Cyber-War — Willkommen in der Zukunft
Hier eine Nachricht, die aus einem Science-Fiction-Film stammen sollte: In Amerika wird laut NYTimes die digitale Kriegsführung heiß diskutiert, sowohl in ihrer defensiven als auch in ihrer offensiven Komponente.
Die Möglichkeiten und Gefährdungen werden sogar mit denen der Nuklear-Ära verglichen. Zwar werden wir ziemlich sicher kein verseuchtes Essen oder Wasser bekommen. Aber vielleicht gar keines mehr:
Cyberwar would not be as lethal as atomic war, of course, nor as visibly dramatic. But when Mike McConnell, the former director of national intelligence, briefed Mr. Bush on the threat in May 2007, he argued that if a single large American bank were successfully attacked “it would have an order-of-magnitude greater impact on the global economy” than the Sept. 11, 2001, attacks. Mr. McConnell, who left office three months ago, warned last year that “the ability to threaten the U.S. money supply is the equivalent of today’s nuclear weapon.”
[…]
“We have seen Chinese network operations inside certain of our electricity grids,” said Joel F. Brenner, who oversees counterintelligence operations for Dennis Blair, Mr. McConnell’s successor as national intelligence director, speaking at the University of Texas at Austin this month. “Do I worry about those grids, and about air traffic control systems, water supply systems, and so on? You bet I do.”
In den letzten „realen“ kriegerischen Auseinandersetzungen um Russland konnte man das schon in einer frühen Variante bewundern, mit dem netten Namen „hybrid warfare“:
The advent of Internet attacks — especially those suspected of being directed by nations, not hackers — has given rise to a new term inside the Pentagon and the National Security Agency: “hybrid warfare.”
It describes a conflict in which attacks through the Internet can be launched as a warning shot — or to pave the way for a traditional attack.
Early hints of this new kind of warfare emerged in the confrontation between Russia and Estonia in April 2007. Clandestine groups — it was never determined if they had links to the Russian government — commandeered computers around the globe and directed a fire hose of data at Estonia’s banking system and its government Web sites.
The computer screens of Estonians trying to do business with the government online were frozen, if they got anything at all. It was annoying, but by the standards of cyberwar, it was child’s play.
In August 2008, when Russia invaded Georgia, the cyberattacks grew more widespread. Georgians were denied online access to news, cash and air tickets. The Georgian government had to move its Internet activity to servers in Ukraine when its own servers locked up, but the attacks did no permanent damage.
Stellt sich natürlich die Frage nach Gegenmaßnahmen. Ob da Atomkriegs-Metapher und die Idee der Abschreckung auch funktioniert? Man ist jedenfalls überzeugt, dass ein reines „Dichtmachen“ nicht sehr aussichtsreich ist:
But the broader question — one the administration so far declines to discuss — is whether the best defense against cyberattack is the development of a robust capability to wage cyberwar.
As Mr. Obama’s team quickly discovered, the Pentagon and the intelligence agencies both concluded in Mr. Bush’s last years in office that it would not be enough to simply build higher firewalls and better virus detectors or to restrict access to the federal government’s own computers.
“The fortress model simply will not work for cyber,” said one senior military officer who has been deeply engaged in the debate for several years. “Someone will always get in.”
That thinking has led to a debate over whether lessons learned in the nuclear age — from the days of “mutually assured destruction” — apply to cyberwar.
But in cyberwar, it is hard to know where to strike back, or even who the attacker might be. Others have argued for borrowing a page from Mr. Bush’s pre-emption doctrine by going into foreign computers to destroy malicious software before it is unleashed into the world’s digital bloodstream. But that could amount to an act of war, and many argue it is a losing game, because the United States is more dependent on a constantly running Internet system than many of its potential adversaries, and therefore could suffer more damage in a counterattack.
Natürlich ist die völkerrechtliche Lage noch vollkommen unklar:
Senior Pentagon and military officials also express deep concern that the laws and understanding of armed conflict have not kept current with the challenges of offensive cyberwarfare.
Over the decades, a number of limits on action have been accepted — if not always practiced. One is the prohibition against assassinating government leaders. Another is avoiding attacks aimed at civilians. Yet in the cyberworld, where the most vulnerable targets are civilian, there are no such rules or understandings. If a military base is attacked, would it be a proportional, legitimate response to bring down the attacker’s power grid if that would also shut down its hospital systems, its air traffic control system or its banking system?
“We don’t have that for cyber yet,” one senior Defense Department official said, “and that’s a little bit dangerous.”
Schaurig, hm? Da braucht man kein Fernsehen mehr.