Forget Trident & Welcome To Cyber Warfare

Uploaded on 2016-03-01 in TECHNOLOGY--Developments, NEWS-Cybersecurity News, GOVERNMENT-Defence, FREE TO VIEW

Forget debates about Britain’s nuclear deterrent. New technology means a country can be brought to its knees with the click of a mouse

The naval base at La Spezia in northern Italy is in an advanced state of decay. The grand Mussolini-era barracks are shuttered; the weeds won their battle with the concrete some time ago. But amid the crumbling masonry, there is an incongruously neat little building, shaded behind a line of flags, with smartly outfitted security men behind its glass doors.

This is Nato’s Centre for Maritime Research and Experimentation (CMRE). As one battleship after another has been removed from what remains of the Italian navy, and the base is wound down, the centre is preparing for a new kind of marine warfare amid the wreckage of the old.

The CMRE at La Spezia is not alone in this field. It has far bigger, better funded – and much more secretive – counterparts in the US, Russia and China. But the technicians here insist they are working on the state of the art.

For half a century, big missile submarines, known as boomers, have been arguably the most decisive weapon systems in modern warfare, the queen on the strategic chessboard, because of their capacity to remain unseen until the critical moment, unleashing enormous destructive force without warning. Now that dominant position is under threat. A submarine can hide from a few noisily obvious ships and planes, but it is harder to hide from a swarm of small, virtually undetectable drones.

The robots being developed here can potentially be made cheap and expendable, and capable of being deployed in large numbers to cover vast expanses of sea. Once fully developed, they could tilt the balance of power beneath the waves – much as airborne drones are already doing in the sky. It is unclear how far other countries have got with underwater drone technology; it is known that the Russian navy is working on it intensively.

The implications of these advances, are far-reaching for all military powers, but none more so than the UK, which depends on the invisibility and stealth of submarines for its Trident nuclear missiles. The government is in the process of placing a £31bn gamble that its submarines will stay invisible for the foreseeable future – a bet that might be splitting the Labour party but is little debated outside it. Yet these developments could drastically change the debate: from whether an independent British nuclear deterrent is good, bad or necessary, to whether Trident would even function as a deterrent in the long term.

Hovering above all this is arguably the biggest threat of all – cyber warfare: the great wild card that can turn the world’s most advanced technology against itself with a few well-placed lines of code.

In a hotel in the Estonian capital Tallinn, 400 soldiers and civilians are taking part in Nato’s biggest ever cyber war game, Locked Shields. At ranks of computer screens, young men with crew cuts in camouflage fatigues sit interspersed with teams of male and female hackers in green and yellow T-shirts, most in their early 20s, many with piercings and tattoos.

Estonia learned the importance of cyber defence the hardest way possible. In 2007, it became the target of the first concerted state-on-state cyber attack, when Moscow decided to show the small former Soviet republic that it was still under Russia’s shadow. The assault unfolded in late April and early May. The servers of the country’s banks were hacked, forcing them to close down all but essential operations, and move to proxy servers in Lithuania. Without a shot being fired, a nation’s entire financial infrastructure was forced into exile.

At the same time, mass text messages were sent from an anonymous source to Estonia’s Russian-speaking minority, telling them to drive very slowly through the city centre at a certain time of day. The drivers kept moving, so technically no crime was committed, but it brought Tallinn to a virtual standstill. Then the telephone numbers of vital government services all started ringing at once, nonstop, as they were swamped by robot calls.

In anticipation of the next big attack, Nato’s Cooperative Cyber Defence Centre of Excellence has been set up in Tallinn, and links have been established between the military and a civilian infrastructure. Most of the Estonian computer experts and hackers currently sitting in this hotel ballroom would be called up in a crisis.

If the 2007 incident was destabilising, it now seems as rudimentary as a zeppelin attack. The weapons available to hackers today are far more sophisticated and powerful, menacing even the most heavily guarded networks. The Locked Shields exercise in Tallinn is designed to anticipate what the next onslaught might look like: a complex scenario in which an imaginary country, Berylia, which looks very like Estonia, comes under a surprise attack by both strategically placed explosives and an escalating cyber assault focused on its most sensitive industry, a drone manufacturer. The assailants are anonymous, but seem to be working for Berylia’s bitter rival and neighbour, Crimsonia, an imaginary state that closely resembles Vladimir Putin’s Russia.

