Is The World On The Verge Of A Cyber War?

Uploaded on 2017-02-13 in NEWS-Cybersecurity News, INTELLIGENCE--International, GOVERNMENT-Defence, FREE TO VIEW

A combination of geopolitical and strategic circumstances is leading to an inevitable war. It’s not the type of war we traditionally envision, which includes kinetic weapons, physical destruction and most importantly, casualties. It’s a war that will undermine information systems, expose secret political, military and diplomatic documents, target the confidentiality, integrity and availability of critical computer systems, and more.

This grim prediction stems from recent developments that nearly eliminate any sort of deterrence the United States had in cyberspace.

Most importantly, the US reaction to the Democratic National Convention hack. US President Barack Obama acknowledged that “when a foreign government tries to impact the integrity of our elections... we need to take action.”

And finally, he recently ordered the deportation of some Russian diplomats from the US. However, the absence of an immediate, strategic response to the hack is detrimental to deterring future attacks.

That could signal to other foreign actors, China for example, that such attacks against critical infrastructure in the US will go unpunished, while giving a major political advantage to the attacker at nearly no cost.

It is unlikely that Russia will be involved in major cyber operations during Donald Trump’s presidency, given that Russian President Vladimir Putin promised to stop hacking after confronted by Obama. However, that still leaves the possible scenario of China engaging in major operations against the US.

This is strengthened by recent troublesome events in the realm of US-China affairs, which consist of Trump’s phone call with Taiwanese President Tsai Ing-wen, which infuriated China due to its stance that Taiwan is an integral part of China.

Trump later suggested that the US should rethink the One China policy, which naturally did not help in mitigating this tension. Recently, China intercepted and seized a US underwater drone in the South China Sea. Although the drone has now been returned, this represents another escalation.

Predicting possible conflicts with a great degree of precision is somewhat difficult. Yet certain indications point to a possible escalation in the realm of cyberspace.

It was recently reported by cyber-security expert Bruce Schneier that someone is “learning how to take down the Internet,” which essentially means that a nation-state is “testing the ability to manipulate Internet addresses and routes, seeing how long it takes the defenders to respond, and so on. Someone is extensively testing the core defensive capabilities of the companies that provide critical Internet services.” According to Schneier, the evidence “suggests China,” but it has not been established beyond doubt, due to possible disguise used by the state involved in that probing.

Unfortunately, the DNC hack case study suggests that cyber-attacks against core democratic values may go unpunished, or may have a delayed response, like the diplomats’ deportation. To be clear, the implications of the DNC hack transcend the bilateral relations of Russia and the US, and may include other actors who monitor the situation and evaluate their future actions vis-à-vis the US.

This suggests that China is aware that the DNC hack was not accompanied by a real response on the US’s part. That observation may result in China examining the boundaries of what it can get away with in cyberspace.

It may be hard to predict the precise nature of this “cyber war,” but what’s clear is that it could potentially affect communications, online services, confidentiality of sensitive data, unavailability of critical systems and much more. This scenario will occur if tensions between China and the US escalate during the Trump presidency, and with the absence of clear deterrence strategy for cyberspace, the Chinese might get away with it.

This cyber war does not even necessarily require the utilisation of most sophisticated and forceful tools (such as cutting undersea cables, or developing specialized malware), it could simply be an immensely widespread distributed denial of service (DDoS) attack against DNS providers.

To Americans, such scenarios could be devastating.

President Obama rightly observed that the US is more vulnerable to these sort of attacks, due to its ubiquitous digitalisation and dependency on information systems. The Internet is a global platform, but certain countries are far more dependent on it than others.

The meaning would be an asymmetry in the harm that could be caused by such war to the US compared to a country like China.

Often, experts attempt to create a sterility between cyberspace and the physical world. This distinction is immensely detrimental, because it wrongly assumes that activities in cyberspace are unrelated to affairs taking place in the physical sphere.

The DNC hack attempted to influence a physical world process, just as the Sony hack in 2014 attempted to coerce Sony to cancel the release of The Interview, a movie which depicts the North Korean regime in a mocking manner. The cyber-war scenario presented in this piece will be just as physical as anything else, it will be a response to an overly Taiwan-friendly administration, as well as policies deteriorating the economic and trade relationship between China and the US.

Such war should be envisioned as part of a whole picture, involving a multitude of actors with a variety of conflicting interests and motives. The realisation that such scenario is possible if certain developments take place vis-à-vis China may be helpful in strengthening the security of the critical systems currently in place.

