Is The World On The Verge Of A Cyber War?

A combination of geopolitical and strategic circumstances is leading to an inevitable war. It’s not the type of war we traditionally envision, which includes kinetic weapons, physical destruction and most importantly, casualties. It’s a war that will undermine information systems, expose secret political, military and diplomatic documents, target the confidentiality, integrity and availability of critical computer systems, and more.

This grim prediction stems from recent developments that nearly eliminate any sort of deterrence the United States had in cyberspace.

Most importantly, the US reaction to the Democratic National Convention hack. US President Barack Obama acknowledged that “when a foreign government tries to impact the integrity of our elections... we need to take action.”

And finally, he recently ordered the deportation of some Russian diplomats from the US. However, the absence of an immediate, strategic response to the hack is detrimental to deterring future attacks.

That could signal to other foreign actors, China for example, that such attacks against critical infrastructure in the US will go unpunished, while giving a major political advantage to the attacker at nearly no cost.

It is unlikely that Russia will be involved in major cyber operations during Donald Trump’s presidency, given that Russian President Vladimir Putin promised to stop hacking after confronted by Obama. However, that still leaves the possible scenario of China engaging in major operations against the US.

This is strengthened by recent troublesome events in the realm of US-China affairs, which consist of Trump’s phone call with Taiwanese President Tsai Ing-wen, which infuriated China due to its stance that Taiwan is an integral part of China.

Trump later suggested that the US should rethink the One China policy, which naturally did not help in mitigating this tension. Recently, China intercepted and seized a US underwater drone in the South China Sea. Although the drone has now been returned, this represents another escalation.

Predicting possible conflicts with a great degree of precision is somewhat difficult. Yet certain indications point to a possible escalation in the realm of cyberspace.

It was recently reported by cyber-security expert Bruce Schneier that someone is “learning how to take down the Internet,” which essentially means that a nation-state is “testing the ability to manipulate Internet addresses and routes, seeing how long it takes the defenders to respond, and so on. Someone is extensively testing the core defensive capabilities of the companies that provide critical Internet services.” According to Schneier, the evidence “suggests China,” but it has not been established beyond doubt, due to possible disguise used by the state involved in that probing.

Unfortunately, the DNC hack case study suggests that cyber-attacks against core democratic values may go unpunished, or may have a delayed response, like the diplomats’ deportation. To be clear, the implications of the DNC hack transcend the bilateral relations of Russia and the US, and may include other actors who monitor the situation and evaluate their future actions vis-à-vis the US.

This suggests that China is aware that the DNC hack was not accompanied by a real response on the US’s part. That observation may result in China examining the boundaries of what it can get away with in cyberspace.

It may be hard to predict the precise nature of this “cyber war,” but what’s clear is that it could potentially affect communications, online services, confidentiality of sensitive data, unavailability of critical systems and much more. This scenario will occur if tensions between China and the US escalate during the Trump presidency, and with the absence of clear deterrence strategy for cyberspace, the Chinese might get away with it.

This cyber war does not even necessarily require the utilisation of most sophisticated and forceful tools (such as cutting undersea cables, or developing specialized malware), it could simply be an immensely widespread distributed denial of service (DDoS) attack against DNS providers.

To Americans, such scenarios could be devastating.

President Obama rightly observed that the US is more vulnerable to these sort of attacks, due to its ubiquitous digitalisation and dependency on information systems. The Internet is a global platform, but certain countries are far more dependent on it than others.

The meaning would be an asymmetry in the harm that could be caused by such war to the US compared to a country like China.

Often, experts attempt to create a sterility between cyberspace and the physical world. This distinction is immensely detrimental, because it wrongly assumes that activities in cyberspace are unrelated to affairs taking place in the physical sphere.

The DNC hack attempted to influence a physical world process, just as the Sony hack in 2014 attempted to coerce Sony to cancel the release of The Interview, a movie which depicts the North Korean regime in a mocking manner. The cyber-war scenario presented in this piece will be just as physical as anything else, it will be a response to an overly Taiwan-friendly administration, as well as policies deteriorating the economic and trade relationship between China and the US.

Such war should be envisioned as part of a whole picture, involving a multitude of actors with a variety of conflicting interests and motives. The realisation that such scenario is possible if certain developments take place vis-à-vis China may be helpful in strengthening the security of the critical systems currently in place.

However, the more important realisation is that certain administration attitudes toward China may come with a price tag in cyberspace.

This integrality of the virtual and physical calls for attention in foreign affairs. It assumes that cyber-attacks happen for a reason, they are responding to certain events in the world, or attempting to influence ongoing processes, but the crux of the argument is that nation-states will not engage in cyber operations unless doing so would will directly benefit them.

