Could Cyberwar Knock Us Back to the Stone Age?

55-Trends-for-Cyberwar_clip_image002_0000.jpg

Source: davidteffler.com

While there are many aspects of cyberwar worthy of discussion, one area rarely explored is just how dangerous a full-on cyberwar could be to the US, and to global society. Could a cyberwar knock us back to the Stone Age?
For the purpose of our exploration, we will assume that cyberwar doesn't lead to a nuclear or biological war, that the effects resulting from the conflict remain within the bounds of digital means of destruction rather than traditional NBC (nuclear, biological, and chemical) warfare.

Most examinations of cyberwar threat took place before the enormous breach at the US Office of Personnel Management. OPM is, essentially, the American government's HR department.
In June, OPM announced it had been the victim of a persistent penetration that went back at least to March of 2014. More than 21.5 million individual, highly personal personnel records were stolen from the agency, including confidential disclosures by government personnel with security clearances.
In addition to the other data stolen, 1.1 million fingerprint patterns were also grabbed. This means, if you think about it, that since enemy actors had access to fingerprint and personnel systems, they not only could take information, they could plant fake information, as well.

But we've seen the damage even one or two rogue workers can do. Witness the damage Bradley Manning and Edward Snowden have caused, and they were just two relatively low-level government workers. Imagine, instead, the damage that could be caused by workers turned, either because of blackmail based on the stolen OPM data, or enemy agents, complete with government IDs that are confirmed by the now falsified OPM data, inserted into critical positions.
The Edward Snowden revelations have rocked governments, global businesses, and the technology world. Here is our perspective on the still-unfolding implications along with IT security and risk management best practices that technology leaders can put to good use.

This takes our thought experiment to a whole new level. What would happen if we were hit by a devastating cyberattack and the government's continuity systems did not function as expected, because they, too, were compromised?
Let's assume, through a combination of malware, espionage, denial of service, and sabotage, that our national systems were to break down. What then?

Our path down the rabbit hole requires us to identify what sorts of systems would be interrupted. So let's start by assuming the financial system would come to a halt. Stock exchange transactions would stop, and all electronic fund and electronic banking transactions would cease. At that point, checks and credit cards would no longer have value, businesses would no longer be able to operate, and even cash would likely lose its transaction value.

What about communications? Over the past ten years, most of us have moved off of landlines and away from over-the-air broadcast TV (notwithstanding a small group of HD antenna owners). Most of us communicate over mobile services and the Internet. In a catastrophic cyberwar, and for the purpose of our thought experiment, let's assume all communications with the possible exception of ham radio would go offline.
Without financial support and communications, our supply chains would be toast. Goods and services would no longer move across the country. There would be mobs storming supermarkets, hardware stores, and gun shops. Gasoline for vehicles would run out in a matter of days.

National government would cease to function. Instead, the primary governance touch points would be some responsible local law enforcement officers. More likely, we would see feudal governance take hold, where those with the most firepower, survival resources, and physical strength would take power.
Surely other governments would jump in to lend a hand, if for no other reason than a precipitous decline in the US economy would have devastating results worldwide.
Here's where the scenario branches. If the cyberattack were limited to the United States, then it's likely that other governments would involve themselves to a limited extent, if only to regain access to our ability to buy their goods.
This includes China, by the way. Since China's economy is so dependent upon America's (and us upon them), it is unlikely that China would engage in extinction-level cyberwar. In fact, so much of the world's economy is intermingled, that it is actually quite unlikely that most major countries would engage in terminal cyberwar.

That leaves activists, crazies, and highly isolated rogue nations like North Korea. In fact, it mostly leaves North Korea, because even Iran and Russia rely on a functioning world economy. Before we discuss North Korea, let's get one other factor out of the way: the Stone Age. This article asked whether cyberwar could knock us back to the Stone Age. Rather than letting the hyperbole of the question stand, let's understand that the Stone Age preceded humanity's ability to work metal. Cyberwar (without an accompanying NBC event) would not deny us the ability to work metal, even iron and steel.

In fact, if we were to look at how far back something like a universally devastating cyberwar might take us, we'd probably land right around the technology level of World War II. Unfortunately for our postulated post-cyberwar society, nations in World War II were highly structured. For example, England, even during the worst of the London Blitz, was able to function as a nation.

