Symantec CTO: World War III could start with a cyber battle

Cyber tools could also be used for propaganda and disinformation, says Greg Day

The next world war could feature cyber attacks, but not in the way that most people assume, according to the Symantec EMEA CTO Greg Day.

Many believe sophisticated cyber attacks by one nation state on another could trigger the next world war, but Day believes that cyber tools may be used in different ways.

"Will the next war be a cyber war? [Cyber tools] could be used a lot in terms of propaganda, disinformation and almost the pre-emptor to the physical element," Day told Computing.

"There are already a number of nations that have declared that they are building cyber offensive capabilities and I've done work with a number of different governments where we look at a wide range of issues within their cyber strategy from the defence capability onwards. You can see the UK, France, Germany, the US, Israel and other countries putting cyber on top of their defence strategy. The question is, is it defensive or offensive? And what are they trying to achieve, is it industrial espionage?" he added.

Day emphasised that it was not in Symantec or any other vendors' remit to unearth who the perpetrators of cyber espionage were, but rather to mitigate the risk for their customers.

Last month, US security firm Mandiant released a report citing an secret branch of China's People's Liberation Army (PLA), dubbed unit 61398, as the source of a campaign of espionage against 141 corporations in 20 industries in the US. It alleged that the unit had an uncanny likeness to another cyber group called APT1, which had originally been blamed for the attacks.

"In seeking to identify the organisation behind this activity, our research found that People's Liberation Army unit 61398 is similar to APT1 in its mission, capabilities, and resources," Mandiant said in its report.

"PLA unit 61398 is also located in precisely the same area from which APT1 activity appears to originate".

[Turn to page 2]

Symantec CTO: World War III could start with a cyber battle

Cyber tools could also be used for propaganda and disinformation, says Greg Day

Day said that Symantec had also been tracking APT1 for six years.

"We can see consistency in the codes that were behind it, and the source sites which [the group] were using and where they were hosting from, but does it add any value for us whether it is a government group, a state-sponsored group or a military group? It's not our focal area," he said.

But added that the firm is now working more with government to get this information to them.

"We would always reach out to the ISP to say ‘we think your site is compromised, you should shut it down and here is why', and work with law enforcement and say ‘here is the evidence we've got, you may want to take this further'," he said.

Day gave an example of the Taiwanese government updating some of its military capabilities as evidence that any situation could be seen differently by a number of nations.

"As the Taiwanese government were going out to tender, we could see traffic going back to the US, Taiwan, China and other countries as well, but obviously someone was trying to get in the middle of that bid process," he said.

"You could argue it was a company trying to outbid everyone else or that it was one of the other nations trying to understand what Taiwan's future capabilities were going to be. People can look at it from so many different angles. It was interesting in that they were trying to update their military capability and cyber was used as a sub-part of that process," he added.