West’s agency logs around 200m suspicious events a week. Many of those are automatically discarded by filters, but that still leaves 250-350 serious cases each week against Nato HQ and bases around the world, each of them requiring intervention from the 200-strong multinational group of security analysts and programmers gathered here. There are many more attacks on the national infrastructures of member states.

Right now, the greatest constraint on Nato’s ability to defend itself against attack is the scarcity of security specialists. The Russian and Chinese security establishments are known to have corralled networks of hackers.

In China, the now infamous Unit 61398 of the People’s Liberation Army was discovered, in 2013, to have been running an almost constant cyber-offensive against western companies and governments for seven years, from a 12-storey building in Shanghai; the offensive involved thousands of English-speaking hackers. A mass networked assault on Nato infrastructure from China two years ago is believed to have been the work of the same unit; more recently, there have been constant attacks on Nato from hacktivist groups such as CyberBerkut, backing Russian intervention in eastern Ukraine.

According to former defence secretary Des Browne, Britain has not even begun to make a comprehensive assessment of its vulnerability. He argues that Trident’s effectiveness can no longer be taken for granted. “Cyber attacks are already able to undermine the reliability of our nuclear command, control and communications,” he says. “No longer can we guarantee that the weapons will work as we designed them to do when we reach for them.”

Guardian

 

« Executive Education: Brown University’s Master In Cybersecurity
Inside The FBI's Encryption Battle With Apple »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Opengear

Opengear

Opengear ensures network resilience to enterprises by enabling business continuity with the Network Resilience Platform.

AhnLab

AhnLab

AhnLab provides a range of information security solutions including network security, endpoint security, antivirus and consulting services.

Capita

Capita

Capita is a consulting, digital services and software business, providing end-to-end enterprise IT services and solutions focused around digital transformation and innovation.

Puleng Technologies

Puleng Technologies

Puleng provides customers with a client-centric strategy to manage and secure the two most valuable assets an organisation has - its Data and Users.

Expanse

Expanse

Expanse SaaS-delivered products plus service expertise reduce your internet edge risk to prevent breaches and successful attacks.

CybernetIQ

CybernetIQ

CLAW by CybernetIQ is the industry's most advanced SOAR platform helping unify all cybersecurity tools under one umbrella and providing organizations faster, better and more accurate cybersecurity.

International Accreditation Forum (IAF)

International Accreditation Forum (IAF)

The IAF is the world association of Conformity Assessment Accreditation Bodies. Its primary function is to develop a single worldwide programme of conformity assessment.

MetaCert

MetaCert

MetaCert’s Zero Trust browser software reduces the risk of organizations being compromised with a phishing-led cyberattack by more than 98%.

Simplilearn

Simplilearn

Simplilearn is the world's #1 online bootcamp for digital skills training in disciplines such as Cyber Security, Cloud Computing, Project Management, Digital Marketing, and Data Science.

MyCena

MyCena

MyCena has developed a complete system of security, control and management for decentralised credentials.

Laminar

Laminar

Laminar provides the only Public Cloud Data Protection solution that provides full visibility and enforcement capabilities across your entire public cloud infrastructure.

Torq

Torq

Torq's no-code automation modernizes how security & operations teams work with easy workflow building, limitless integrations and numerous pre-built templates.

Cycurion

Cycurion

Cycurion is a global leading provider of Network Communications and Information Technology Security Solutions.

StrongBox.Academy

StrongBox.Academy

StrongBox.Academy provides cybersecurity training courses that are tailored to the specific needs and challenges of the industry.

Sardine

Sardine

Sardine is a leader in financial crime prevention. Using unparalleled device intelligence and behavior biometrics, Sardine applies machine learning to detect and stop fraud before it happens.

Invary

Invary

Invary's expert Runtime Integrity solution, powered by NSA-licensed technology, verifies the security and confidentiality of your system.