Global Cyber Conflict Is Close

The announcement of a sixth subterranean nuclear test has the world talking about how to contain the threat of a nuclear -ready North Korea, but there is another concern getting insufficient attention: the potential for full spectrum cyber war.

Just what that might look like is known, but seldom discussed.

Remember the NASDAQ flash crash? It happened on May 6, 2010, at 2:32 pm and lasted for more than 30 minutes. It was a trillion-dollar stock market crash.

At the time, a minority in the cybersecurity community believed that crash was a hack. Some time ago the Washington Post chided the tendency to cry “hacking” when something systemic fails.

“The 2003 Northeast blackout was first blamed on hacking, the 2010 ‘flash crash’ was first blamed on hacking.” That said, James Lewis opined, “Evil mad-genius hackers who want to wreak mass havoc on society because they are in a bad mood don’t exist in real life.”

Fair enough, but evil state-sponsored hackers do want to wreak mass havoc on the societies they deem to be the enemy.

It is probable, not just possible, that cyberattacks will shut down the power grid (that may have already happened in the Ukraine), erase or paralyse financial data systems or cause military equipment to malfunction in the near future.

Certainly very odd

“It certainly is very odd that so many incidents have taken place in a relatively short period of time,” Finnish computer programmer Harri Hursti told me.

Hursti said vulnerabilities in GPS technology would be the logical place to start any investigation into the US Navy mishaps that have plagued the Pacific fleet this year, but pointed out that there was not enough information about the systems used to make an educated guess at what may have happened.

He did go on to say that pseudolites (a contraction of pseudo-satellite) might have been involved, since these mechanisms are capable of sending false information to the kinds of receivers used in marine navigation.

The unpredictability of war

Say what you will about President Trump’s missteps, he’s right about the need for stealth when it comes to wartime decisions. And make no mistake, with or without missiles flying, we are at war with many nation states, although North Korea seems to be first among them.

“A one-time event is unpredictable,” said Ondrej Krehel, CEO and founder of LIFARS, a digital forensics and cybersecurity intelligence firm.

We were discussing the crash of the Navy destroyer USS John S. McCain, specifically the possibility that the “steering failure” experienced by that ship was a hack.

Earlier hacks made it at least conceivable. There was the infamous example where white hat hackers were able to kill the engine of a Jeep driving at the upper speed limit on a highway and still other car hacks, including speculation that the one-car crash that killed journalist Michael Hastings may have been the result of a hack as well.

“Anything is possible,” Krehel said.

“All the systems on a ship are interconnected.” Listing the various modes of possible attack, including a man-in-the-middle take-over of the destroyer’s satellite navigation system, Krehel said the most likely mode was one that would be undetectable, and has not been discussed much in media reports.

“Implants,” Krehel said. “That would be impossible to detect.”

Krehel was talking about cyber organisms that live in memory systems, migrated there through spear phishing campaigns targeted at specific personnel, which is still the most common way this kind of infiltration occurs. The organisms have the ability to create complete system failure, destroying all data in the process, including the bug.

When it comes to cyber protections, it is a truism that for every knock on the front door, there are a thousand-fold attempts at windows, side doors and vents, and human beings are the weakest link in any system.

“The beauty of this kind of attack,” Krehel told me, “is that when it shuts down the system, it is deleted. There is no trace.”

Forewarned is forearmed

In our post-Wikileaks, post-Stuxnet world, we know state-sponsored cyber war exists, and the capabilities are unknowable.
As I’ve said elsewhere, things that look like freak accidents, glitches of technology, could be acts of war. It is simply impossible for anyone outside of the Pentagon to know for sure.

President Trump announced recently that Cyber Command would no longer report to the NSA but would rather, and finally, be elevated to a "Unified Combatant Command." This means that it would be a military operation in its own right, on an equal footing with the other commands overseeing military operations worldwide.

It is up to Defense Secretary Gen. James Mattis to sort out exactly how this will happen, something that may get lost in the shuffle while the world scrambles to get a nuclear muzzle on North Korea. It’s imperative that we stay focused on Cyber Command at such a crucial juncture, because while we look at the sky for scudding missiles, a worm could very well turn off the lights.

The Hill

You Might Also Read

Is A Cyber Attack An Act of War?:

Which Countries Are Ready For Cyberwar?:

« Measuring The Economic Value of Data
Cybersecurity Investigations After US Naval Collision »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

SK-CERT

SK-CERT

SK-CERT National Computer Computer Emergency Response Team of Slovakia.

Baffle

Baffle

Baffle is pioneering a solution that makes data breaches irrelevant by keeping data encrypted from production through processing.

KeepSolid

KeepSolid

KeepSolid is a Virtual Private Network services provider offering secure encrypted access to the internet.

Halon

Halon

Halon is a flexible security and operations platform for in-transit email.

Compnet

Compnet

Compnet is a service company that assists customers in integrating complete ICT systems including network infrastructure and security solutions.

Sera-Brynn

Sera-Brynn

Sera-Brynn is one of the highest-ranked, pure-play cybersecurity compliance and advisory firms in the world.

S4x Events

S4x Events

S4x are the most advanced and largest ICS cyber security events in the world.

Venrock

Venrock

Venrock helps entrepreneurs build some of the world's most disruptive, successful companies. We invest in technology: Security, Cloud Services, Big Data, Healthcare IT, AdTech.

Scout Ventures

Scout Ventures

Scout Ventures is an early stage venture capital firm that is making the world a better, safer place by cultivating standout frontier technologies.

Silent Sector

Silent Sector

Silent Sector is a cybersecurity services company that specializes in providing a wide range of managed security services.

Ascent Cyber

Ascent Cyber

Ascent Cyber provide simple and stress-free solutions to protect your business and its customers from the worries and costs of cybercrime.

East Midlands Cyber Resilience Centre (EMCRC)

East Midlands Cyber Resilience Centre (EMCRC)

The East Midlands Cyber Resilience Centre is set up to support and help protect businesses across the region against cyber crime.

PhishFirewall

PhishFirewall

PhishFirewall is an advanced AI-driven CyberSecurity Awareness Education, Threat Emulation, and Human Security Analytics Platform.

One82

One82

Serving emerging small and medium-sized businesses in California and neighboring regions for over 20 years, One82 has established itself as the most dependable provider of IT support services.

Leaf IT

Leaf IT

Leaf IT are a pioneering cloud-first MSP, dedicated to helping businesses in the UK and Ireland. We focus on delivering tangible results for our clients through IT transformation.

Cyber Guards

Cyber Guards

Cyber Guards provide comprehensive, turn-key cyber security programs for small and mid-size business for about the cost of one full-time cybersecurity hire.