The question, therefore, is whether in 2017 cyber war will benefit a nation-state, and what potential victims can do to prevent, or to respond, to such a scenario.

In a recent Forbes piece, Paul Laudicina calls for attention to the prediction that “The first crippling cyber-attack will be launched on critical infrastructure in a major economy.” Laudicina argues that the next administration should have a leading role in countering the threats emanating from cyber-space.

Although stemming from a slightly different perspective, this prediction seems more real than anything else. Though many experts and leaders have been sounding the alarm regarding a “Cyber Pearl Harbor” or “Cyber 9/11” for some time, this time it appears that circumstances are maturing in a way that makes cyber war possible.

Obama’s administration has certainly done a lot, but regretfully not enough. The White House Commission on Enhancing National Cybersecurity released its report on December 1. This report has many important, even original, recommendations. However, it is unclear whether Trump’s administration will implement any of these. In addition, the way the Obama administration dealt with the DNC hack can be seen as another misstep.

All evidence seems to suggest that Trump’s hawkish attitudes toward China may result in the dangerous precedent of a crippling, sustained and state-sponsored cyber war, which will greatly affect not only the military but also the rest of us, those who store their data online, who depend on the Internet for communication, who need cyberspace for transport control, electricity, dam management and more.

Although no bullets will be fired, such a scenario might prove to be extremely detrimental and harmful to today’s interconnected society. Given that environment, every political step against China should be weighed very, very, carefully.

2017 just might be the year of Cyber War.

Ein News:                Stuxnet, Secrecy & The New Era of Cyber War:

America’s Cyber Security Dilemma:

 

 

 

« BYOD Security Is Critical For Business
Give Children More Control Of Data Privacy »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Hiscox

Hiscox

Hiscox offers cyber and data risks insurance to protect your business against the risks of holding data and using computer systems..

StratoKey

StratoKey

StratoKey is an intelligent Cloud Access Security Broker (CASB) that secures your cloud and SaaS applications against data breaches, so you can do secure and compliant business in the cloud.

Airbus Cybersecurity

Airbus Cybersecurity

Airbus CyberSecurity is a European specialist in cyber security. Our mission is to protect governments, military and critical national infrastructure enterprises from cyber threats.

Komodo Consulting (KomodoSec)

Komodo Consulting (KomodoSec)

Komodo Consulting specializes in Penetration Testing and Red-Team Excercises, Cyber Threat Intelligence, Incident Response and Application Security.

Fox-IT

Fox-IT

Fox-IT prevents, solves and mitigates the most serious cyber threats with smart solutions for governmental bodies, defense, law enforcement, critical infrastructure, banking and large enterprises.

NRI Secure Technologies

NRI Secure Technologies

NRI SecureTechnologies is a Cybersecurity group company of the Nomura Research Institute (NRI) and a global provider of next-generation Managed Security Services and Security Consulting.

Me Learning

Me Learning

Me Learning provides engaging, informative and clearly explained learning materials for complex and challenging professional environments in areas including GDPR and Information Governance.

Ataya & Partners

Ataya & Partners

Ataya & Partners is a consulting company that delivers data protection, cybersecurity and IT & Digital governance services.

Veracity Industrial Networks

Veracity Industrial Networks

Veracity provides an innovative industrial network platform that improves the reliability, efficiency, and security of industrial networks and devices.

Hong Kong Broadband Network (HKBN)

Hong Kong Broadband Network (HKBN)

HKBN are a leading integrated telecom and technology solutions provider that offers a comprehensive range of premier ICT services to both the enterprise and residential markets.

Moviri

Moviri

Moviri combines security technology engineering, intelligence expertise and our data science DNA to help companies manage digital risk end-to-end.

Schneider Downs

Schneider Downs

Schneider Downs & Co. provides accounting, tax and business advisory services through innovative thought leaders who deliver their expertise to meet the individual needs of each client.

QAlified

QAlified

QAlified offer independent testing and quality assurance services for software projects including security testing.

RiskSmart

RiskSmart

RiskSmart empower risk, compliance, and legal teams with a tech-led and data-driven platform designed to save time, reduce costs and add real value to businesses.

Abacus Group

Abacus Group

Abacus Group is a global IT services firm for alternative investment firms, providing an enterprise technology platform specifically designed to meet the unique needs of financial services.

GreenPages Technology Solutions

GreenPages Technology Solutions

GreenPages provide expert strategic guidance and proven cloud-era solutions for our clients. Every day we help organizations leverage the cloud securely with less risk and cost.

Moonsense

Moonsense

Moonsense is on a mission to level the playing field in the fight against online fraud.