Could Cyberwar Knock Us Back to the Stone Age?

55-Trends-for-Cyberwar_clip_image002_0000.jpg

Source: davidteffler.com

While there are many aspects of cyberwar worthy of discussion, one area rarely explored is just how dangerous a full-on cyberwar could be to the US, and to global society. Could a cyberwar knock us back to the Stone Age?
For the purpose of our exploration, we will assume that cyberwar doesn't lead to a nuclear or biological war, that the effects resulting from the conflict remain within the bounds of digital means of destruction rather than traditional NBC (nuclear, biological, and chemical) warfare.

Most examinations of cyberwar threat took place before the enormous breach at the US Office of Personnel Management. OPM is, essentially, the American government's HR department.
In June, OPM announced it had been the victim of a persistent penetration that went back at least to March of 2014. More than 21.5 million individual, highly personal personnel records were stolen from the agency, including confidential disclosures by government personnel with security clearances.
In addition to the other data stolen, 1.1 million fingerprint patterns were also grabbed. This means, if you think about it, that since enemy actors had access to fingerprint and personnel systems, they not only could take information, they could plant fake information, as well.

But we've seen the damage even one or two rogue workers can do. Witness the damage Bradley Manning and Edward Snowden have caused, and they were just two relatively low-level government workers. Imagine, instead, the damage that could be caused by workers turned, either because of blackmail based on the stolen OPM data, or enemy agents, complete with government IDs that are confirmed by the now falsified OPM data, inserted into critical positions.
The Edward Snowden revelations have rocked governments, global businesses, and the technology world. Here is our perspective on the still-unfolding implications along with IT security and risk management best practices that technology leaders can put to good use.

This takes our thought experiment to a whole new level. What would happen if we were hit by a devastating cyberattack and the government's continuity systems did not function as expected, because they, too, were compromised?
Let's assume, through a combination of malware, espionage, denial of service, and sabotage, that our national systems were to break down. What then?

Our path down the rabbit hole requires us to identify what sorts of systems would be interrupted. So let's start by assuming the financial system would come to a halt. Stock exchange transactions would stop, and all electronic fund and electronic banking transactions would cease. At that point, checks and credit cards would no longer have value, businesses would no longer be able to operate, and even cash would likely lose its transaction value.

What about communications? Over the past ten years, most of us have moved off of landlines and away from over-the-air broadcast TV (notwithstanding a small group of HD antenna owners). Most of us communicate over mobile services and the Internet. In a catastrophic cyberwar, and for the purpose of our thought experiment, let's assume all communications with the possible exception of ham radio would go offline.
Without financial support and communications, our supply chains would be toast. Goods and services would no longer move across the country. There would be mobs storming supermarkets, hardware stores, and gun shops. Gasoline for vehicles would run out in a matter of days.

National government would cease to function. Instead, the primary governance touch points would be some responsible local law enforcement officers. More likely, we would see feudal governance take hold, where those with the most firepower, survival resources, and physical strength would take power.
Surely other governments would jump in to lend a hand, if for no other reason than a precipitous decline in the US economy would have devastating results worldwide.
Here's where the scenario branches. If the cyberattack were limited to the United States, then it's likely that other governments would involve themselves to a limited extent, if only to regain access to our ability to buy their goods.
This includes China, by the way. Since China's economy is so dependent upon America's (and us upon them), it is unlikely that China would engage in extinction-level cyberwar. In fact, so much of the world's economy is intermingled, that it is actually quite unlikely that most major countries would engage in terminal cyberwar.

That leaves activists, crazies, and highly isolated rogue nations like North Korea. In fact, it mostly leaves North Korea, because even Iran and Russia rely on a functioning world economy. Before we discuss North Korea, let's get one other factor out of the way: the Stone Age. This article asked whether cyberwar could knock us back to the Stone Age. Rather than letting the hyperbole of the question stand, let's understand that the Stone Age preceded humanity's ability to work metal. Cyberwar (without an accompanying NBC event) would not deny us the ability to work metal, even iron and steel.

In fact, if we were to look at how far back something like a universally devastating cyberwar might take us, we'd probably land right around the technology level of World War II. Unfortunately for our postulated post-cyberwar society, nations in World War II were highly structured. For example, England, even during the worst of the London Blitz, was able to function as a nation.

