Cyber Warfare and Cyber Weapons, a Real and Growing Threat
Numerous malicious attacks on computers and mobile devices as well as networks of important entities have recently made the news and have brought back to the surface the debate on cyber warfare and the dangerousness of cyber weapons.
The increasing dependence on the Internet and the recent spur of attacks are beginning to create greater concern.
The fear is not just based on the possibility that a cyber attack could simply cause the non-availability of information and services we are now accustomed to. The Internet has not just reshaped the way we obtain news, communicate with others, take care of our finances, watch TV and listen to music, but it is also permeating other essential fields of our lives.
From power smart grids to the "Internet of Things," the potential targets of cyber warriors are now multiple and the possible consequences catastrophic. Premeditated, politically or socially motivated attacks against a computer-dependent society could be orchestrated by foreign powers and affect nations at any level: from the availability of utilities, to denied access to important financial and medical information, to causing a significant impact on national GDPs.
This article will explore the concept of cyber warfare and cyber weapons, plus recount latest happenings and discuss whether the danger is real.
Cyber Warfare and Cyber Weapons
The definition of cyber warfare and cyber weapons is not as clear-cut as it might seem. Distinguishing these attacks from simple cyber crimes is essential to define rules of engagements by countries and to establish what should be considered a direct act of war against the sovereignty and wellbeing of a state.
According to the Tallin Manual on the International Law Applicable to Cyber Warfare – a study commissioned by the NATO Cooperative Cyber Defence Centre of Excellence that is not considered a legally binging document – cyber weapons are cyber means of warfare designed, used or intended to cause either injury or death of people or damage to or destruction of objects.
Without a globally recognized definition, however, it is hard to strictly define and recognize true acts of cyber warfare, prevent attacks, hold entities accountable and define legal responses. The inability to agree to basic notions is a considerable weakness in the international arena and leaves space to much uncertainty and endless possibilities for nations beginning to employ these warfare techniques.
Several definitions have been given by scholars, but, in general, a cyber weapon is intuitively considered any software, virus, and intrusion device that can disrupt critical infrastructures of other countries, from military defense systems to communications to electric power smart grids to financial systems and air traffic control.
Debates have been rising on the possibility to consider cyber weapons tools used not only to directly impair systems but also to spy on nations through cyber espionage. Again, the lack of a globally-recognized legal definition doesn't help.
Have cyber weapons ever been deployed? You may recognize an incident that happened in 2009, the first known use of a cyber weapon: Stuxnet. It was a complex piece of malware believed to be an example of government cyber weapon aimed at severely disrupting the Iranian nuclear program. The paternity of the attack has been a source of debate, but in the end, it was believed to be a joint US/Israel operation. Stuxnet targeted a plant in Natanz, Iran. By turning off valves and impairing centrifuges, equipment was damaged and the Iranian uranium enrichment program effectively slowed down.
However, Stuxnet might have not even been the first cyber war tool directed toward Iran. Flame, another powerful malware that masqueraded itself as a routine Microsoft software update, had already been used to map and monitor Iranian networks and collect critical information.
Is a Cyber World War a Concern?
A 2013 report by Director of National Intelligence James R. Clapper explained that the possibility of a major cyber attack to US critical infrastructures causing a long-term and widespread disruption of services by major players like Russia and China is remote. However, smaller scale attacks by smaller states or non-state entities seem to be a concern. According to the report, "less advanced but highly motivated actors could access some poorly protected US networks that control core functions, such as power generation, during the next two years, although their ability to leverage that access to cause high-impact, systemic disruptions will probably be limited. At the same time, there is a risk that unsophisticated attacks would have significant outcomes due to unexpected system configurations and mistakes, or that vulnerability at one node might spill over and contaminate other parts of a networked system."
This may not come as a surprise to anyone, but any telecommunications infrastructure attack could cause enough harm to generate fear. Every government or corporation entire infrastructure, let alone the public at large, may be at stake.
Can digital attacks really have tangible effects? Absolutely. An oil pipeline in Turkey was cyber attacked and exploded in 2008. The pipeline was super-pressurized and alarms were shut off. By hacking security cameras, attackers (allegedly Russian) were able to hide the blast from the control room that, unaware, was unable to respond promptly. Another attack to a German steel company demonstrated how, by simply infiltrating the information systems running the plant, hackers could cause major damage.
Although not a single Internet successful attack has been recognized as directed by a foreign terror organization against the United States homeland, there have been instances of intrusions intended to inflict significant harm on the American government or state agency, as well as US businesses. Last November, there was an intrusion into the networks of the Department of the State that led to the unclassified email system shutdown. Carol Morello, the diplomatic correspondent for The Washington Post who covered the affair, noted the activity was related to hacking of White House computers reported a month prior, and to security breaches that occurred at both the U.S. Postal Service and the National Weather Service. Those incidents pointed to Russian hackers as prime suspects; the perpetrators were believed to be working directly for the Russian government. Sony Pictures Entertainment (SPE) is another recent case; its networks were infected in a November 2014 incident. According to the FBI, the occurrence resembled past cyber efforts by North Korea.
