Forget Trident & Welcome To Cyber Warfare

Forget debates about Britain’s nuclear deterrent. New technology means a country can be brought to its knees with the click of a mouse

The naval base at La Spezia in northern Italy is in an advanced state of decay. The grand Mussolini-era barracks are shuttered; the weeds won their battle with the concrete some time ago. But amid the crumbling masonry, there is an incongruously neat little building, shaded behind a line of flags, with smartly outfitted security men behind its glass doors.

This is Nato’s Centre for Maritime Research and Experimentation (CMRE). As one battleship after another has been removed from what remains of the Italian navy, and the base is wound down, the centre is preparing for a new kind of marine warfare amid the wreckage of the old.

The CMRE at La Spezia is not alone in this field. It has far bigger, better funded – and much more secretive – counterparts in the US, Russia and China. But the technicians here insist they are working on the state of the art.

For half a century, big missile submarines, known as boomers, have been arguably the most decisive weapon systems in modern warfare, the queen on the strategic chessboard, because of their capacity to remain unseen until the critical moment, unleashing enormous destructive force without warning. Now that dominant position is under threat. A submarine can hide from a few noisily obvious ships and planes, but it is harder to hide from a swarm of small, virtually undetectable drones.

The robots being developed here can potentially be made cheap and expendable, and capable of being deployed in large numbers to cover vast expanses of sea. Once fully developed, they could tilt the balance of power beneath the waves – much as airborne drones are already doing in the sky. It is unclear how far other countries have got with underwater drone technology; it is known that the Russian navy is working on it intensively.

The implications of these advances, are far-reaching for all military powers, but none more so than the UK, which depends on the invisibility and stealth of submarines for its Trident nuclear missiles. The government is in the process of placing a £31bn gamble that its submarines will stay invisible for the foreseeable future – a bet that might be splitting the Labour party but is little debated outside it. Yet these developments could drastically change the debate: from whether an independent British nuclear deterrent is good, bad or necessary, to whether Trident would even function as a deterrent in the long term.

Hovering above all this is arguably the biggest threat of all – cyber warfare: the great wild card that can turn the world’s most advanced technology against itself with a few well-placed lines of code.

In a hotel in the Estonian capital Tallinn, 400 soldiers and civilians are taking part in Nato’s biggest ever cyber war game, Locked Shields. At ranks of computer screens, young men with crew cuts in camouflage fatigues sit interspersed with teams of male and female hackers in green and yellow T-shirts, most in their early 20s, many with piercings and tattoos.

Estonia learned the importance of cyber defence the hardest way possible. In 2007, it became the target of the first concerted state-on-state cyber attack, when Moscow decided to show the small former Soviet republic that it was still under Russia’s shadow. The assault unfolded in late April and early May. The servers of the country’s banks were hacked, forcing them to close down all but essential operations, and move to proxy servers in Lithuania. Without a shot being fired, a nation’s entire financial infrastructure was forced into exile.

At the same time, mass text messages were sent from an anonymous source to Estonia’s Russian-speaking minority, telling them to drive very slowly through the city centre at a certain time of day. The drivers kept moving, so technically no crime was committed, but it brought Tallinn to a virtual standstill. Then the telephone numbers of vital government services all started ringing at once, nonstop, as they were swamped by robot calls.

In anticipation of the next big attack, Nato’s Cooperative Cyber Defence Centre of Excellence has been set up in Tallinn, and links have been established between the military and a civilian infrastructure. Most of the Estonian computer experts and hackers currently sitting in this hotel ballroom would be called up in a crisis.

If the 2007 incident was destabilising, it now seems as rudimentary as a zeppelin attack. The weapons available to hackers today are far more sophisticated and powerful, menacing even the most heavily guarded networks. The Locked Shields exercise in Tallinn is designed to anticipate what the next onslaught might look like: a complex scenario in which an imaginary country, Berylia, which looks very like Estonia, comes under a surprise attack by both strategically placed explosives and an escalating cyber assault focused on its most sensitive industry, a drone manufacturer. The assailants are anonymous, but seem to be working for Berylia’s bitter rival and neighbour, Crimsonia, an imaginary state that closely resembles Vladimir Putin’s Russia.