However, the more important realisation is that certain administration attitudes toward China may come with a price tag in cyberspace.

This integrality of the virtual and physical calls for attention in foreign affairs. It assumes that cyber-attacks happen for a reason, they are responding to certain events in the world, or attempting to influence ongoing processes, but the crux of the argument is that nation-states will not engage in cyber operations unless doing so would will directly benefit them.

The question, therefore, is whether in 2017 cyber war will benefit a nation-state, and what potential victims can do to prevent, or to respond, to such a scenario.

In a recent Forbes piece, Paul Laudicina calls for attention to the prediction that “The first crippling cyber-attack will be launched on critical infrastructure in a major economy.” Laudicina argues that the next administration should have a leading role in countering the threats emanating from cyber-space.

Although stemming from a slightly different perspective, this prediction seems more real than anything else. Though many experts and leaders have been sounding the alarm regarding a “Cyber Pearl Harbor” or “Cyber 9/11” for some time, this time it appears that circumstances are maturing in a way that makes cyber war possible.

Obama’s administration has certainly done a lot, but regretfully not enough. The White House Commission on Enhancing National Cybersecurity released its report on December 1. This report has many important, even original, recommendations. However, it is unclear whether Trump’s administration will implement any of these. In addition, the way the Obama administration dealt with the DNC hack can be seen as another misstep.

All evidence seems to suggest that Trump’s hawkish attitudes toward China may result in the dangerous precedent of a crippling, sustained and state-sponsored cyber war, which will greatly affect not only the military but also the rest of us, those who store their data online, who depend on the Internet for communication, who need cyberspace for transport control, electricity, dam management and more.

Although no bullets will be fired, such a scenario might prove to be extremely detrimental and harmful to today’s interconnected society. Given that environment, every political step against China should be weighed very, very, carefully.

2017 just might be the year of Cyber War.

Ein News:                Stuxnet, Secrecy & The New Era of Cyber War:

America’s Cyber Security Dilemma:

 

 

 

« BYOD Security Is Critical For Business
Give Children More Control Of Data Privacy »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

SecureNow Insurance Broker

SecureNow Insurance Broker

SecureNow is a commercial insurance broker based in India. Services offered include Cyber Risk insurance.

ProPay

ProPay

ProPay provides secure payment solutions for organizations ranging from small businesses to large enterprises requiring complex payment solutions.

Equilibrium Security Services

Equilibrium Security Services

Equilibrium Security Services is a specialist cyber security company providing a full spectrum of IT security solutions from consultancy to design & implementation and managed security services.

Nation-E

Nation-E

Nation-E offers innovative cyber security solutions for industrial installations, critical infrastructure and smart grids.

Simeio Solutions

Simeio Solutions

Simeio is a complete Identity and Access Management (IAM) solution provider that engages securely with anyone, anywhere, anytime.

Shift Technology

Shift Technology

Shift Technology provides insurance companies with an innovative SaaS solution to improve and scale fraud detection.

AimBrain

AimBrain

AimBrain tools detect and prevent fraud, faster and more accurately than ever before.

EPIC Insurance Brokers & Consultants

EPIC Insurance Brokers & Consultants

EPIC is an insuarnce broker and consultancy firm. Risk management services include risk consultancy and cybersecurity insurance.

Binary Defense

Binary Defense

Binary Defense protect businesses of all sizes through advanced cybersecurity solutions including Managed Detection and Response, Security Information and Event Management and Counterintelligence.

Russell Reynolds Associates

Russell Reynolds Associates

Russell Reynolds Associates is a global leadership advisory and search firm with functional expertise in Digital Leadership, Data & Analytics, and Compliance.

Security BSides Cayman Islands

Security BSides Cayman Islands

Security BSides is a non-profit, community-driven event built for and by information security community members. Our aim is to help build an Information Security community in the Cayman Islands.

Gem Security

Gem Security

Gem is on a mission to help security operations evolve into the cloud era, and stop cloud threats before they become incidents.

BBS Technology

BBS Technology

BBS Technology is a company that develops and delivers next-generation cyber security technologies worldwide.

Ipseity Security

Ipseity Security

Ipseity Security provide security-centric advisory and consulting services for organizations to secure their perimeter-less digital transformation to meet business and security requirements.

Proton

Proton

Proton provides free encrypted email, calendar, drive, password manager, and VPN services. Building a better Internet.

Sphinx

Sphinx

Sphinx provide advanced security consulting services and cyber solutions to federal and private industry.