We might not be able to replicate that level of functioning, primarily because our existing modes of communication are now nearly universally reliant on the Internet and digital technology. So we'd have to move back a few centuries, even before the telegraph that Lincoln used so powerfully in the Civil War, to a world where communications relied on fast horses and capable riders. At least bicycles are relatively common in the modern world.

Our worst case, therefore, is a society largely feudal in nature, knocked back in some ways to a technology base roughly akin to those the Founding Fathers had when they revolted against King George.
But could North Korea (again, without nukes or EMP weapons) generate a cyber-event devastating enough to take out all major nations and knock us all back to a pre-telegraph world?

My analysis of North Korea shows the country is indeed capable of mounting a cyberattack, especially if they use resources and agents located outside the nation's physical borders. But could North Korea simultaneously take out digital systems worldwide? First, they don't have the resources. Second, it's far more likely the OPM breach was by China, rather than North Korea.

Any total cyberwar extinction event would have to remove the United States' deep contingency operations, and while China or Russia might be able to turn a few more Snowdens, that's way out of North Korea's capability level. Plus, breaking US contingency planning would take more than a handful of blackmailed government employees.
The enemy's reach would have to be deep and pervasive, and that's simply not going to be able to happen with the depth and pace necessary to unhinge all our preparatory measures.

So let's conclude our thought experiment with a few observations and conclusions. The simple answer is no, cyberwar would not knock us back to the Stone Age. There is no rogue nation or organization with the reach to hit all of modern society across nations, and that's what would be required to push modern society out of the Information Age.

There is no doubt that cyberwar and cyberattacks can be devastating, and have a high financial and operational cost. But there's also little doubt that we would recover, in time.

David Gewirtz is a Director of the US Strategic Perspective Institute.  Twitter: @DavidGewirtz

Ein News: http://bit.ly/1Itgp63

 

« Internet of Things Unlocks Revenue Opportunities
Global Spy System ECHELON Confirmed by Snowden Leak »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Avatu

Avatu

Avatu specialise in providing clients the advice, technology and tools they need to fight cyber and insider threats.

SISA

SISA

SISA is a global forensics-driven cybersecurity solutions company, trusted by leading organizations for securing their businesses with robust preventive and corrective cybersecurity solutions.

SecureKey Technologies

SecureKey Technologies

SecureKey is a leading identity and authentication provider that simplifies consumer access to online services and applications.

PureCyber

PureCyber

PureCyber (formerly Wolfberry Cyber) is an award-winning cyber security consultancy whose goal it is to make cyber security accessible, understandable, and affordable for any organisation.

Lineal Services

Lineal Services

Lineal supports clients in meeting their digital forensics, cyber security and eDiscovery needs by providing bespoke solutions to complex problems.

Forum of Incident Response & Security Teams (FIRST)

Forum of Incident Response & Security Teams (FIRST)

FIRST is the global Forum of Incident Response and Security Teams.

ArmorText

ArmorText

ArmorText offers a seamless channel for communication and collaboration for organizations concerned with keeping communication data private and secure.

Secured Communications

Secured Communications

Secured Communications has developed the only unified secure communications platform trusted by public safety and counter terrorism professionals around the world.

N8 Identity

N8 Identity

N8 Identity helps organizations realize the vision of Autonomous Identity Governance™ with AI-driven Identity solutions.

Cybermerc

Cybermerc

Cybermerc's services, training programmes and cyber security solutions are designed to forge collaborations across industry, government and academia, for collective defence of our digital borders.

Infosec Cloud

Infosec Cloud

Infosec Cloud is a specialist Cyber Security company offering fully managed Training & Testing Services in addition to market leading Cyber Security technology and accredited professional services.

FDD Center on Cyber and Technology Innovation (CCTI)

FDD Center on Cyber and Technology Innovation (CCTI)

The Foundation for Defense of Democracies is a nonprofit research institute focusing on foreign policy and national security. Ares of focus include cyber security and technology innovation.

Pivot Technology School

Pivot Technology School

Pivot Tech offers Data Analytics, Software Development and Cyber Security training in boot camp style cohorts.

Safe Decision

Safe Decision

Safe Decision is an information technology company offering Cyber Security, Network, and Infrastructure Services and Solutions.

Lodestone

Lodestone

Lodestone partners with clients to help them mitigate business and reputational risk, through our human-based, approach to cyber security, digital forensics and incident response.

Seers

Seers

Seers is the world’s leading privacy & consent management platform for companies worldwide. Trusted by over 50,000+ businesses.