What makes a cyber warfare attack appealing? Mainly the fact that it can come at little or no cost for the perpetrator. An attacker with great technical capabilities can create disruption by using a single computer wherever he or she is located. While the use of conventional weapons requires expensive manufacturing and physical travel to target locations, cyber attacks can be conducted from anywhere. Traditional weapons have a cost that might be prohibitive for many and are hard to transport (or deliver) in secrecy. In other cases, attacks might require the sacrifice of the offenders. Cyber attacks are quick, can be equally destructive and can definitely be inexpensive to execute.
According to Amy Chang, research associate at the Center for a New American Security, "Cyber warfare is a great alternative to conventional weapons. […] It is cheaper for and far more accessible to these small nation-states. It allows these countries to pull off attacks without as much risk of getting caught and without the repercussions when they are."
Accountability is hard to prove when cyber weapons are used. By using several proxies or infecting computers indirectly, it is difficult to trace back to a particular malicious hacker or organization on any form of attacks. And even if a culprit is found, it is hard to accuse a nation of a deliberate act of war, especially due to lack of a legal framework.
The problem today is that we live in a high-tech world of uncertainty where people are not well trained and equipped for these new threats that can disrupt communications, and network traffic to and from websites and can potentially paralyze Internet service providers (ISPs) at the international level across national borders. So, in the face of constant security threats, there is a need for all to fully understand how to handle cyber security issues and cyber war and how to mitigate risks and minimize the damage, as best as possible if the circumstances arise.
Cyberspace and its Security
What can be done and who should act in defense of a nation's cyberspace? The answer may be complicated. Defending cyberspace is not an easy feat, considering the number of interconnected computers, mobile devices and networks. The majority of the systems, including those regulating nations' critical infrastructures, are interconnected and then vulnerable not only to direct attacks but also to infection by transmission. Ironically, the numerous technological advances might also pose a risk, as cyber terrorists seem to be always a step forward in identifying security vulnerabilities before security experts can patch them. Lack of recognized rules in cyberspace and difficulty to implement boundaries complete the picture.
Lacking a real global response to cyber warfare, many countries and organizations are creating structures and task forces to prepare against cyber threats. According to intelligence studies, more than 140 countries have funded cyber weapon development programs. The U.S. is particularly active and created the USCYBERCOM that "plans, coordinates, integrates, synchronizes, and conducts activities to: direct the operations and defense of specified Department of Defense information networks and; prepare to, and when directed, conduct full-spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries."
In 2012, the U.S. Defense Advanced Research Projects Agency (DARPA) invested $110 million in Plan X, a "Cyberspace is now recognized as a critical domain of operations by the U.S. military and its protection is a national security issue. Plan X is a foundational cyberwarfare program to develop platforms for the Department of Defense to plan for, conduct, and assess cyber warfare in a manner similar to kinetic warfare." The program was included in DARPA's reported $1.54 billion cyber budget for 2013-2017.
Recently, the U.S. Naval Academy also received $120M to build a classified cyber warfare center in 2016. The center will allow midshipmen to work on classified system and acquire cyber warfare skills.
Organizations like the European Advanced Cyber Defence Centre (ACDC), the NATO Computer Incident Response Capability (NCIRC) and the Internet Engineering Task Force (IETF), amongst many others, are working on fighting back against organized, international cyber criminals that have used cyberspace as a warfighting domain.
However, this may not be enough to avoid terrorism-based cyberwar attacks, so everyone ought to prepare proactively and effectively by securing systems as much as possible. In an Internet-connected world, every end user is at risk, either directly or indirectly. The Internet provides many different ways to attack. Internet-connected systems must be secured on a global scale.
With cyberspace being so vast, flexible, and unregulated, all its users are highly vulnerable to dangers from outside threats. Recent cyber attacks highlight the potential threat posed by information warfare tactics and techniques that use computer connectivity and exploit vulnerabilities sometimes caused by users' inattentiveness or lack of basic cyber security practices.
Proper use of intrusion-detection and intrusion-prevention systems (IDS/IPS) and firewalls (a network's first line of defense against threats) is a basic response. Through real-time analysis of network traffic—i.e., to investigate and contain these security threats—people can detect the majority of the less sophisticated hacking attacks at a user level.
Larger companies must be more aware than ever about their network security vulnerabilities and secure their properties with proper Advanced Threat Protection Platforms for endpoint protection and server security.
