Hacker, Tailor, Soldier, Spy: Future Cyberwar

Uploaded on 2017-01-30 in NEWS-Cybersecurity News, GOVERNMENT-Defence, FREE TO VIEW, BUSINESS-Production-Utilities

In the dead of winter, the electricity goes out. Not just in your town, but in many small towns nearby. After a few hours, power returns, but not everywhere. In some places it’s out for days. 

Hospitals struggle to keep generators running to treat hypothermia sufferers; emergency lines are jammed, preventing ambulances from being dispatched. An overwhelmed police force struggles to maintain calm. What first appeared an inconvenient accident is soon revealed as an act of sabotage: someone wants the power down. Someone is sowing chaos and waiting to take advantage.    

This was the nightmare scenario lurking beneath the recent breathless reporting by the Washington Post that “Russian hackers had penetrated the US electric grid” via a Vermont utility. The specter of foreign invaders lurking in the nation’s infrastructure prompted a statement from Vermont Sen. Patrick J. Leahy: 

“This is beyond hackers having electronic joy rides, this is now about trying to access utilities to potentially manipulate the grid and shut it down in the middle of winter.” Other politicians were equally heated, with Vermont Gov. Peter Shumlin calling Russian president Vladimir Putin a “thug” and saying, “This episode should highlight the urgent need for our federal government to vigorously pursue and put an end to this sort of Russian meddling.”

Soon, though, the Post had to acknowledge that the Russians hadn’t infiltrated Vermont’s power grid after all. The computer in question, a laptop not connected to the grid, reportedly triggered an alarm when a user logged into his Yahoo email account, as millions of people do every day. Experts dismissed the false alarm.

The speed with which politicians rushed to cast blame speaks to a pervasive cultural concern about the vulnerability of interconnectedness. As more devices come online, think of the much-vaunted “Internet of Things,” encompassing cars, refrigerators, dolls, baby monitors, and more, it’s easier to imagine them becoming weaponized, used to disrupt our increasingly digital lives. 

For a certain cast of mind, it’s easier to imagine that everything is connected and vulnerable, even if that’s not the case. At the same time, there are real dangers. When experts talk about often murky concept of “cyberwar,” they’re often tempering understandable paranoia with realism. Like William Gibson’s concept of the future, cyberwar is already here, but it’s not evenly distributed, and certainly not in the fully formed way of actual war.

Take the now-familiar example of hacking the power grid. “There is no single electric grid in the United States,” said Mark Mills, a senior fellow at the Manhattan Institute. There are thousands of grids, both local distribution grids and long-haul transmission grids, and most aren’t connected to the Internet; there’s no universal switch to just turn off the power in the US. 

But Mills also argued that making grids “smarter” and more interconnected increases vulnerability to hackers. While the industry and many regulators understand that risk, there’s still a push to bring systems online, “smarter” is better. Multiple, coordinated attacks could disable multiple grids, increasing chaos and uncertainty.

Once inside the network, hackers can install backdoors to continue wreaking havoc even if they’re discovered. For a sophisticated attacker, that might mean using zero-day exploits, security holes that haven’t yet been discovered and patched. But Scott said that level of technical skill might not even be necessary. Too many small and mid-sized organisations don’t diligently update their software with security patches, he said, “and so they will have the networks completely riddled with exploits ready to go.”

The Northeast blackout of 2003, caused primarily by a software bug, knocked out power to 55 million people; nearly 100 people died, but there was no widespread panic. Scott, too, imagines a situation in which knocking out the power is a prelude to more violent tactics. And to further panic, attackers could disrupt emergency communications. “You could do that by spamming 911, making it so no legitimate calls could get through. That’s easy to do,” he said.

Still, countries continue to spend millions honing their cybersecurity capabilities, both offensive and defensive. Since 2010, NATO has run a cyber-defense exercise called Locked Shields, involving more 550 people across 26 countries, organized from Tallinn, Estonia. 

Participants can work from their home countries, carrying out attacks on a fictional country; defenders try to maintain the country’s servers, online services, and an industrial control system. 

It’s valuable preparation for a series of potentially unfortunate events; forewarned is forearmed, after all. But Singer cautions that we can be prepared for cyberwar without being paranoid about it.

Vocativ:       War In The Information Age:        Jason Bourne: Envisioning A ‘frightening’ Cyberwar:

Ukraine Blackout – The Future Of War

 

« Director's Departure Leaves A Big Hole At GCHQ
Directors Report January 2017. Cyber Security Checklist For Management (£) »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Zscaler

Zscaler

Zscaler enables the world’s leading organizations to securely transform their networks and applications for a mobile and cloud first world.

Sumo Logic

Sumo Logic

Sumo Logic simplifies how you collect and analyze machine data so that you can gain deep visibility across your full application and infrastructure stack.

Awen Collective

Awen Collective

Awen Collective develops software-based tools for performing Digital Forensics, Incident Response and Cyber-Crime Investigation.

Lynx

Lynx

Lynx provides high added value services in the area of information systems security and ICT infrastructure building.

Fraud.com

Fraud.com

Fraud.com ensures trust at every step of the customer's digital journey; this complete end-to-end protection delivers unified identity, authentication and fraud detection and prevention.

Cyfirma

Cyfirma

CYFIRMA offers Cyber threat visibility and intelligence suite and services aimed at keeping your organization’s cybersecurity posture up-to-date.

Cybersecurity Coalition

Cybersecurity Coalition

The mission of the Cybersecurity Coalition is to bring together leading companies to help policymakers develop consensus-driven policy solutions to achieve improvements in cybersecurity.

Asset Guardian Solutions (AGSL)

Asset Guardian Solutions (AGSL)

Asset Guardian are dedicated to protecting the integrity of process control systems software that is used to control operations and production processes.

Kratikal

Kratikal

Kratikal provides a complete suite of manual and automated security testing services.

Global Accelerator Network (GAN)

Global Accelerator Network (GAN)

Global Accelerator Network are a highly curated community of independent Accelerators, Partners and Investors.

Cardonet

Cardonet

Cardonet is an IT Support and IT Services business offering end-to-end IT services, 24x7 IT Support to IT Consultancy, Managed IT and Cyber Security.

DigitalPlatforms

DigitalPlatforms

DigitalPlatforms SpA is an Italian group with the mission of providing end-to-end solutions and Internet of Things and Cyber technologies to companies that manage critical infrastructures.

Commission Nationale de l'Informatique et des Libertés (CNIL)

Commission Nationale de l'Informatique et des Libertés (CNIL)

The mission of CNIL is to protect personal data, support innovation, and preserve individual liberties.

Framework Security

Framework Security

With Framework Security, you get more than a consultancy; you get a partner dedicated to simplifying cybersecurity and protecting your business in the most efficient way possible.

Disecto Technologies

Disecto Technologies

At Disecto, we provide SaaS based Data Discovery, Classification and a remediation solution for data privacy compliance.

Scope AI

Scope AI

Scope AI is an innovative technology company specializing in quantum security and machine learning.