Ten Years Since The Outbreak Web War One

It was ten yeras ago that Russian hackers attacked Estonia, crippling government websites and emails, so that it was unable to counter a Kremlin propaganda blizzard that depicted the Baltic state as a hellhole run by fascists. The attack also swamped online banking and public services.

Estonia, one of the world’s most Internet-savvy countries, soon bounced back. But a decade later, we are still grappling with the new era of increasingly sophisticated digital weapons.

The natural reaction is to look for answers from the nuclear age. We developed weapons of awesome destructive power but we also created a diplomatic, legal and strategic framework that contained them. MAD, mutual assured destruction, plus the non-proliferation treaty and a series of arms-control deals saved us from Armageddon. We should do the same in cyber-space.

The ambition is laudable. The digital arms race is spiraling out of control. Cyber-weapons are getting more sophisticated, just as our dependence on computers and networks is accelerating. 
A few lines of code, maliciously deployed, can bring down an airliner, burn down a house, shut down a power grid or freeze a financial system. In an interlinked, inter-dependent world, all the cyber-powers should have an interest in refraining from such attacks.

Yet the nuclear analogy is misleading. A nuclear warhead, and the missile that delivers it, are open to precise measurement and calculation. So too are the means for stopping them, such as missile defence systems. That meant that the superpowers could put transparency at the heart of nuclear arms control and deterrence, “trust but verify” as Ronald Reagan phrased it.

But digital weapons are invisible and their powers are a matter of guesswork. Cyber-arsenals are necessarily shrouded in total secrecy. If you have the ability to make Vladimir Putin’s mobile phone catch fire in his pocket, by remotely sabotaging the software that controls the battery, you certainly won’t disclose it. He will get a different phone and you must invent another weapon. If Russia’s cyber-soldiers can do the same thing with Donald Trump’s phone, they won’t disclose it either. Until recently countries did not want even to admit that they possessed offensive cyber capabilities at all.
In real-world, “kinetic” in military parlance, warfare you also have a pretty good idea of who is shooting at you. In cyber-space, you may be mystified. Though Nato believes that Russia was behind the attack on Estonia in 2007, the Kremlin disputes it. 

That kind of crude swamping attack can be organised quickly for a few hundred pounds. All you do is rent a “botnet”, a swarm of computers, to send simultaneous phony Internet requests to the target until it crashes. The owners of these computers will have no idea that their machines have been conscripted into a digital renta-mob.
More sophisticated attacks may leave more clues, such as the time zone and language in which malicious software is written. This is why cyber-forensics experts believe Russia was behind last year’s attacks on the American political system.
But these trails of digital breadcrumbs can be faked. The US says that it reserves the right to retaliate to a cyber-attack with kinetic force: i.e., high explosive. That is a powerful deterrent, if the Pentagon can be sure that its response will be directed against the real perpetrator.

Even if you are sure of the attacker’s identity, his motives may be obscure. Nuclear weapons were a binary threat: they are either being used or they are not. Digital techniques are much subtler; the lines between espionage, political competition and outright warfare are blurry. Are you hacking into Mr Putin’s phone to bug it or to blow it up? Or both?

In 2015 it emerged that hackers, said to be Chinese, had broken into the US Office of Personnel Management and stolen 20 million files containing details of current and former government officials. That caused anguish in American spookdom (it’s hard to spy on China when its spy-catchers know who to look out for). But not outrage; the CIA would do the same to China, given the chance.

Perhaps trickiest of all for military planners is that digital weapons may hit energy, financial and transport systems over which they have little or no control. It is one thing to harden your nuclear bunkers against a rocket attack, quite another to fortify your country’s editorial decision-making. A state’s single biggest vulnerability may be individual carelessness with logins and passwords.

The line between political influence and coercion is particularly blurry. Many Americans are furious about the Russian propaganda and other attacks during last year’s presidential election. But Russians would argue that in the 1990s America repeatedly threw its weight behind favoured candidates in Russian elections. It may be unpleasant to be on the receiving end of such tactics, but it is hard to put them in the same category as a missile strike.

A Nato cyber-centre (appropriately in the Estonian capital Tallinn) publishes a thought-provoking law manual for cyber-conflict. Oxford University politics dons are applying their minds to digital security issues too. But the insidiousness and scope of digital weapons makes them more like terrorism than old-style warfare: we civilians are in the front line whether we like it or not.

The Times

You Might Also Read:

How A Nation Became Russia's Cyberwar Experiment:

Hacker, Tailor, Soldier, Spy: Future Cyberwar:

Information Warfare Isn’t Just Russian – It’s Also American As Apple Pie:

 

« App Or Browser: Which Is Safer For Online Banking?
Hacking A Chip With A Wave of Your Hand »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Clearpath Solutions Group

Clearpath Solutions Group

Clearpath Solutions Group expertise covers virtualization and data storage technologies, networking, security and cloud computing.

Cloud53

Cloud53

Cloud53 specialise in improving operational IT through strategic use of Cloud technologies and services.

CERT-IS

CERT-IS

CERT-IS is the national Computer Emergency Response Team for Iceland.

Ubisecure

Ubisecure

Ubisecure provide Identity & Access Management solutions.

Fornetix

Fornetix

Fornetix is a cybersecurity platform enabling Zero Trust while delivering critical encryption automation, access controls, authorization services, machine identity, and ICAM solutions,

Mitek Systems

Mitek Systems

Mitek's global mobile capture and identity verification technology optimizes the digital user experience for thousands of financial services organizations.

Bavarian IT Security Cluster

Bavarian IT Security Cluster

The Bavarian IT Security Cluster works to build regional IT security competencies and increase the competitiveness and market opportunities of its member companies.

Network Integrated Business Solutions (NIBS)

Network Integrated Business Solutions (NIBS)

NIBS is an IT services provider offering a range of services with the aim of simplifying and securing technology.

David Hayes-Export Controls

David Hayes-Export Controls

David Hayes-Export Controls provides assistance to companies affected by export controls or who are considering entering the market but are unsure of the commercial and regulatory implications.

Lockheed Martin

Lockheed Martin

Lockheed Martin deliver full-spectrum cyber capabilities and cyber resilient systems to defense, intelligence community and global security customers.

Future Planet Capital

Future Planet Capital

Future Planet is the impact-led, global venture capital firm built to invest in high growth potential companies from the world's top research centres.

NetWitness

NetWitness

NetWitness empowers security teams to rapidly detect today’s targeted and sophisticated attacks with unparalleled visibility.

Green Radar

Green Radar

Green Radar is a next generation cybersecurity company which combines technologies and services together to deliver Threat Detection for Emails and Deep Threat Analytics and Response.

Cytek

Cytek

Cytek is a leading provider of cybersecurity and HIPAA compliance for dental practices and other industries.

Bitdefender Voyager Ventures (BVV)

Bitdefender Voyager Ventures (BVV)

Bitdefender Voyager Ventures is an early-stage investment vehicle focused on cybersecurity, data analytics and automation startups.

Interlynk

Interlynk

Interlynk's #SBOM and # VEX-powered platform automates and continuously monitors first-party and vendor software supply chains and helps meet #FDA, #CRA, #GSA, and #DoD compliance obligations.

CyTwist

CyTwist

CyTwist is an early warning attack detection platform that complement your existing security suite and provides your security teams with unique detection capabilities of stealth targeted attacks.

SecAI

SecAI

SecAI is an innovative threat intelligence-driven, and AI-powered vendor aiming at cyber threat detection and response.