Forget Trident & Welcome To Cyber Warfare

Uploaded on 2016-03-01 in TECHNOLOGY--Developments, NEWS-Cybersecurity News, GOVERNMENT-Defence, FREE TO VIEW

Forget debates about Britain’s nuclear deterrent. New technology means a country can be brought to its knees with the click of a mouse

The naval base at La Spezia in northern Italy is in an advanced state of decay. The grand Mussolini-era barracks are shuttered; the weeds won their battle with the concrete some time ago. But amid the crumbling masonry, there is an incongruously neat little building, shaded behind a line of flags, with smartly outfitted security men behind its glass doors.

This is Nato’s Centre for Maritime Research and Experimentation (CMRE). As one battleship after another has been removed from what remains of the Italian navy, and the base is wound down, the centre is preparing for a new kind of marine warfare amid the wreckage of the old.

The CMRE at La Spezia is not alone in this field. It has far bigger, better funded – and much more secretive – counterparts in the US, Russia and China. But the technicians here insist they are working on the state of the art.

For half a century, big missile submarines, known as boomers, have been arguably the most decisive weapon systems in modern warfare, the queen on the strategic chessboard, because of their capacity to remain unseen until the critical moment, unleashing enormous destructive force without warning. Now that dominant position is under threat. A submarine can hide from a few noisily obvious ships and planes, but it is harder to hide from a swarm of small, virtually undetectable drones.

The robots being developed here can potentially be made cheap and expendable, and capable of being deployed in large numbers to cover vast expanses of sea. Once fully developed, they could tilt the balance of power beneath the waves – much as airborne drones are already doing in the sky. It is unclear how far other countries have got with underwater drone technology; it is known that the Russian navy is working on it intensively.

The implications of these advances, are far-reaching for all military powers, but none more so than the UK, which depends on the invisibility and stealth of submarines for its Trident nuclear missiles. The government is in the process of placing a £31bn gamble that its submarines will stay invisible for the foreseeable future – a bet that might be splitting the Labour party but is little debated outside it. Yet these developments could drastically change the debate: from whether an independent British nuclear deterrent is good, bad or necessary, to whether Trident would even function as a deterrent in the long term.

Hovering above all this is arguably the biggest threat of all – cyber warfare: the great wild card that can turn the world’s most advanced technology against itself with a few well-placed lines of code.

In a hotel in the Estonian capital Tallinn, 400 soldiers and civilians are taking part in Nato’s biggest ever cyber war game, Locked Shields. At ranks of computer screens, young men with crew cuts in camouflage fatigues sit interspersed with teams of male and female hackers in green and yellow T-shirts, most in their early 20s, many with piercings and tattoos.

Estonia learned the importance of cyber defence the hardest way possible. In 2007, it became the target of the first concerted state-on-state cyber attack, when Moscow decided to show the small former Soviet republic that it was still under Russia’s shadow. The assault unfolded in late April and early May. The servers of the country’s banks were hacked, forcing them to close down all but essential operations, and move to proxy servers in Lithuania. Without a shot being fired, a nation’s entire financial infrastructure was forced into exile.

At the same time, mass text messages were sent from an anonymous source to Estonia’s Russian-speaking minority, telling them to drive very slowly through the city centre at a certain time of day. The drivers kept moving, so technically no crime was committed, but it brought Tallinn to a virtual standstill. Then the telephone numbers of vital government services all started ringing at once, nonstop, as they were swamped by robot calls.

In anticipation of the next big attack, Nato’s Cooperative Cyber Defence Centre of Excellence has been set up in Tallinn, and links have been established between the military and a civilian infrastructure. Most of the Estonian computer experts and hackers currently sitting in this hotel ballroom would be called up in a crisis.

If the 2007 incident was destabilising, it now seems as rudimentary as a zeppelin attack. The weapons available to hackers today are far more sophisticated and powerful, menacing even the most heavily guarded networks. The Locked Shields exercise in Tallinn is designed to anticipate what the next onslaught might look like: a complex scenario in which an imaginary country, Berylia, which looks very like Estonia, comes under a surprise attack by both strategically placed explosives and an escalating cyber assault focused on its most sensitive industry, a drone manufacturer. The assailants are anonymous, but seem to be working for Berylia’s bitter rival and neighbour, Crimsonia, an imaginary state that closely resembles Vladimir Putin’s Russia.

