Is The World On The Verge Of A Cyber War?

A combination of geopolitical and strategic circumstances is leading to an inevitable war. It’s not the type of war we traditionally envision, which includes kinetic weapons, physical destruction and most importantly, casualties. It’s a war that will undermine information systems, expose secret political, military and diplomatic documents, target the confidentiality, integrity and availability of critical computer systems, and more.

This grim prediction stems from recent developments that nearly eliminate any sort of deterrence the United States had in cyberspace.

Most importantly, the US reaction to the Democratic National Convention hack. US President Barack Obama acknowledged that “when a foreign government tries to impact the integrity of our elections... we need to take action.”

And finally, he recently ordered the deportation of some Russian diplomats from the US. However, the absence of an immediate, strategic response to the hack is detrimental to deterring future attacks.

That could signal to other foreign actors, China for example, that such attacks against critical infrastructure in the US will go unpunished, while giving a major political advantage to the attacker at nearly no cost.

It is unlikely that Russia will be involved in major cyber operations during Donald Trump’s presidency, given that Russian President Vladimir Putin promised to stop hacking after confronted by Obama. However, that still leaves the possible scenario of China engaging in major operations against the US.

This is strengthened by recent troublesome events in the realm of US-China affairs, which consist of Trump’s phone call with Taiwanese President Tsai Ing-wen, which infuriated China due to its stance that Taiwan is an integral part of China.

Trump later suggested that the US should rethink the One China policy, which naturally did not help in mitigating this tension. Recently, China intercepted and seized a US underwater drone in the South China Sea. Although the drone has now been returned, this represents another escalation.

Predicting possible conflicts with a great degree of precision is somewhat difficult. Yet certain indications point to a possible escalation in the realm of cyberspace.

It was recently reported by cyber-security expert Bruce Schneier that someone is “learning how to take down the Internet,” which essentially means that a nation-state is “testing the ability to manipulate Internet addresses and routes, seeing how long it takes the defenders to respond, and so on. Someone is extensively testing the core defensive capabilities of the companies that provide critical Internet services.” According to Schneier, the evidence “suggests China,” but it has not been established beyond doubt, due to possible disguise used by the state involved in that probing.

Unfortunately, the DNC hack case study suggests that cyber-attacks against core democratic values may go unpunished, or may have a delayed response, like the diplomats’ deportation. To be clear, the implications of the DNC hack transcend the bilateral relations of Russia and the US, and may include other actors who monitor the situation and evaluate their future actions vis-à-vis the US.

This suggests that China is aware that the DNC hack was not accompanied by a real response on the US’s part. That observation may result in China examining the boundaries of what it can get away with in cyberspace.

It may be hard to predict the precise nature of this “cyber war,” but what’s clear is that it could potentially affect communications, online services, confidentiality of sensitive data, unavailability of critical systems and much more. This scenario will occur if tensions between China and the US escalate during the Trump presidency, and with the absence of clear deterrence strategy for cyberspace, the Chinese might get away with it.

This cyber war does not even necessarily require the utilisation of most sophisticated and forceful tools (such as cutting undersea cables, or developing specialized malware), it could simply be an immensely widespread distributed denial of service (DDoS) attack against DNS providers.

To Americans, such scenarios could be devastating.

President Obama rightly observed that the US is more vulnerable to these sort of attacks, due to its ubiquitous digitalisation and dependency on information systems. The Internet is a global platform, but certain countries are far more dependent on it than others.

The meaning would be an asymmetry in the harm that could be caused by such war to the US compared to a country like China.

Often, experts attempt to create a sterility between cyberspace and the physical world. This distinction is immensely detrimental, because it wrongly assumes that activities in cyberspace are unrelated to affairs taking place in the physical sphere.

The DNC hack attempted to influence a physical world process, just as the Sony hack in 2014 attempted to coerce Sony to cancel the release of The Interview, a movie which depicts the North Korean regime in a mocking manner. The cyber-war scenario presented in this piece will be just as physical as anything else, it will be a response to an overly Taiwan-friendly administration, as well as policies deteriorating the economic and trade relationship between China and the US.

Such war should be envisioned as part of a whole picture, involving a multitude of actors with a variety of conflicting interests and motives. The realisation that such scenario is possible if certain developments take place vis-à-vis China may be helpful in strengthening the security of the critical systems currently in place.

However, the more important realisation is that certain administration attitudes toward China may come with a price tag in cyberspace.

