the evocative title "Digital Pearl Harbour". In it,
simulated attacks showed only temporary and limited effect (for example
shutting down some electricity supplies). But this week's revelation
may show that America has underestimated its Chinese rival. </p>
<p>The legal world has always been slow to keep up with technology, and
the international law of cybercrime is no exception. The first
international legal instrument on the subject was the Council of
Europe's Convention on Cybercrime. It requires members to pass
appropriate laws against cybercrime—including unauthorised access and
network disruption, as well as computer-aided traditional crimes like
money-laundering and child pornography. It also mandates a certain
level of law-enforcement to prevent laxer jurisdictions from becoming
cybercrime havens. But its reach is limited. It came into force in 2004
among just six Council of Europe members; others have since joined,
including America at the start of this year. No other non-member of the
Council of Europe has joined. This means that the Chinese shenanigans,
whatever they were, continue to exist in a legal netherworld. </p>