West’s agency logs around 200m suspicious events a week. Many of those are automatically discarded by filters, but that still leaves 250-350 serious cases each week against Nato HQ and bases around the world, each of them requiring intervention from the 200-strong multinational group of security analysts and programmers gathered here. There are many more attacks on the national infrastructures of member states.

Right now, the greatest constraint on Nato’s ability to defend itself against attack is the scarcity of security specialists. The Russian and Chinese security establishments are known to have corralled networks of hackers.

In China, the now infamous Unit 61398 of the People’s Liberation Army was discovered, in 2013, to have been running an almost constant cyber-offensive against western companies and governments for seven years, from a 12-storey building in Shanghai; the offensive involved thousands of English-speaking hackers. A mass networked assault on Nato infrastructure from China two years ago is believed to have been the work of the same unit; more recently, there have been constant attacks on Nato from hacktivist groups such as CyberBerkut, backing Russian intervention in eastern Ukraine.

According to former defence secretary Des Browne, Britain has not even begun to make a comprehensive assessment of its vulnerability. He argues that Trident’s effectiveness can no longer be taken for granted. “Cyber attacks are already able to undermine the reliability of our nuclear command, control and communications,” he says. “No longer can we guarantee that the weapons will work as we designed them to do when we reach for them.”

Guardian

 

« Executive Education: Brown University’s Master In Cybersecurity
Inside The FBI's Encryption Battle With Apple »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Brinqa

Brinqa

Brinqa is a leading provider of unified risk management and security analytics.to manage IT governance and technology risk.

Cybersecurity Philippines CERT (CSP-CERT)

Cybersecurity Philippines CERT (CSP-CERT)

Cybersecurity Philippines CERT is the national Computer Emergency Response Team for the Philippines.

Terranova Security

Terranova Security

Terranova is dedicated to providing information security awareness programs customized to your internal policies and procedures.

UNIDIR Cyber Policy Portal

UNIDIR Cyber Policy Portal

The UNIDIR Cyber Policy Portal is an online reference tool that maps the cybersecurity and cybersecurity-related policy landscape.

Cowbell Cyber

Cowbell Cyber

Cowbell Cyber™ offers continuous risk assessment, comprehensive cyber liability coverage, and continuous underwriting through an AI-powered platform.

British Blockchain Association (BBA)

British Blockchain Association (BBA)

British Blockchain Association (BBA) is a not-for-profit organisation that promotes evidence-based adoption of Blockchain and Distributed Ledger Technologies (DLT) across the public and private sector

Security Management Partners (SMP)

Security Management Partners (SMP)

Security Management Partners (SMP) is a trusted partner to financial services, healthcare and businesses that need to manage their information, securely.

CYRISMA

CYRISMA

CYRISMA is a revolutionary cybersecurity platform that helps organizations manage risk without the usual headaches associated with enterprise cybersecurity tools.

ConnectWise

ConnectWise

The Unified ConnectWise Platform offers intelligent software and expert services to easily run your business, deliver your services, secure your clients, and build your staff.

CERT.JE

CERT.JE

CERT.JE is responsible for promoting and improving the cyber resilience across the critical national infrastructure, business communities and citizens in Jersey.

ConductorOne

ConductorOne

ConductorOne is building the identity security platform for the modern workforce.

Ivolv Cybersecurity

Ivolv Cybersecurity

Ivolv is here to assist your organization in building effective protection and resilience against cyber attacks.

Queen Consulting & Technologies

Queen Consulting & Technologies

Queen Consulting & Technologies specialize in providing IT support, management, and Security to Gov’t Contractors, CPAs, and Nonprofits.

QANplatform

QANplatform

QANplatform is a Quantum-resistant hybrid blockchain platform.

DACTA Global

DACTA Global

DACTA was established with the aim of simplifying the perception of complexity surrounding digital security challenges and solutions.

Cloud & More

Cloud & More

Tired of impersonal IT support? Experience the Cloud & More difference. We offer tailored IT services with a personal touch, ensuring your business technology runs smoothly.