Workplace violence concept

Elements of Cyber Warfare: Examining The Way Forward

Introduction

From the Morris worm in 1988 to the 2017 presidential election, cyber intrusions and attacks have become common place in contemporary society. This is in large part due to our increasing reliance upon technology and computing to build and maintain our social, political and financial infrastructures. A single exploit into a government database or a denial of service attack on a large ISP (internet service provider) can wipe millions from the stock market or bring society to a standstill at the proverbial click of a button. This endangers national security unlike ever before, as nation-states or other organizations that wish to do us harm can achieve the same results as a physical attack without ever stepping foot on our shores or attacking our military directly.

The consequences of such a paradigm shift are even bigger than the invention of the atom bomb as the “weapons” of cyber warfare can be produced by single person or entity. Computer exploits, malware and social engineering are not limited by physical resources and can often bring down their targets before the victims are even aware of an intrusion. Even when they are detected, it is often too late to mitigate the loss or theft of data and even harder to trace the original source of the attack as the attacker can often spoof the system (making it look like it originated from elsewhere).

It is no surprise then that countries are pouring their brightest minds to work on both securing internal web infrastructure and finding flaws in enemy systems. If a country’s financial or missile launch systems can be infiltrated and taken down without even a single bullet being fired, what use is missile or ammunition stockpiling?

Historical Context

Modern techniques of cyber warfare rely on many elements that have only become commonplace since the early 2000s. (Lewis) Due to the expanded use of often poorly designed software, rise in computing power and prevalence of the internet, cyber-attacks can take multiple forms such as: zero day exploits (exposing flaws in software whereby login credentials can be bypassed), botnet attacks (automated scripts running on hacked computers making millions of request to a server thereby overloading it and causing a crash), targeted phishing (fooling a person who’s account has valuable access and stealing their password) and data interception (siphoning data from private databases to use without authorization often against the company) to name a few. It is not surprising that a 2009 global survey of executives working for critical infrastructure and computer security companies found that “45 percent believed their governments were either ‘not very’ or ‘not at all’ capable of preventing and deterring cyberattacks.” (Brenner)

A few major incidents from the past decade give us a glimpse into what a future, all out cyber war could hold. For example, in December 2009, Iraqi insurgents intercepted data from US surveillance drones and got aerial footage of American military force locations. (MacAskill) In April 2011, Sony PlayStation Network was hacked by the international hacktivist group “Anonymous” which looked to punish Sony for not offering protections to customers. Tens of millions of credit card numbers were stolen in the attack. (Pepitone) Although these individual events are separate they show a common theme that now, anyone from anywhere with the right tools can cause extensive damage to the American military or economy.

In more recent years cyber-attacks have scaled up in a large extent which many experts feel can only be the result of more countries getting involved. (Laudicina) October 2016 saw the largest denial of service attack in history, generating more than 1.2 terabits per second requests from servers, bringing down many of the sites hosted in Europe and North America. It targeted Dyn, a domain name hosting service used by companies such as Twitter, Reddit, GitHub, Amazon, Netflix and Spotify which brought all those services down temporarily. (Lanxon) It used the typical botnet tactic with a twist as it created a botnet from IoT (Internet of Things) devices such as smart TVs, refrigerators, baby monitors etc. which far outnumber regular computers as they cheaper and easier to make. These IoT platforms were insecure and the attacker found a way to control them without the owners of these devices ever being aware that their device was being used to bring down the internet. (Lanxon)

Evaluation

What we see is a world of increasingly complex cyber-attacks coming from a wide array of opponents which seems more and more overwhelming each day. Moreover, there is direct civilian impact unlike traditional kinetic warfare and a no-holds barred approach to these attacks. Their damage cannot be instantly quantified and this makes it difficult for countries to respond directly to these attacks. Often by the time the dust settles and the damage is assessed the attackers have hidden their tracks or moved to a different location. Clearly these things make cyber war a non-zero sum game with multiple players vying for the supremacy. It also levels the playing field in that large countries do not necessarily have all the advantages.

This makes me acknowledge that a future cyber war could alone decide the fate of nations as it could cripple the country before any confrontation on the battle field. There seems to be no active deterrent against it as attacking with force only increases the expense of the country for the attacker doesn’t have to remain in one location. That is not to say that traditional warfare will go away any time soon, but I do feel militaries will be forced to transition to stealth based and highly targeted attacks like the ones we saw in the US Election if they are to truly be successful.

