Elements of Cyber Warfare: Examining The Way Forward
From the Morris worm in 1988 to the 2017 presidential election, cyber intrusions and attacks have become common place in contemporary society. This is in large part due to our increasing reliance upon technology and computing to build and maintain our social, political and financial infrastructures. A single exploit into a government database or a denial of service attack on a large ISP (internet service provider) can wipe millions from the stock market or bring society to a standstill at the proverbial click of a button. This endangers national security unlike ever before, as nation-states or other organizations that wish to do us harm can achieve the same results as a physical attack without ever stepping foot on our shores or attacking our military directly.
The consequences of such a paradigm shift are even bigger than the invention of the atom bomb as the “weapons” of cyber warfare can be produced by single person or entity. Computer exploits, malware and social engineering are not limited by physical resources and can often bring down their targets before the victims are even aware of an intrusion. Even when they are detected, it is often too late to mitigate the loss or theft of data and even harder to trace the original source of the attack as the attacker can often spoof the system (making it look like it originated from elsewhere).
It is no surprise then that countries are pouring their brightest minds to work on both securing internal web infrastructure and finding flaws in enemy systems. If a country’s financial or missile launch systems can be infiltrated and taken down without even a single bullet being fired, what use is missile or ammunition stockpiling?
Modern techniques of cyber warfare rely on many elements that have only become commonplace since the early 2000s. (Lewis) Due to the expanded use of often poorly designed software, rise in computing power and prevalence of the internet, cyber-attacks can take multiple forms such as: zero day exploits (exposing flaws in software whereby login credentials can be bypassed), botnet attacks (automated scripts running on hacked computers making millions of request to a server thereby overloading it and causing a crash), targeted phishing (fooling a person who’s account has valuable access and stealing their password) and data interception (siphoning data from private databases to use without authorization often against the company) to name a few. It is not surprising that a 2009 global survey of executives working for critical infrastructure and computer security companies found that “45 percent believed their governments were either ‘not very’ or ‘not at all’ capable of preventing and deterring cyberattacks.” (Brenner)
A few major incidents from the past decade give us a glimpse into what a future, all out cyber war could hold. For example, in December 2009, Iraqi insurgents intercepted data from US surveillance drones and got aerial footage of American military force locations. (MacAskill) In April 2011, Sony PlayStation Network was hacked by the international hacktivist group “Anonymous” which looked to punish Sony for not offering protections to customers. Tens of millions of credit card numbers were stolen in the attack. (Pepitone) Although these individual events are separate they show a common theme that now, anyone from anywhere with the right tools can cause extensive damage to the American military or economy.
In more recent years cyber-attacks have scaled up in a large extent which many experts feel can only be the result of more countries getting involved. (Laudicina) October 2016 saw the largest denial of service attack in history, generating more than 1.2 terabits per second requests from servers, bringing down many of the sites hosted in Europe and North America. It targeted Dyn, a domain name hosting service used by companies such as Twitter, Reddit, GitHub, Amazon, Netflix and Spotify which brought all those services down temporarily. (Lanxon) It used the typical botnet tactic with a twist as it created a botnet from IoT (Internet of Things) devices such as smart TVs, refrigerators, baby monitors etc. which far outnumber regular computers as they cheaper and easier to make. These IoT platforms were insecure and the attacker found a way to control them without the owners of these devices ever being aware that their device was being used to bring down the internet. (Lanxon)
What we see is a world of increasingly complex cyber-attacks coming from a wide array of opponents which seems more and more overwhelming each day. Moreover, there is direct civilian impact unlike traditional kinetic warfare and a no-holds barred approach to these attacks. Their damage cannot be instantly quantified and this makes it difficult for countries to respond directly to these attacks. Often by the time the dust settles and the damage is assessed the attackers have hidden their tracks or moved to a different location. Clearly these things make cyber war a non-zero sum game with multiple players vying for the supremacy. It also levels the playing field in that large countries do not necessarily have all the advantages.
This makes me acknowledge that a future cyber war could alone decide the fate of nations as it could cripple the country before any confrontation on the battle field. There seems to be no active deterrent against it as attacking with force only increases the expense of the country for the attacker doesn’t have to remain in one location. That is not to say that traditional warfare will go away any time soon, but I do feel militaries will be forced to transition to stealth based and highly targeted attacks like the ones we saw in the US Election if they are to truly be successful.
Finally, I’d like to advocate for a position where we accept that a cyber dawn is upon us and that computer driven warfare will be the way of the future. Although a digital war would impact our daily lives, it prevents the direct loss of life that occurs in traditional warfare. As other fields of robotics and artificial intelligences grow, the importance of cyber warfare tools will only rise. We can prepare for this in several ways, by ensuring strict standards of digital compliance across companies that take customer data, public and private partnerships to ensure exchange of information and allow for quick response to cyber-attacks and greater investment in the US Cyber Command. Cyber-attacks are indeed the latest attempts by countries to undermine others and become a superpower themselves. In such changing times, we must follow the advice of the Theodore Roosevelt, the 26th President, who said “speak softly and carry a big stick; you will go far.” (Martin)
Brenner, Susan W., and Leo L. Clarke. Civilians in Cyberwarfare: Conscripts (n.d.): n. pag. Vanderbilt Journal of Transnational Law, 4 June 2010. Web. 9 Apr. 2017. <https://www.vanderbilt.edu/wp-content/uploads/sites/78/Brenner-_Final_1.pdf>.
Lanxon, Nate, Jeremy Kahn, and Joshua Brustein. “The Possible Vendetta Behind the East Coast Web Slowdown.” Bloomberg.com. Bloomberg, 21 Oct. 2016. Web. 11 Apr. 2017.
Laudicina, Paul. “2017 Will Be the Year of Cyber Warfare.” Forbes. Forbes Magazine, 16 Dec. 2016. Web. 9 Apr. 2017.
Lewis University. “The History of Cyber Warfare.” The History of Cyber Warfare. Lewis University, 19 Dec. 2016. Web. 9 Apr. 2017.
Libicki, Martin C. “Effective Cyberdeterrence Takes More Than Offensive Capability.” RAND Corporation – Testimonies. RAND Inc., 01 Mar. 2017. Web. 14 Apr. 2017.
MacAskill, Ewen. “US Drones Hacked by Iraqi Insurgents.” The Guardian. Guardian News and Media, 17 Dec. 2009. Web. 10 Apr. 2017.
Martin, Gary. “‘Speak Softly and Carry a Big Stick’ – the Meaning and Origin of This Phrase.” Phrasefinder. Gary Martin, 2017. Web. 11 Apr. 2017.