West’s agency logs around 200m suspicious events a week. Many of those are automatically discarded by filters, but that still leaves 250-350 serious cases each week against Nato HQ and bases around the world, each of them requiring intervention from the 200-strong multinational group of security analysts and programmers gathered here. There are many more attacks on the national infrastructures of member states.

Right now, the greatest constraint on Nato’s ability to defend itself against attack is the scarcity of security specialists. The Russian and Chinese security establishments are known to have corralled networks of hackers.

In China, the now infamous Unit 61398 of the People’s Liberation Army was discovered, in 2013, to have been running an almost constant cyber-offensive against western companies and governments for seven years, from a 12-storey building in Shanghai; the offensive involved thousands of English-speaking hackers. A mass networked assault on Nato infrastructure from China two years ago is believed to have been the work of the same unit; more recently, there have been constant attacks on Nato from hacktivist groups such as CyberBerkut, backing Russian intervention in eastern Ukraine.

According to former defence secretary Des Browne, Britain has not even begun to make a comprehensive assessment of its vulnerability. He argues that Trident’s effectiveness can no longer be taken for granted. “Cyber attacks are already able to undermine the reliability of our nuclear command, control and communications,” he says. “No longer can we guarantee that the weapons will work as we designed them to do when we reach for them.”

Guardian

 

« Executive Education: Brown University’s Master In Cybersecurity
Inside The FBI's Encryption Battle With Apple »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Sparta Consulting

Sparta Consulting

Sparta Consulting is an information management and business development full service provider.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Hivint

Hivint

Hivint is a new kind of Information Security professional services company enabling collaboration between our clients to reduce unnecessary security spend.

DefCamp

DefCamp

DefCamp is the most important annual conference on Hacking & Information Security in Central Eastern Europe.

SMiD Cloud

SMiD Cloud

SMiD encryption technology has been developed following the highest security practices to allow the data availability, integrity and confidentiality.

Philippine National Police Anti-Cybercrime Group (PNP-ACG)

Philippine National Police Anti-Cybercrime Group (PNP-ACG)

The mission of the PNP Anti-Cybercrime Group is to implement and enforce pertinent laws on cybercrime and other cyber related crimes and pursue an effective anti-cybercrime campaign.

VIQU Recruitment

VIQU Recruitment

VIQU Recruitment was formed with the primary focus of providing 'Smarter People Solutions' to the UK’s professional IT & Cyber Security markets.

Brimondo

Brimondo

At Brimondo we help you to maximize and protect your brand value by being a proactive and strategic partner within brand protection with experts within intellectual property and digital assets.

Cyber Gate Defense (CyberGate)

Cyber Gate Defense (CyberGate)

CyberGate is an Emirati establishment founded with an objective to provide cyber security services that would improve the overarching cyber security posture of the UAE.

Cyber Coaching

Cyber Coaching

Cyber Coaching is a community for enhancing technical cyber skills, through unofficial certification training, cyber mentorship, and personalised occupational transition programs.

Seemplicity

Seemplicity

Seemplicity revolutionizes the way security teams work by automating, optimizing and scaling all risk reduction workflows in one workspace.

BIRD Cyber

BIRD Cyber

BIRD Cyber is a program to promote collaboration on cybersecurity and emerging technologies aimed at enhancing the cyber resilience of critical infrastructure.

WinMagic

WinMagic

At WinMagic, we’re dedicated to making authentication and encryption solutions that protect data without causing user friction so that everyone can work freely and securely.

Cranium

Cranium

AI is being implemented into every business process, but nobody knows whether their AI is secure. Our mission is to deliver security and trust to the AI revolution.

B2Bcert

B2Bcert

B2BCERT one of the top companies offering ISO 9001, ISO 14001, ISO 45001, ISO 22000, ISO 27001, ISO 20000,CE Marking, HACCP, and other globally accepted standards and Management solutions.

Nicos AG

Nicos AG

Nicos AG specializes in secure, global data communication.