Finally, I’d like to advocate for a position where we accept that a cyber dawn is upon us and that computer driven warfare will be the way of the future. Although a digital war would impact our daily lives, it prevents the direct loss of life that occurs in traditional warfare. As other fields of robotics and artificial intelligences grow, the importance of cyber warfare tools will only rise. We can prepare for this in several ways, by ensuring strict standards of digital compliance across companies that take customer data, public and private partnerships to ensure exchange of information and allow for quick response to cyber-attacks and greater investment in the US Cyber Command. Cyber-attacks are indeed the latest attempts by countries to undermine others and become a superpower themselves. In such changing times, we must follow the advice of the Theodore Roosevelt, the 26th President, who said “speak softly and carry a big stick; you will go far.” (Martin)

Works Cited

Brenner, Susan W., and Leo L. Clarke. Civilians in Cyberwarfare: Conscripts (n.d.): n. pag. Vanderbilt Journal of Transnational Law, 4 June 2010. Web. 9 Apr. 2017. <https://www.vanderbilt.edu/wp-content/uploads/sites/78/Brenner-_Final_1.pdf>.

Lanxon, Nate, Jeremy Kahn, and Joshua Brustein. “The Possible Vendetta Behind the East Coast Web Slowdown.” Bloomberg.com. Bloomberg, 21 Oct. 2016. Web. 11 Apr. 2017.

Laudicina, Paul. “2017 Will Be the Year of Cyber Warfare.” Forbes. Forbes Magazine, 16 Dec. 2016. Web. 9 Apr. 2017.

Lewis University. “The History of Cyber Warfare.” The History of Cyber Warfare. Lewis University, 19 Dec. 2016. Web. 9 Apr. 2017.

Libicki, Martin C. “Effective Cyberdeterrence Takes More Than Offensive Capability.” RAND Corporation – Testimonies. RAND Inc., 01 Mar. 2017. Web. 14 Apr. 2017.

MacAskill, Ewen. “US Drones Hacked by Iraqi Insurgents.” The Guardian. Guardian News and Media, 17 Dec. 2009. Web. 10 Apr. 2017.

Martin, Gary. “‘Speak Softly and Carry a Big Stick’ – the Meaning and Origin of This Phrase.” Phrasefinder. Gary Martin, 2017. Web. 11 Apr. 2017.

0

3 comments on “Elements of Cyber Warfare: Examining The Way Forward”

  1. Thank you for this post Farhan!

    I am very fond of geopolitics and I am very excited about the way cyber attacks are becoming a huge issue, while considering international relations. Indeed, as you explained it above, the last few years have seen ever more nation-states and independent organizations resorting to cyber attack. Thus, as a reader of financial press I have been struck by the growing number of news concerning these cyber attacks, especially when I realized that these ones came in majority from nation-states… It shows that computing does provide individuals and states with a new kind of powerful weapons, which have already proved effective and harmful to the economy: the DDoS attack on Dyn has interrupted a big amount of financial transactions on the targeted websites, and the recent worldwide ransomware attacks (May-June 2017) have crippled many major companies…
    (https://www.theguardian.com/world/2017/jun/27/petya-ransomware-attack-strikes-companies-across-europe)

    0
  2. Farhan,

    Thanks for your thoughts. Like you said, the proliferation of capabilities within the cyber domain represents a paradigm shift in warfare, much like the development of nuclear weapons and stealth technology as a part of the second offset strategy. However, I think that it’s important to remember that civilian involvement in warfare is not an entirely new concept and cyber is certainly not the first time that civilians have been drawn into conflict. For instance, World War II ravaged all of Europe and caused an unquantifiable amount of suffering for a massive portion of the civilian populous. That said, there are also numerous other parallels with cyber warfare and conventional warfare and I believe that many of the enduring ethical principles that apply in kinetic conflict will also serve to guide policy as it relates to cyber. Additionally, while I think that cyber will play a major role in future warfare, I do not think that it will become the be-all, end-all of future conflict. Figuring out how to effectively and rapidly integrate new cyber capabilities in with those conventional capabilities will be the key to success in the future of warfare.

    Thanks!

    Tom

    0
  3. Hi Farhan,

    Thanks for the post.

    You mentioned about the IoT based cyber attack on Dyn. With the increase in the number of connected devices do you think that the ease of access these devices provide outweighs the potential threat they pose if they are compromised? Also there are a number of connected diy devices that individuals built themselves which may not have the level of security that a manufactured device may. These devices pose an even bigger security concern, based on the fact that they have little to no security at all.

    Maybe what we need is some sort of regulations and guidelines for IoT devices. IoT devices should fulfill a minimum standard of security protocols before they could be allowed to connect to the internet. Would that help? What do you think?

    Talal
    MS&E-238A

    0

Comments are closed.