We might not be able to replicate that level of functioning, primarily because our existing modes of communication are now nearly universally reliant on the Internet and digital technology. So we'd have to move back a few centuries, even before the telegraph that Lincoln used so powerfully in the Civil War, to a world where communications relied on fast horses and capable riders. At least bicycles are relatively common in the modern world.

Our worst case, therefore, is a society largely feudal in nature, knocked back in some ways to a technology base roughly akin to those the Founding Fathers had when they revolted against King George.
But could North Korea (again, without nukes or EMP weapons) generate a cyber-event devastating enough to take out all major nations and knock us all back to a pre-telegraph world?

My analysis of North Korea shows the country is indeed capable of mounting a cyberattack, especially if they use resources and agents located outside the nation's physical borders. But could North Korea simultaneously take out digital systems worldwide? First, they don't have the resources. Second, it's far more likely the OPM breach was by China, rather than North Korea.

Any total cyberwar extinction event would have to remove the United States' deep contingency operations, and while China or Russia might be able to turn a few more Snowdens, that's way out of North Korea's capability level. Plus, breaking US contingency planning would take more than a handful of blackmailed government employees.
The enemy's reach would have to be deep and pervasive, and that's simply not going to be able to happen with the depth and pace necessary to unhinge all our preparatory measures.

So let's conclude our thought experiment with a few observations and conclusions. The simple answer is no, cyberwar would not knock us back to the Stone Age. There is no rogue nation or organization with the reach to hit all of modern society across nations, and that's what would be required to push modern society out of the Information Age.

There is no doubt that cyberwar and cyberattacks can be devastating, and have a high financial and operational cost. But there's also little doubt that we would recover, in time.

David Gewirtz is a Director of the US Strategic Perspective Institute.  Twitter: @DavidGewirtz

Ein News: http://bit.ly/1Itgp63

 

« Internet of Things Unlocks Revenue Opportunities
Global Spy System ECHELON Confirmed by Snowden Leak »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

SharkGate

SharkGate

SharGate provide a cloud-based website security solution to protect websites from being hacked.

Quantivate

Quantivate

Quantivate is a provider of web-based Governance, Risk, and Compliance (GRC) software and service solutions.

ElcomSoft

ElcomSoft

ElcomSoft is a global leader in computer and mobile forensics, IT security and forensic data recovery.

NuData Security

NuData Security

NuData Security, A Mastercard Company, is an award winning behavioral biometrics company.

New Enterprise Associates (NEA)

New Enterprise Associates (NEA)

As one of the world’s largest and most active venture capital firms, NEA has developed deep domain expertise and insight into our industries of focus - technology and healthcare.

Research Institute in Verified Trustworthy Software Systems (VeTSS)

Research Institute in Verified Trustworthy Software Systems (VeTSS)

The main purpose of VeTSS is to support program analysis, testing and verification, to achieve guarantees of software correctness, safety, and security.

Cyber Security Forum Initiative (CSFI)

Cyber Security Forum Initiative (CSFI)

CSFI is a non-profit organization with a mission to provide Cyber Warfare awareness, guidance, and security solutions through collaboration, education, volunteer work, and training.

INE

INE

INE is a premier provider of Technical Training for the IT industry.

Infinite Ranges

Infinite Ranges

Infinite Ranges delivers secure, comprehensive digital solutions by connecting experts with the best products and services for the digital age.

SEIRIM

SEIRIM

SEIRIM delivers cybersecurity solutions in Shanghai China specializing in Web Application Security, Network Security for SME's, Vulnerability Management, and serving as Managed Security as a Service.

RedNode

RedNode

RedNode is a cybersecurity service provider that offers customized security testing solutions to protect any size of business worldwide.

Praxis Security Labs

Praxis Security Labs

Praxis Security Labs is a research driven cybersecurity company that helps our customers to reduce risk and improve security.

Ultima

Ultima

Ultima are on a mission to help businesses unlock their true potential by using the right IT to protect your company’s revenue and reputation – 24/7.

Convergence Networks

Convergence Networks

Convergence Networks is one of North America's leading Managed Services & Security Providers.

Cyderes

Cyderes

Cyderes (Cyber Defense and Response) is a global, pure-play, full life-cycle cyber security services provider formed from the merger of Herjavec Group and Fishtech Group in 2022.

Vultara

Vultara

Vultara provides web-based product security risk management tools for electronics manufacturers.