There Are No Civilians In Cyber Warfare

At the conclusion of his authoritataive 2016 book Cyberspace in Peace and War, US Naval Academy cyber-security expert Martin Libicki takes a scolding tone toward rag-tag hackers who liked to demonstrate “their intelligence if not their maturity”.

He told his readers that cybersecurity was a three-star problem that was “hyped into a four-star problem, a standing that it never deserved.”

It was an odd conclusion even in 2016, after all, in 2015 there'd been an enormous coordinated cyber-attack on Ukraine's power system, in which a quarter of a million Ukrainians were deprived of power in the middle of winter.

And from the vantage point of 2017, after the world watched in appalled horror at the 2016 US presidential election and its aftermath, in which Russian state agencies hacked US election rolls and perhaps did much more, Libicki's complacent conclusion seems downright naïve.

New Read

Updating the picture is Alexander Klimburg's quietly horrifying new book The Darkening Web: The War for Cyberspace, which opens with a brutally sobering declaration about the kind and extent of damage that cyber warfare could inflict.

“In reality,” Klimburg writes, “pretty much any form of destruction is achievable through cyber means; for those with the resources, the only limitation is their own creativity.”

With gut-clenching efficiency, Klimburg imagines plenty: power grids not only shut down but physically damaged, transportation networks disrupted or closed (80 percent of Americans live in cities, dependent on food supplies that would only last a day if stopped), telecommunications warped or terminated, financial information deleted.

And of course he discusses the stereotypical nightmare scenario, which involves nuclear weapons, tens of thousands of which have command-and-control sequences that are now “cyber-enabled”, and therefore hackable.

Planes fly, and land safely, guided not by human hands but entirely by software. Thousands of pieces of everyday technology are now interconnected in an elaborate ongoing electronic conversation with each other, the much-touted “Internet of things”, and all of those conversations can be not only interrupted but co-opted.

The implication throughout the book couldn't be clearer: logging off Facebook or keeping a backyard garden is a fool's consolation. In cyber warfare, there are no civilians.

Naturally enough, the Russians figure prominently throughout "The Darkening Web."

“The extreme level of Russian involvement in the 2016 US presidential election is, at the time of finishing this book, just reaching fever pitch,” Klimburg writes. “One June 2016 article clearly outlines how the Kremlin's troll army was being used to support the candidacy of Donald Trump, with a number of known trolls migrating their accounts to fake conservative personas.”

Klimburg traces the long history of Russia's electronic espionage, including the entire generation of siloviki, former members of the Soviet security services, who've been put to new and nefarious uses in Putin's Russia.

But the story also extends to the rise of state-sponsored hacking campaigns all around the world, from major actors like China and North Korea to tiny four-person cabals in Eastern Europe unleashing vast clouds of malicious bots for reasons of their own.

All these actors combine to form a vast crowd of opportunists creating millions of strains of malware, splicing and re-combining into “zombie armies” called botnets, which can form cybernetic terrains all their own.
 
“Botnets are highly useful for those seeking to perpetrate cyber-crime or even engage in state-affiliated cyber espionage,” Klimburg writes. “Botnets can be used by hackers for a variety of tasks: they are truly the Swiss army knives of cyber-attacks.”

And alongside malicious human actors there's also the added danger of inhuman actors: malware communicating with malware, bots adapting themselves to other bots, often simulating the kind of artificial intelligence (AI) that no less an authority than Stephen Hawking warned might spell the end of humankind.

Whether its author intends it or not, "The Darkening Web" eventually accumulates the picture of an impending apocalypse, an utterly unwinnable war in which the world's few good guys, in this account, the liberal democracies that are interested in social freedom and the uncensored flow of information, are outgunned, outspent, and outmaneuvered at every stage of what Klimburg refers to as the great cyber game.

The vending machine in your office's cafeteria communicates electronically, automatically and without supervision, with its stocking company when it's running low on snacks; the company's stocking software communicates, again, unsupervised, with the software of its distant suppliers.

Those suppliers have software that communicates with various government regulatory agencies. All of it happens every day, and all of it is hackable. Multiply that a million fold and you have the world of the darkening web.

“This is an Armageddon that all of us in liberal democracies have the power to avert,” Klimburg writes, reminding his readers that “humanity has come together to deal with existential challenges before.”

In the wake of a presidential election hacked by an enemy power, with massive random ware viruses making the news by attacking dozens of countries simultaneously, the note of defiant optimism, however unrealistic, is desperately appreciated.

CS Monitor

You Might Also Read:

Modern Fiction: A Novel  Is Required Reading At The Pentagon:

Dark Territory: The Secret History of Cyber War:

 

« US Police Make Widespread Use Of Facial Recognition Software
Cyber Warfare Opens A New Front Against Civilians »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Metasploit

Metasploit

Metasploit penetration testing software helps find security issues, verify vulnerabilities and manage security assessments.

XenArmor

XenArmor

XenArmor products include NetCertScanner, an enterprise software to scan & manage expired SSL Certificates on your local network or internet.

MailGuard

MailGuard

MailGuard delivers a full suite of security solutions across email and web to protect your business before threats reach your environment.

High Sec Labs (HSL)

High Sec Labs (HSL)

High Sec Labs develops high-quality, cyber-defense solutions in the field of network and peripheral isolation.

Seltek Technology Solutions

Seltek Technology Solutions

Seltek provides Digital Forensics, eDiscovery, Cybersecurity Assessments and IT Support services.

US Venture Partners (USVP)

US Venture Partners (USVP)

USVP is a leading Silicon Valley venture capital firm focusing on early-stage start-ups that transform cybersecurity, enterprise software, consumer mobile and e-commerce, and healthcare.

FirstWave Cloud Technology

FirstWave Cloud Technology

FirstWave Cloud Technology is a global cyber security company which has been delivering Cybersecurity-as-a-service solutions to the market since 2004.

Allentis

Allentis

Allentis provide adapted solutions to ensure the security and performance of your information system.

Sentrium Security

Sentrium Security

Sentrium is committed to helping organisations protect their technology, information and people. Our range of bespoke services provide solutions to tackle a broad range of cyber security challenges.

Easy Dynamics

Easy Dynamics

Easy Dynamics is a leading technology services provider with a core focus in Cybersecurity, Cloud Computing, and Information Sharing.

Appurity

Appurity

Appurity specialises in mobile and application security, delivering comprehensive solutions across all verticals.

Zerify

Zerify

Zerify offers the industry’s only video conferencing platform built with a zero-trust architecture to keep your meetings secure, private and business compliant.

Harbottle & Lewis

Harbottle & Lewis

Harbottle & Lewis is a leading UK-based law firm focused on the Private Client and Technology, Media and Entertainment sectors.

c0c0n

c0c0n

c0c0n is the longest running conferences in the area of Information Security and Hacking, in India.

Google Safety Engineering Center (GSEC)

Google Safety Engineering Center (GSEC)

GSEC Málaga is an international cybersecurity hub where Google experts work to understand the cyber threat landscape and to create tools that keep users around the world safer online.

nandin Innovation Centre

nandin Innovation Centre

nandin is ANSTO’s Innovation Centre (Australian Nuclear Science and Technology Organisation) where science and technology entrepreneurs, startups and graduates come together.

Haiku

Haiku

Haiku stands at the forefront of cybersecurity upskilling, leveraging video games to immerse you in a flow state for accelerated, enduring learning.

Pulsar Security

Pulsar Security

Pulsar Security is a team of highly skilled, offensive cybersecurity professionals with the industry's most esteemed credentials and advanced real-world experience.