Forget Trident & Welcome To Cyber Warfare

Forget debates about Britain’s nuclear deterrent. New technology means a country can be brought to its knees with the click of a mouse

The naval base at La Spezia in northern Italy is in an advanced state of decay. The grand Mussolini-era barracks are shuttered; the weeds won their battle with the concrete some time ago. But amid the crumbling masonry, there is an incongruously neat little building, shaded behind a line of flags, with smartly outfitted security men behind its glass doors.

This is Nato’s Centre for Maritime Research and Experimentation (CMRE). As one battleship after another has been removed from what remains of the Italian navy, and the base is wound down, the centre is preparing for a new kind of marine warfare amid the wreckage of the old.

The CMRE at La Spezia is not alone in this field. It has far bigger, better funded – and much more secretive – counterparts in the US, Russia and China. But the technicians here insist they are working on the state of the art.

For half a century, big missile submarines, known as boomers, have been arguably the most decisive weapon systems in modern warfare, the queen on the strategic chessboard, because of their capacity to remain unseen until the critical moment, unleashing enormous destructive force without warning. Now that dominant position is under threat. A submarine can hide from a few noisily obvious ships and planes, but it is harder to hide from a swarm of small, virtually undetectable drones.

The robots being developed here can potentially be made cheap and expendable, and capable of being deployed in large numbers to cover vast expanses of sea. Once fully developed, they could tilt the balance of power beneath the waves – much as airborne drones are already doing in the sky. It is unclear how far other countries have got with underwater drone technology; it is known that the Russian navy is working on it intensively.

The implications of these advances, are far-reaching for all military powers, but none more so than the UK, which depends on the invisibility and stealth of submarines for its Trident nuclear missiles. The government is in the process of placing a £31bn gamble that its submarines will stay invisible for the foreseeable future – a bet that might be splitting the Labour party but is little debated outside it. Yet these developments could drastically change the debate: from whether an independent British nuclear deterrent is good, bad or necessary, to whether Trident would even function as a deterrent in the long term.

Hovering above all this is arguably the biggest threat of all – cyber warfare: the great wild card that can turn the world’s most advanced technology against itself with a few well-placed lines of code.

In a hotel in the Estonian capital Tallinn, 400 soldiers and civilians are taking part in Nato’s biggest ever cyber war game, Locked Shields. At ranks of computer screens, young men with crew cuts in camouflage fatigues sit interspersed with teams of male and female hackers in green and yellow T-shirts, most in their early 20s, many with piercings and tattoos.

Estonia learned the importance of cyber defence the hardest way possible. In 2007, it became the target of the first concerted state-on-state cyber attack, when Moscow decided to show the small former Soviet republic that it was still under Russia’s shadow. The assault unfolded in late April and early May. The servers of the country’s banks were hacked, forcing them to close down all but essential operations, and move to proxy servers in Lithuania. Without a shot being fired, a nation’s entire financial infrastructure was forced into exile.

At the same time, mass text messages were sent from an anonymous source to Estonia’s Russian-speaking minority, telling them to drive very slowly through the city centre at a certain time of day. The drivers kept moving, so technically no crime was committed, but it brought Tallinn to a virtual standstill. Then the telephone numbers of vital government services all started ringing at once, nonstop, as they were swamped by robot calls.

In anticipation of the next big attack, Nato’s Cooperative Cyber Defence Centre of Excellence has been set up in Tallinn, and links have been established between the military and a civilian infrastructure. Most of the Estonian computer experts and hackers currently sitting in this hotel ballroom would be called up in a crisis.

If the 2007 incident was destabilising, it now seems as rudimentary as a zeppelin attack. The weapons available to hackers today are far more sophisticated and powerful, menacing even the most heavily guarded networks. The Locked Shields exercise in Tallinn is designed to anticipate what the next onslaught might look like: a complex scenario in which an imaginary country, Berylia, which looks very like Estonia, comes under a surprise attack by both strategically placed explosives and an escalating cyber assault focused on its most sensitive industry, a drone manufacturer. The assailants are anonymous, but seem to be working for Berylia’s bitter rival and neighbour, Crimsonia, an imaginary state that closely resembles Vladimir Putin’s Russia.

