Cyberwar: The Smart Person's Guide

US military monitoring sending data to aircraft in a simulation of cyberwar

Cyberwarfare is real. Governments are pouring billions into making sure they can fight battles on the internet, and you might just get caught in the crossfire. 

Here's what you need to know.

What it is: Cyberwarfare is the use of digital attacks to damage the networks or computer systems in another nation state.

What it does: State-backed hackers aim to disrupt civilian and military services and potentially create real-world effects, like shutting down power grids.

Why it matters: Most developed economies are now entirely reliant on web-based services: undermining confidence in these systems and networks could do serious damage.

Who it affects: Potentially anyone who relies on digital infrastructure in their lives, regardless of location.

When is this happening: There have already been a few incidents that could be labelled as cyberwarfare, more will follow.

Where is this happening: Electronic attacks have taken place in Ukraine, Iran and eastern Europe: more may have taken place but secrecy makes it hard to be sure.

Who is making it happen: Many governments are building a cyberwarfare capability: among the most advanced countries are the US, Russia, China, Iran and South Korea.

How to get it: Find yourself in conflict with a major power, or annoy a dictator.

Cyberwarfare

At its heart, cyberwarfare involves digital attacks on the networks, systems and data of another state, with the aim of creating significant disruption or destruction. That might involve destroying, altering or stealing data, or making it impossible to access online services, whether they are used by the military and broader society. These digital attacks may also be designed to cause physical damage in the real world - such as hacking into a dam's control systems to opening its floodgates.

Such attacks can form part of a more traditional military campaign or be used as a standalone attack.

A wider definition of cyberwarfare could also include some elements of what is also known as information warfare — including online propaganda and disinformation, such as the use of 'troll armies' to promote a certain view of the world across social media.

There is no settled legal definition of what cyberwarfare is and there are no laws that specifically refer to it. That doesn't mean the concept isn't covered by international law, or that it is considered trivial. Among western states there is a general consensus that an online attack on a state can - if it is severe enough — be the equivalent of an armed physical attack.

NATO has, for example, updated its rules of engagement so that an electronic attack on one of its members could be considered an attack on all of them - triggering its collective defence clause. Increasingly it is seen as another potential battlefield alongside land, sea, air and space.

But cyberwar remains a shifting concept, one that describes a shadowy world — the domain of spies, top secret military projects and hackers often working at arms-length from their own governments.

The New Art of War 

As can be the case in conventional conflicts, cyberwarfare aims to further the goals of a nation state. Typically, electronic 'weapons' are used to disrupt the computer networks of that nation's rivals, and potentially cause physical damage as a result. The types of attack could vary wildly, from bespoke code that will only work against one particular target, through to distributed denial of service attacks, phishing, hacking and viruses.

While a computer system may be the initial target, cyberwarfare can also involve physical damage too. Hackers might damage the systems running a power station to cause an outage, or break a factory control system to create a chemical spill.

While there have been very few uses of cyber weapons to date, what is clear is that nation states around the world are building up their capabilities rapidly, both in terms of defending against such attacks on their own critical national infrastructure, but also their ability to launch these attacks if necessary.

Cyberwarfare is distinct from everyday hacking, in that is carried out by nation states (or groups backed by nation states) and is aimed at furthering the goals of that state rather than - say - just stealing money, defacing websites or corrupting data (although it may include those things). It's also different to cyber espionage - using the internet to infiltrate and steal state and industrial secrets - although there is much overlap between the two.

Most nations are increasingly reliant on digital infrastructure to run efficiently. Disrupting communications or banking systems would have a huge effect on a modern economy. And as more of the industrial control systems that run electricity grids, factories and other utilities are put online, these systems are also more at risk from state-sponsored attacks. That means cyberwarfare isn't just a risk to your data, but potentially to your life.

Virtual Armies

The military are an obvious target of any cyberwarfare campaign: blocking or hacking communications or weapons systems (stopping missiles from launching or acquiring targets) would be an obvious target. But really those vulnerable are potentially anyone who relies on any digital technology. So unless you live under an (electronics-free) rock, you could be a target - or a victim, even inadvertently. An attack aimed at disrupting military communications could also knock out your ISP, for example.

Unlike a traditional military attack — by a missile or a tank — cyberwarfare doesn't require physical proximity. An electronic attack can be launched at a target anywhere on the globe from pretty much anywhere. That means even if your business or home is a long way from any front line you could still become a target. Indeed, because military targets and critical national infrastructure like nuclear power stations are well protected, less high profile but easier-to-attack targets may find themselves under assault instead.

As we connect up more and more devices to the internet, thanks to the emerging concept of the Internet of Things, that potential battlefield extends to your bathroom or kitchen. US intelligence has already said that IoT devices could be useful sources of data for spies.

NATO's cyberwarfare manual suggests that a cyber-attack can be considered to be the equivalent of an armed attack if it causes physical harm to people or property. By this standard there have been very few - perhaps only one or two - digital attacks that could be considered to be incidents of cyberwarfare.

For some, the modern cyberwarfare era began in 2007, with a coordinated attack on the small eastern European state of Estonia. The attack — which disrupted banks, government services and more — was sparked by plans to move a Soviet war memorial, and, although inconvenient, was not cyberwar, according to one resident.

