Could Cyberwar Knock Us Back to the Stone Age?
Source: davidteffler.com
While there are many aspects of cyberwar worthy of discussion, one area rarely explored is just how dangerous a full-on cyberwar could be to the US, and to global society. Could a cyberwar knock us back to the Stone Age?
For the purpose of our exploration, we will assume that cyberwar doesn't lead to a nuclear or biological war, that the effects resulting from the conflict remain within the bounds of digital means of destruction rather than traditional NBC (nuclear, biological, and chemical) warfare.
Most examinations of cyberwar threat took place before the enormous breach at the US Office of Personnel Management. OPM is, essentially, the American government's HR department.
In June, OPM announced it had been the victim of a persistent penetration that went back at least to March of 2014. More than 21.5 million individual, highly personal personnel records were stolen from the agency, including confidential disclosures by government personnel with security clearances.
In addition to the other data stolen, 1.1 million fingerprint patterns were also grabbed. This means, if you think about it, that since enemy actors had access to fingerprint and personnel systems, they not only could take information, they could plant fake information, as well.
But we've seen the damage even one or two rogue workers can do. Witness the damage Bradley Manning and Edward Snowden have caused, and they were just two relatively low-level government workers. Imagine, instead, the damage that could be caused by workers turned, either because of blackmail based on the stolen OPM data, or enemy agents, complete with government IDs that are confirmed by the now falsified OPM data, inserted into critical positions.
The Edward Snowden revelations have rocked governments, global businesses, and the technology world. Here is our perspective on the still-unfolding implications along with IT security and risk management best practices that technology leaders can put to good use.
This takes our thought experiment to a whole new level. What would happen if we were hit by a devastating cyberattack and the government's continuity systems did not function as expected, because they, too, were compromised?
Let's assume, through a combination of malware, espionage, denial of service, and sabotage, that our national systems were to break down. What then?
Our path down the rabbit hole requires us to identify what sorts of systems would be interrupted. So let's start by assuming the financial system would come to a halt. Stock exchange transactions would stop, and all electronic fund and electronic banking transactions would cease. At that point, checks and credit cards would no longer have value, businesses would no longer be able to operate, and even cash would likely lose its transaction value.
What about communications? Over the past ten years, most of us have moved off of landlines and away from over-the-air broadcast TV (notwithstanding a small group of HD antenna owners). Most of us communicate over mobile services and the Internet. In a catastrophic cyberwar, and for the purpose of our thought experiment, let's assume all communications with the possible exception of ham radio would go offline.
Without financial support and communications, our supply chains would be toast. Goods and services would no longer move across the country. There would be mobs storming supermarkets, hardware stores, and gun shops. Gasoline for vehicles would run out in a matter of days.
National government would cease to function. Instead, the primary governance touch points would be some responsible local law enforcement officers. More likely, we would see feudal governance take hold, where those with the most firepower, survival resources, and physical strength would take power.
Surely other governments would jump in to lend a hand, if for no other reason than a precipitous decline in the US economy would have devastating results worldwide.
Here's where the scenario branches. If the cyberattack were limited to the United States, then it's likely that other governments would involve themselves to a limited extent, if only to regain access to our ability to buy their goods.
This includes China, by the way. Since China's economy is so dependent upon America's (and us upon them), it is unlikely that China would engage in extinction-level cyberwar. In fact, so much of the world's economy is intermingled, that it is actually quite unlikely that most major countries would engage in terminal cyberwar.
That leaves activists, crazies, and highly isolated rogue nations like North Korea. In fact, it mostly leaves North Korea, because even Iran and Russia rely on a functioning world economy. Before we discuss North Korea, let's get one other factor out of the way: the Stone Age. This article asked whether cyberwar could knock us back to the Stone Age. Rather than letting the hyperbole of the question stand, let's understand that the Stone Age preceded humanity's ability to work metal. Cyberwar (without an accompanying NBC event) would not deny us the ability to work metal, even iron and steel.
In fact, if we were to look at how far back something like a universally devastating cyberwar might take us, we'd probably land right around the technology level of World War II. Unfortunately for our postulated post-cyberwar society, nations in World War II were highly structured. For example, England, even during the worst of the London Blitz, was able to function as a nation.
We might not be able to replicate that level of functioning, primarily because our existing modes of communication are now nearly universally reliant on the Internet and digital technology. So we'd have to move back a few centuries, even before the telegraph that Lincoln used so powerfully in the Civil War, to a world where communications relied on fast horses and capable riders. At least bicycles are relatively common in the modern world.
Our worst case, therefore, is a society largely feudal in nature, knocked back in some ways to a technology base roughly akin to those the Founding Fathers had when they revolted against King George.
But could North Korea (again, without nukes or EMP weapons) generate a cyber-event devastating enough to take out all major nations and knock us all back to a pre-telegraph world?
My analysis of North Korea shows the country is indeed capable of mounting a cyberattack, especially if they use resources and agents located outside the nation's physical borders. But could North Korea simultaneously take out digital systems worldwide? First, they don't have the resources. Second, it's far more likely the OPM breach was by China, rather than North Korea.
Any total cyberwar extinction event would have to remove the United States' deep contingency operations, and while China or Russia might be able to turn a few more Snowdens, that's way out of North Korea's capability level. Plus, breaking US contingency planning would take more than a handful of blackmailed government employees.
The enemy's reach would have to be deep and pervasive, and that's simply not going to be able to happen with the depth and pace necessary to unhinge all our preparatory measures.
So let's conclude our thought experiment with a few observations and conclusions. The simple answer is no, cyberwar would not knock us back to the Stone Age. There is no rogue nation or organization with the reach to hit all of modern society across nations, and that's what would be required to push modern society out of the Information Age.
There is no doubt that cyberwar and cyberattacks can be devastating, and have a high financial and operational cost. But there's also little doubt that we would recover, in time.
David Gewirtz is a Director of the US Strategic Perspective Institute. Twitter: @DavidGewirtz
Ein News: http://bit.ly/1Itgp63