This integrality of the virtual and physical calls for attention in foreign affairs. It assumes that cyber-attacks happen for a reason, they are responding to certain events in the world, or attempting to influence ongoing processes, but the crux of the argument is that nation-states will not engage in cyber operations unless doing so would will directly benefit them.

The question, therefore, is whether in 2017 cyber war will benefit a nation-state, and what potential victims can do to prevent, or to respond, to such a scenario.

In a recent Forbes piece, Paul Laudicina calls for attention to the prediction that “The first crippling cyber-attack will be launched on critical infrastructure in a major economy.” Laudicina argues that the next administration should have a leading role in countering the threats emanating from cyber-space.

Although stemming from a slightly different perspective, this prediction seems more real than anything else. Though many experts and leaders have been sounding the alarm regarding a “Cyber Pearl Harbor” or “Cyber 9/11” for some time, this time it appears that circumstances are maturing in a way that makes cyber war possible.

Obama’s administration has certainly done a lot, but regretfully not enough. The White House Commission on Enhancing National Cybersecurity released its report on December 1. This report has many important, even original, recommendations. However, it is unclear whether Trump’s administration will implement any of these. In addition, the way the Obama administration dealt with the DNC hack can be seen as another misstep.

All evidence seems to suggest that Trump’s hawkish attitudes toward China may result in the dangerous precedent of a crippling, sustained and state-sponsored cyber war, which will greatly affect not only the military but also the rest of us, those who store their data online, who depend on the Internet for communication, who need cyberspace for transport control, electricity, dam management and more.

Although no bullets will be fired, such a scenario might prove to be extremely detrimental and harmful to today’s interconnected society. Given that environment, every political step against China should be weighed very, very, carefully.

2017 just might be the year of Cyber War.

Ein News:                Stuxnet, Secrecy & The New Era of Cyber War:

America’s Cyber Security Dilemma:

 

 

 

« BYOD Security Is Critical For Business
Give Children More Control Of Data Privacy »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Security Brokers

Security Brokers

Security Brokers focus services and solutions with a focus on strategic ICT Security and Cyber Defense issues.

Independent Security Evaluators (ISE)

Independent Security Evaluators (ISE)

ISE is an independent security consulting firm headquartered in Baltimore, Maryland dedicated to securing high value assets for global enterprises and performing groundbreaking security research.

Prescient

Prescient

Prescient’s Cyber solutions supplement your firm’s existing data security infrastructure with specialized investigations that identify unconventional cyber risks.

Workz Group

Workz Group

Workz connects and protects mobile subscribers of today and tomorrow by providing secure removable or embedded SIMs and remote provisioning solutions for consumer, M2M and IOT devices.

FutureCon Events

FutureCon Events

FutureCon produces cutting edge events aimed for Senior Level Professionals working in the security community, bringing together the best minds in the industry for a unique cybersecurity event.

Montreal International

Montreal International

You’re an entrepreneur planning to launch a company in an innovative sector such as AI, cybersecurity, 'deeptech' or fintech? You’ve found the right place!

Meriplex

Meriplex

Meriplex is a Managed Services provider specializing in Intelligent Networks, Cybersecurity and Cloud Communications.

AiCULUS

AiCULUS

AiCULUS is a global technology company that specializes in API security and Risk Management products.

Blok Cyber Security

Blok Cyber Security

Blok provide small businesses and sole traders, with affordable, managed Cyber Security Packages that offer immediate protection and peace of mind.

FortifyIQ

FortifyIQ

FortifyIQ's mission is to advance maximum security against side-channel attacks across the entire computing spectrum.

GLIMPS

GLIMPS

GLIMPS-Malware automatically detects malware affecting standard computer systems, manufacturing systems, IOT or automotive domains.

BlastWave

BlastWave

BlastWave’s BlastShield integrates three innovative products into a single solution to help prevent inadvertent and intentional attacks.

Althammer & Kill

Althammer & Kill

Althammer & Kill offers pragmatic solution concepts for data protection and digitization. We advise in the field of data protection, information security and compliance.

Everfox

Everfox

Everfox (formerly Forcepoint Federal) has been defending the world's most critical data and networks against the most complex cyber threats imaginable for more than 25 years.

Blackmere Consulting

Blackmere Consulting

Blackmere Consulting is a Nationwide Technical and Executive Recruiting firm dedicated to Cyber Security and Information Technology.

MIND

MIND

MIND is the first-ever data security platform that puts data loss prevention and insider risk management programs on autopilot, so you can automatically identify, detect and prevent data leaks.