West’s agency logs around 200m suspicious events a week. Many of those are automatically discarded by filters, but that still leaves 250-350 serious cases each week against Nato HQ and bases around the world, each of them requiring intervention from the 200-strong multinational group of security analysts and programmers gathered here. There are many more attacks on the national infrastructures of member states.

Right now, the greatest constraint on Nato’s ability to defend itself against attack is the scarcity of security specialists. The Russian and Chinese security establishments are known to have corralled networks of hackers.

In China, the now infamous Unit 61398 of the People’s Liberation Army was discovered, in 2013, to have been running an almost constant cyber-offensive against western companies and governments for seven years, from a 12-storey building in Shanghai; the offensive involved thousands of English-speaking hackers. A mass networked assault on Nato infrastructure from China two years ago is believed to have been the work of the same unit; more recently, there have been constant attacks on Nato from hacktivist groups such as CyberBerkut, backing Russian intervention in eastern Ukraine.

According to former defence secretary Des Browne, Britain has not even begun to make a comprehensive assessment of its vulnerability. He argues that Trident’s effectiveness can no longer be taken for granted. “Cyber attacks are already able to undermine the reliability of our nuclear command, control and communications,” he says. “No longer can we guarantee that the weapons will work as we designed them to do when we reach for them.”

Guardian

 

« Executive Education: Brown University’s Master In Cybersecurity
Inside The FBI's Encryption Battle With Apple »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Indelible Data

Indelible Data

Indelible Data is an established information security and technology consultancy and a Cyber Essentials Certification Body.

Cura Software Solutions

Cura Software Solutions

Cura Software Solutions (formerly Cura Technologies) is a market-leader in Governance, Risk and Compliance (GRC) enterprise applications.

idappcom

idappcom

idappcom provides unique industry approved software solutions for auditing and enhancing the threat recognition and response capabilities of your corporate security defences.

Cybersecurity Advisors Network (CyAN)

Cybersecurity Advisors Network (CyAN)

CyAN provides a not-for-profit platform that helps private and public organisations as well as governments to identify trusted advisors in the area of Cyber Security and Cyber Crime.

Honeywell Process Solutions (HPS)

Honeywell Process Solutions (HPS)

Honeywell's Industrial Cyber Security Solutions help plants and critical infrastructure sectors defend the availability, reliability and safety of their industrial control systems.

Infopercept Consulting

Infopercept Consulting

Infopercept is a leading cybersecurity company in India, providing a critical layer of security to protect business information, infrastructure & assets across the organization.

CleanCloud by SEK

CleanCloud by SEK

CleanCloud by SEK is a CSPM product focused on public cloud data protection and security regulations, with over 400 compliance checks for the market's leading frameworks and regulations.

Abu Dhabi Gov Digital

Abu Dhabi Gov Digital

Gov Digital (formerly Abu Dhabi Digital Authority - ADDA) enable, support and deliver a digital government that is proactive, personalised, collaborative and secure.

CCX Technologies

CCX Technologies

CCX Technologies design and develop a wide range of cybersecurity and testing solutions for the aviation, and military and government markets.

Endor Labs

Endor Labs

Endor Labs gives developers and security teams the context they need to prioritize open source risk.

CyberFOX

CyberFOX

CyberFOX is a global cybersecurity solutions provider focused on identity access management (IAM) for managed service providers (MSPs) and IT professionals.

Lighthouse IT

Lighthouse IT

At Lighthouse IT, we are focused on delivering seamless and reliable services to unlock the value of technology for your business.

NSW IT Support

NSW IT Support

NSW IT Support: Your exclusive hub for comprehensive Business IT services in Sydney. Our skilled team ensures seamless technology solutions nationwide, consistently delivering top-tier IT support.

Sprocket Security

Sprocket Security

Sprocket Security protects your business by monitoring the cybersecurity landscape and performing continuous penetration testing services.

Tyto Athene

Tyto Athene

At Tyto Athene, we harness the power of technology to provide solutions that shape the future.

TerraZone

TerraZone

TerraZone is a global cyber security and privacy solutions provider to governments and enterprises.