Capable: Good Bots Deployed                    

infectionvectors.com

May 2008

Air Force Col. Charles W. Williamson III proposes another facet to the US military's cyber capabilities: a botnet (http://www.armedforcesjournal.com/2008/05/3375884). Not an army of PCs pieced together by compromising random machines, but rather one built with organic assets over time to deliver DDoS options. 

There are a few interesting areas to explore here, not the least of which is the construction of cyber weapons - mechanisms intended to fight cyber battles on a cyber battle space. Traditional information warfare includes kinetic weapon deployment - dropping real bombs (or EMP/HERF weapons) to counter cyber capabilities. There has been suggestion of "cyber crafts" (also the Air Force, see: http://www.au.af.mil/au/awc/awcgate/afrl/cybercraft.pdf) and various digital constructs could be used to fight across the Internet. Col. Williamson's suggestion is novel in its adoption of the previously "nefarious" (the "botnet" itself) and inclusion of only Internet-bound tools to discuss information warfare. That discussion is important to the future of cyber warfare as well as the place every Internet resident has on the battlefield. 

The parallel that Col. Williamson draws to fortifying and defending a fortress (or castle) and the inherent futility given advances in warfare and weaponry is quite well applied to the Internet. But, the argument that a botnet boosts our ability to defend our bases and knock out others is most effectively applied only to cases when the adversary is employing the "fortress" as home base. Unfortunately, very few attacks appear to come from this type of aggressor - modern threats emanate from zombies, compromised servers, and anonymous single actors. DDoSing ones of these may work, but have little effect on the overall attack. It would appear much more likely that we will end up costing ourselves much more than we can inflict. 

Col. Williamson notes that the Air Force could build all necessary capabilities out of, "our own resources." That approach, one may presume, would include additional circuits. DDoS attacks are likely to involve collateral damage. In cases where all aggressors are inside a friendly network, that network can be assumed to part of that damage - sending enough traffic to overwhelm an adversary would likely degrade (at best, render useless at worst) other local segments. Amassing such building blocks (PCs, bandwidth, control mechanisms, etc.) is a perfectly legal and legitimate action in today's world. Botnet masters are arrested for compromising unknowing participants and the actions taken by the zombies; in the case suggested by Col. Williamson, those issues are alleviated by using US military-owned assets and rules of warfare. However, it is the collection of tools that may one day face scrutiny. For example, as suggested in a paper by the author, bandwidth itself may soon be regarded on par with other weapon building blocks (such as plutonium). How megabits per resident is acceptable before one may be suspected of horizontal proliferation of weapons-grade circuits? Could a small country with a per capita bandwidth of 200Mb be put on a watch list? 

Col. Williamson argues that we are in an arms race now, "and we are losing." The DDoS capability does not necessarily involve horizontal proliferation of weapons, however. A successful denial of service is quite possible without a flood of packets. That technology (singular exploits to knock over servers) may be better thought of as vertical proliferation in cyber weapons space. 

Further Reading

Weaponized: infectionvectors.com

http://www.infectionvectors.com/library/weaponized-iv.pdf 

Cahill, T. P., Rozinov, K., Mulé, C.: Cyber Warfare Peacekeeping. Proceedings of the 2003 IEEE Workshop on Information Assurance pp 100-107. United States Military Academy, West Point, NY June 2003.

Denning, D.: Obstacles and Options for Cyber Arms Controls. Presented at Arms Control in Cyberspace, Heinrich Boll Foundation, Berlin, Germany. June 29-30, 2001. http://www.nps.navy.mil/da/faculty/DorothyDenning/publications/Berlin.pdf.