For others, the cyberwar era began with 'Operation Olympic Games' a US-Israeli attack on the Iranian nuclear project in 2010, which used the Stuxnet malware to cause malfunctions in centrifuges that were being used in the programme. It's also entirely possible that there have been early cyberwarfare operations that still remain classified and hidden from view.

Critical Infrastructure

Critical national infrastructure is the most worrying potential cyberwarfare target. Water, gas and electricity, banking or communications: disrupting any of these could cause huge problems for a developed economy. As such, while cyber espionage tends to involve hacking into and stealing data from PCs, cyberwarfare is more interested in industrial control and Scada systems - the computers that run pipelines and factories and power grids. These are harder to attack but shutting down a gas pipeline will have a lot more impact than shutting down a few PCs.

Most nations have some sort of cyber defence project underway, and perhaps 20 or 30 have a cyber offence strategy of some sort too. The most advanced countries are generally considered to be the US, China, Russia, the UK, Iran and North Korea.

The use of cyberwarfare tactics by the US is most well documented. It is generally agreed that the US and Israel were behind Stuxnet. And more recently US deputy secretary of defense, Robert Work said of US efforts against ISIS: "We are dropping cyber-bombs...We have never done that before."

There has been a steady stream of other incidents: In 2013, the NSA claimed it had foiled a plot by an unnamed nation - believed to be China - to attack the BIOS chip in PCs, rendering them unusable. Then came the 2014 attack on Sony Pictures Entertainment, blamed by many on North Korea. And just before Christmas last year hackers managed to disrupt the power supply in parts of Ukraine, while in March seven Iranian hackers were accused of trying to shut down a New York dam in a federal grand jury indictment. There have also been claims from US and UK politicians and law enforcement that ISIS wants to build the capability to attack critical infrastructure, but has shown little sign of having the necessary capabilities.

Something like Stuxnet would cost millions to build because it would rely on 'zero-day' attacks, which exploit software flaws that have never been seen before and consequently expensive to find or buy from researchers. Such a bespoke approach is necessary for these sophisticated attacks because the make-up of each computer network varies and requires a different approach to compromise, making these kinds of destructive attacks really only available to well-resourced nation states. Other more traditional hacker tools are much cheaper and easy to acquire, though they may be less potent, too.

However, there's another question here. Correctly attributing blame for attacks is a big problem; it's very hard to find out which nations are behind an attack: while digital forensics have improved, attackers are also adept at leaving false clues in their code, which may lead in entirely the wrong direction.

Cyberwar isn't the sort of thing you'd seek out: but if you're in charge of a chunk of your nation's critical national infrastructure, or run military networks, you'd be advised to watch out for it - and to prepare your defences accordingly.

Ein News

 

« Google Hiring People To Test Self-Driving Cars
March Of The Machines »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

SecWest

SecWest

SecWest is the organizer of CanSecWest, PACSEC, originator of PWN2OWN, security auditing, and virtual engagement/training.

Centripetal Networks

Centripetal Networks

Centripetal Networks was founded with one vision - to protect networks from advanced threats by simplifying intelligence-driven security.

Lares Consulting

Lares Consulting

Lares is a security consulting firm that helps companies secure electronic, physical, intellectual, and financial assets through a unique blend of assessment, testing and coaching.

Japan Information Security Audit Association (JASA)

Japan Information Security Audit Association (JASA)

JASA is non-profit association active in developing and managing the quality of Information Security Auditing and Auditors in Japan.

RIPS Technologies

RIPS Technologies

RIPS Technologies delivers automated security analysis for PHP applications as platform independent software or highly scalable cloud service.

Enosys Solutions

Enosys Solutions

Enosys Solutions is an IT security specialist with a skilled professional services team and 24x7 security operations centre servicing corporate and public sector organisations across Australia.

AllegisCyber Capital

AllegisCyber Capital

AllegisCyber is an investment company with a focus on seed and early stage investing in cybersecurity and its applications in emerging technology markets.

Capula

Capula

Capula is a leading system integration specialist for control, automation and operational IT systems across all applications and industry sectors.

iQuila

iQuila

iQuila is a virtual overlay network which runs on top of an existing network. It creates a secure software enabled layer 2 connection across the internet or any public or private cloud.

Desec Security

Desec Security

Desec's training platform allows professionals around of the world to acquire knowledge and practical experience in Information Security.

Framatome

Framatome

Framatome Cybersecurity portfolio is directly inspired by its unique experience in nuclear safety for critical information systems and electrical systems design.

Armexa

Armexa

Armexa is a leading provider of advanced industrial cybersecurity solutions that protect your critical OT and ICS infrastructure against ever-changing threats.

Inflection Point Ventures (IPV)

Inflection Point Ventures (IPV)

Inflection Point Ventures (IPV) is a 6000+ members angel investing firm which supports new-age entrepreneurs by connecting them with a diverse group of investors.

Defentry

Defentry

Defentry have created an Ecosystem that lets our users easily monitor, train and resolve their digital security issues.

DOT Europe

DOT Europe

DOT Europe is a consensus based organisation which brings a diverse membership together to agree on their collective stance on EU tech policy.

BlackSignal Technologies

BlackSignal Technologies

BlackSignal Technologies provides cybersecurity, digital signal processing and electronic warfare products to help DOD and IC agency customers counter near-peer threats and security challenges.