On October 11, Defense Secretary Leon Panetta gave a speech on cyber threats -- "an issue at the very nexus of business and national security," he said. "Ultimately, no one has a greater interest in cybersecurity than the businesses that depend on a safe, secure, and resilient global digital infrastructure." He's right: Businesses are interested and engaged -- but some in a different way he meant. A new front is emerging in cyber-warfare: Multinational corporations are standing up to governments that use the Internet for military purposes.
Last month, in an unprecedented move, the U.S.-based company Symantec, Russia-based Kaspersky Lab, the German CERT-Bund/BSI, and ITU-IMPACT published the results of their joint analysis of the cyber-espionage tool Flame that infected primarily computer systems in the Middle East. They show that parts of Flame had been active as early as 2006, collecting data in more than a dozen countries, and that it was likely produced by a government. According to Kaspersky Lab, "in June, we definitely confirmed that Flame developers communicated with the Stuxnet development team, which was another convincing fact that Flame was developed with nation-state backing," whereas Symantec more cautiously states that "this is the work of a highly organized and sophisticated group."
"For us to know that a malware campaign lasted this long and was flying under the radar for everyone in the community, it's a little concerning.... It's a very targeted attack, but it's a very large-scale attack," Vikram Thakur at Symantec points out. The discoveries over the last two years of Stuxnet, Duqu, Flame, and Gauss -- computer malware designed to spy and destroy -- provided a glimpse of how far states have advanced in using cyberspace for military purposes, shedding light on a cyber campaign that seems to have been waged largely unnoticed for years. Perhaps the embarrassment was a wake-up call -- some members of the industry now seem determined to step up their game.
It's clear that governments across the world are bolstering their cyberwarfare capabilities. "What we're looking at is a global cyber arms race," said Rear Admiral Samuel Cox, director of intelligence at U.S. Cyber Command. Earlier this year, Forbes reported that governments are buying key components of cyber-weapons from hackers on a shadow market. The New York Times reporting on Operation Olympic Games shed light on Stuxnet, the most sophisticated cyber-attack known to date, and fueled the debate about potential backlashes.
But there is a counterforce to the global cyber arms race: an entire industry built on identifying and neutralizing malware. In fact, two races are taking place simultaneously -- an arms and a disarmament race.