In the case of government-orchestrated cyber attacks, one of the main lines of defense is the creation of a common front against attackers. There is no better time than now to open collaboration and dialogue amongst various industries and government agencies to take action. Attacks against larger, interconnected systems might be more easily disclosed by comparing data and creating common task forces. Detection and prevention alone may not be enough to stop the attackers, each time, but at least it may inhibit future, similar threats.
The Internet might be becoming a new weapon for terrorists, so overcoming cyber vulnerability requires multiple different organizations to come forward and stop the launch of cyber threats that can manipulate the physical world while operating without international boundaries.
Conclusion
Some of the numerous larger-scale cyber attacks can be intuitively considered acts of cyber war. With many countries large and small investing in cyber warfare, it is impossible not to think of the use of "information warfare" as a new form of terrorism. Information warfare goes beyond simply attacking computers and communications networks, as a computer-literate terrorist can wreak havoc causing physical destruction and harm to populations. The Internet can be turned into a weapon used against targets by terrorists hidden in cyberspace to carry out cyber violence and disruption, while being physically located elsewhere. Computer-related crimes, as an extension of terrorist attacks, have the potential of bringing catastrophic side effects.
Cyberspace is increasingly becoming a place of risk and danger, vulnerable to hacks and cyber warfare. With today's civilization dependent on interconnected cyber systems to virtually operate many of the critical systems that make our daily lives easier, it is obvious that cyber warfare can be the choice for many governments and states, especially those that don't have access to expensive, conventional weapons of mass destruction.
So, how do we counteract such attacks? If cyber warfare is considered war, then anti-terrorism defenses must be deployed. First, though, a legal basis for responses to attacks must be defined. A legal definition of cyber war and cyber weapon, a definition agreed upon globally, is necessary to define the perimeters within which nations can operate in cyberspace. It is important to define what to consider cyber espionage, cyber war or an act of simple hacking.
Lacking a clear definition and a global cyber etiquette, nations are left with creating their own defense against cyber weapons and cyber espionage. Exploring real-world examples, continuously monitoring the Information Superhighway, and endorsing cyber security awareness, web security and online safety are the tools currently available for an effective international governance of the Internet.
Although the United States has not been subjective to real, destructive cyber terrorism as of today, in terms of hostile action or threat, it has identified a number of ways terrorists can use the computer as a tool for hacking or information warfare. As the job of a cyberterrorist has become more difficult to detect, in time, information control may also be critical for successful counter-terrorism and avoidance of infrastructure warfare.
Therefore, it is paramount to investigate some common defense mechanisms that can help pinpoint and capture these threats before they affect massive numbers of people and impair activities in a much more pervasive way.
References
Brecht, D. (2014, December). Are Cyber Threats the New Terrorism Frontier? Cyber Warnings E-Magazine, 28-32. Retrieved from http://www.cyberdefensemagazine.com/newsletters/december-2014/index.html#p=28
Clapper, J. R. (2013, March 12). US Intelligence Community Worldwide Threat Assessment Statement for the Record. Retrieved from http://www.odni.gov/files/documents/Intelligence%20Reports/2013%20ATA%20SFR%20for%20SSCI%2012%20Mar%202013.pdf
Donohue, B. (2014, December 19). FBI Officially Blames North Korea in Sony Hacks. Retrieved from http://threatpost.com/fbi-officially-blames-north-korea-in-sony-hacks/109999
Kostadinov, D. (2012, December 21). Cyberterrorism Defined (as distinct from "Cybercrime"). Retrieved from https://resources.infosecinstitute.com/cyberterrorism-distinct-from-cybercrime/
Morello, C. (2014, November 16). State Department shuts down its e-mail system amid concerns about hacking. Retrieved from http://www.washingtonpost.com/world/national-security/state-department-shuts-down-its-e-mail-system-amid-concerns-about-hacking/2014/11/16/92cf0722-4815-41ca-b602-9bfe8ecdb256_story.html
NATO REVIEW. (n.d.). The history of cyber attacks - a timeline. Retrieved from http://www.nato.int/docu/review/2013/cyber/timeline/EN/index.htm
Paganini, P. (2013, December 6). Cyber warfare – Why we need to define a model of conflict? Retrieved from http://securityaffairs.co/wordpress/20204/intelligence/cyber-warfare-model-of-conflict.html
Storm, D. (2014, December 22). Cyberwarfare: Digital weapons causing physical damage. Retrieved from http://www.computerworld.com/article/2861531/cyberwarfare-digital-weapons-causing-physical-damage.html
Suciu, P. (2014, December 21). Why cyber warfare is so attractive to small nations. Retrieved from http://fortune.com/2014/12/21/why-cyber-warfare-is-so-attractive-to-small-nations/