Ten Years Since The Outbreak Web War One

Uploaded on 2017-07-03 in NEWS-Cybersecurity News, INTELLIGENCE--International, GOVERNMENT-Defence, FREE TO VIEW

It was ten yeras ago that Russian hackers attacked Estonia, crippling government websites and emails, so that it was unable to counter a Kremlin propaganda blizzard that depicted the Baltic state as a hellhole run by fascists. The attack also swamped online banking and public services.

Estonia, one of the world’s most Internet-savvy countries, soon bounced back. But a decade later, we are still grappling with the new era of increasingly sophisticated digital weapons.

The natural reaction is to look for answers from the nuclear age. We developed weapons of awesome destructive power but we also created a diplomatic, legal and strategic framework that contained them. MAD, mutual assured destruction, plus the non-proliferation treaty and a series of arms-control deals saved us from Armageddon. We should do the same in cyber-space.

The ambition is laudable. The digital arms race is spiraling out of control. Cyber-weapons are getting more sophisticated, just as our dependence on computers and networks is accelerating. 
A few lines of code, maliciously deployed, can bring down an airliner, burn down a house, shut down a power grid or freeze a financial system. In an interlinked, inter-dependent world, all the cyber-powers should have an interest in refraining from such attacks.

Yet the nuclear analogy is misleading. A nuclear warhead, and the missile that delivers it, are open to precise measurement and calculation. So too are the means for stopping them, such as missile defence systems. That meant that the superpowers could put transparency at the heart of nuclear arms control and deterrence, “trust but verify” as Ronald Reagan phrased it.

But digital weapons are invisible and their powers are a matter of guesswork. Cyber-arsenals are necessarily shrouded in total secrecy. If you have the ability to make Vladimir Putin’s mobile phone catch fire in his pocket, by remotely sabotaging the software that controls the battery, you certainly won’t disclose it. He will get a different phone and you must invent another weapon. If Russia’s cyber-soldiers can do the same thing with Donald Trump’s phone, they won’t disclose it either. Until recently countries did not want even to admit that they possessed offensive cyber capabilities at all.
In real-world, “kinetic” in military parlance, warfare you also have a pretty good idea of who is shooting at you. In cyber-space, you may be mystified. Though Nato believes that Russia was behind the attack on Estonia in 2007, the Kremlin disputes it. 

That kind of crude swamping attack can be organised quickly for a few hundred pounds. All you do is rent a “botnet”, a swarm of computers, to send simultaneous phony Internet requests to the target until it crashes. The owners of these computers will have no idea that their machines have been conscripted into a digital renta-mob.
More sophisticated attacks may leave more clues, such as the time zone and language in which malicious software is written. This is why cyber-forensics experts believe Russia was behind last year’s attacks on the American political system.
But these trails of digital breadcrumbs can be faked. The US says that it reserves the right to retaliate to a cyber-attack with kinetic force: i.e., high explosive. That is a powerful deterrent, if the Pentagon can be sure that its response will be directed against the real perpetrator.

Even if you are sure of the attacker’s identity, his motives may be obscure. Nuclear weapons were a binary threat: they are either being used or they are not. Digital techniques are much subtler; the lines between espionage, political competition and outright warfare are blurry. Are you hacking into Mr Putin’s phone to bug it or to blow it up? Or both?

In 2015 it emerged that hackers, said to be Chinese, had broken into the US Office of Personnel Management and stolen 20 million files containing details of current and former government officials. That caused anguish in American spookdom (it’s hard to spy on China when its spy-catchers know who to look out for). But not outrage; the CIA would do the same to China, given the chance.

Perhaps trickiest of all for military planners is that digital weapons may hit energy, financial and transport systems over which they have little or no control. It is one thing to harden your nuclear bunkers against a rocket attack, quite another to fortify your country’s editorial decision-making. A state’s single biggest vulnerability may be individual carelessness with logins and passwords.

The line between political influence and coercion is particularly blurry. Many Americans are furious about the Russian propaganda and other attacks during last year’s presidential election. But Russians would argue that in the 1990s America repeatedly threw its weight behind favoured candidates in Russian elections. It may be unpleasant to be on the receiving end of such tactics, but it is hard to put them in the same category as a missile strike.

A Nato cyber-centre (appropriately in the Estonian capital Tallinn) publishes a thought-provoking law manual for cyber-conflict. Oxford University politics dons are applying their minds to digital security issues too. But the insidiousness and scope of digital weapons makes them more like terrorism than old-style warfare: we civilians are in the front line whether we like it or not.

The Times

You Might Also Read:

How A Nation Became Russia's Cyberwar Experiment:

Hacker, Tailor, Soldier, Spy: Future Cyberwar:

Information Warfare Isn’t Just Russian – It’s Also American As Apple Pie:

 

« App Or Browser: Which Is Safer For Online Banking?
Hacking A Chip With A Wave of Your Hand »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Law Enforcement Cyber Center (LECC)

Law Enforcement Cyber Center (LECC)

LECC is designed to assist police, digital forensic investigators, detectives, and prosecutors who are investigating and preventing crimes that involve technology.

Cyber Security Experts Association of Nigeria (CSEAN)

Cyber Security Experts Association of Nigeria (CSEAN)

Cyber Security Experts Association of Nigeria (CSEAN) is a not for profit group of professionals in the field of Information Security in Nigeria and Diaspora.

Napatech

Napatech

Napatech develops and manufactures high speed network accelerators specifically designed for real-time network monitoring and analysis applications.

Sogeti

Sogeti

Sogeti deliver solutions that enable digital transformation and offer cutting-edge expertise in Cloud, Cybersecurity, Digital Manufacturing, Quality Assurance, Testing, and emerging technologies.

Quaynote Communications

Quaynote Communications

Quaynote Communications is a specialist conference and communications company focused primarily on the maritime, yachting, aviation and security industries.

Proteus

Proteus

Proteus is an Information Security consulting firm specialized in Risk Analysis and Executive Control.

NSHC

NSHC

NSHC is a provider of mobile security solutions, cyber security consulting and training, and offensive research.

Industry IoT Consortium (IIC)

Industry IoT Consortium (IIC)

The Industry IoT Consortium is the world's leading organization transforming business and society by accelerating the Industrial Internet of Things (IIoT).

Connectitude

Connectitude

Connectitude IIoT Platform ™ is a complete solution for industrial IIoT.

VCG Group

VCG Group

VCG provides everything you need for the design, implementation and management of data centres, cyber-secure enterprise networks, cloud and connectivity services.

Gotham Digital Science (GDS)

Gotham Digital Science (GDS)

Gotham Digital Science is an international security services company specializing in Application and Network Infrastructure security, and Information Security Risk Management.

ResilientX

ResilientX

ResilientX is an All-In-One Security Testing Platform designed to help MSPs and SMBs to perform their security testing and assessments without having to outsource IT.

Dotsquares

Dotsquares

Dotsquares leverage the latest web and mobile technologies to build, grow and support your business.

Bearer

Bearer

Bearer helps modern teams ship trustworthy products with the help of our code security solution built for security, privacy and engineering teams.

Baselime

Baselime

Baselime, the cloud-native observability platform. Resolve issues in your cloud application before they become problems.

Replica

Replica

Replica creates authentic virtual environments that ensure identities and assets are always protected no matter where or what work needs to get done.