Ten Years Since The Outbreak Web War One

It was ten yeras ago that Russian hackers attacked Estonia, crippling government websites and emails, so that it was unable to counter a Kremlin propaganda blizzard that depicted the Baltic state as a hellhole run by fascists. The attack also swamped online banking and public services.

Estonia, one of the world’s most Internet-savvy countries, soon bounced back. But a decade later, we are still grappling with the new era of increasingly sophisticated digital weapons.

The natural reaction is to look for answers from the nuclear age. We developed weapons of awesome destructive power but we also created a diplomatic, legal and strategic framework that contained them. MAD, mutual assured destruction, plus the non-proliferation treaty and a series of arms-control deals saved us from Armageddon. We should do the same in cyber-space.

The ambition is laudable. The digital arms race is spiraling out of control. Cyber-weapons are getting more sophisticated, just as our dependence on computers and networks is accelerating. 
A few lines of code, maliciously deployed, can bring down an airliner, burn down a house, shut down a power grid or freeze a financial system. In an interlinked, inter-dependent world, all the cyber-powers should have an interest in refraining from such attacks.

Yet the nuclear analogy is misleading. A nuclear warhead, and the missile that delivers it, are open to precise measurement and calculation. So too are the means for stopping them, such as missile defence systems. That meant that the superpowers could put transparency at the heart of nuclear arms control and deterrence, “trust but verify” as Ronald Reagan phrased it.

But digital weapons are invisible and their powers are a matter of guesswork. Cyber-arsenals are necessarily shrouded in total secrecy. If you have the ability to make Vladimir Putin’s mobile phone catch fire in his pocket, by remotely sabotaging the software that controls the battery, you certainly won’t disclose it. He will get a different phone and you must invent another weapon. If Russia’s cyber-soldiers can do the same thing with Donald Trump’s phone, they won’t disclose it either. Until recently countries did not want even to admit that they possessed offensive cyber capabilities at all.
In real-world, “kinetic” in military parlance, warfare you also have a pretty good idea of who is shooting at you. In cyber-space, you may be mystified. Though Nato believes that Russia was behind the attack on Estonia in 2007, the Kremlin disputes it. 

That kind of crude swamping attack can be organised quickly for a few hundred pounds. All you do is rent a “botnet”, a swarm of computers, to send simultaneous phony Internet requests to the target until it crashes. The owners of these computers will have no idea that their machines have been conscripted into a digital renta-mob.
More sophisticated attacks may leave more clues, such as the time zone and language in which malicious software is written. This is why cyber-forensics experts believe Russia was behind last year’s attacks on the American political system.
But these trails of digital breadcrumbs can be faked. The US says that it reserves the right to retaliate to a cyber-attack with kinetic force: i.e., high explosive. That is a powerful deterrent, if the Pentagon can be sure that its response will be directed against the real perpetrator.

Even if you are sure of the attacker’s identity, his motives may be obscure. Nuclear weapons were a binary threat: they are either being used or they are not. Digital techniques are much subtler; the lines between espionage, political competition and outright warfare are blurry. Are you hacking into Mr Putin’s phone to bug it or to blow it up? Or both?

In 2015 it emerged that hackers, said to be Chinese, had broken into the US Office of Personnel Management and stolen 20 million files containing details of current and former government officials. That caused anguish in American spookdom (it’s hard to spy on China when its spy-catchers know who to look out for). But not outrage; the CIA would do the same to China, given the chance.

Perhaps trickiest of all for military planners is that digital weapons may hit energy, financial and transport systems over which they have little or no control. It is one thing to harden your nuclear bunkers against a rocket attack, quite another to fortify your country’s editorial decision-making. A state’s single biggest vulnerability may be individual carelessness with logins and passwords.

The line between political influence and coercion is particularly blurry. Many Americans are furious about the Russian propaganda and other attacks during last year’s presidential election. But Russians would argue that in the 1990s America repeatedly threw its weight behind favoured candidates in Russian elections. It may be unpleasant to be on the receiving end of such tactics, but it is hard to put them in the same category as a missile strike.

A Nato cyber-centre (appropriately in the Estonian capital Tallinn) publishes a thought-provoking law manual for cyber-conflict. Oxford University politics dons are applying their minds to digital security issues too. But the insidiousness and scope of digital weapons makes them more like terrorism than old-style warfare: we civilians are in the front line whether we like it or not.

The Times

You Might Also Read:

How A Nation Became Russia's Cyberwar Experiment:

Hacker, Tailor, Soldier, Spy: Future Cyberwar:

Information Warfare Isn’t Just Russian – It’s Also American As Apple Pie:

 

« App Or Browser: Which Is Safer For Online Banking?
Hacking A Chip With A Wave of Your Hand »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Itaccel

Itaccel

IT Accel began a decade ago as a band of technical recruiters who wanted to bring our experience and depth of knowledge to solving complex human resou

tietoEVRY

tietoEVRY

TietoEVRY creates digital advantage for businesses and society. We are a leading digital services and software company with local presence and global capabilities.

Skkynet Cloud Systems

Skkynet Cloud Systems

Skkynet is a leader in real-time data systems for the secure management and control of industrial processes (SCADA) and embedded devices (M2M).

Subgraph

Subgraph

Subgraph is an open source security company, committed to making secure and usable open source computing available to everyone.

BigWeb Technologies

BigWeb Technologies

BigWeb Technologies is dedicated to provide its clients with ICT related services including Infrastructure Solutions, Consultancy and Security.

Aptiv

Aptiv

Aptiv is a global technology company that develops safer, greener and more connected solutions enabling the future of mobility.

Consensys

Consensys

ConsenSys is a global blockchain company. We develop enterprise applications, invest in startups, build developer tools, and offer blockchain education.

CWSI

CWSI

CWSI provide a full suite of enterprise mobility, security and productivity solutions to many of Ireland and the UK’s most respected organisations across a wide range of industry and public sectors.

Tide Foundation

Tide Foundation

Tide's breakthrough multi-party-cryptography enables TRUE-zero-trust technology that unlocks cyber-herd immunity.

Immunefi

Immunefi

Immunefi provides bug bounty hosting, consultation, and program management services to blockchain and smart contract projects.

Hexens

Hexens

Hexens introduces a whole new approach to cybersecurity solutions. Indisputable skills and a unique super-focused perspective on every single case are the values we create.

Finesse Global

Finesse Global

Finesse is a global system integration and digital business transformation company.

MajorKey Technologies

MajorKey Technologies

MajorKey improves security performance by reducing user friction and business risk, empowering your people, and protecting your IP.

DESCERT

DESCERT

DESCERT offers you an extended IT, cyber security, risk advisory & compliance audit team which provides strategic guidance, engineering and audit services.

Netcraft

Netcraft

Netcraft is a global leader in cybercrime detection and disruption, combining cutting-edge technology with decades of experience to protect organizations of all sizes from digital threats and attacks.

Sherweb

Sherweb

Sherweb are a marketplace of leading cloud solutions and value-added services delivered by a team of passionate experts invested in MSP growth.