The state of cyberwar

Feb 26, 2016

As the Internet and similar technologies began to creep further into government operations, hacking became the go-to method for collecting intelligence about foreign entities. It was a lot easier than sending in a spy to figure out what other countries were up to, and it didn't involve risking anyone's life to do so. However, recent developments into what a country can do with a cyberattack have shown warfare itself might see a major overhaul due to the digital revolution. 

New York Times contributors David E. Sanger and Mark Mazzetti wrote an article about code-name Nitro Zeus, a contingency plan that was meant to use hacking techniques to lower Iranian defenses if efforts to stymie the country's nuclear capabilities went awry. This included shutting down the country's air defenses and communicative capabilities, as well as creating power outages. Although peace talks were successful, the implications of such a plan show how the face of warfare itself is rapidly shifting. 

Not the first time Iran has been targeted

While Nitro Zeus was an extremely unique collaborative, costing tens of millions of dollars and utilizing the skills of thousands of military cybersecurity professionals, it wouldn't have been the first time Iran was hit by a cyberattack due to its nuclear program.

Back in 2010, systems at the Natanz uranium enrichment plant weren't functioning as they should have been. Upon further investigation, the Iranian facility discovered that an incredibly advanced piece of malware was wreaking havoc on critical operations. Later named Stuxnet, this cyberattack got access to key functions and began to mess with the valves on centrifuges in the plant. This increased pressure, thereby damaging the physical infrastructure of sensitive instruments involved in uranium refinement. 

In effect, Stuxnet utilized digital means to cause physical damage. 

No one has been officially blamed for the attack, but the level of sophistication needed for such an effort has led many cybersecurity experts to believe America was behind Stuxnet. Regardless of who created the malware, it has far-reaching implications. To begin, the fact that the unknown entity caused real, physical destruction without dropping a single bomb or harming even one person is impressive to say the least. This could lead to an interesting development in the history of human conflict: warfare with limited to no violence. 

On the other hand, Stuxnet and other hacking attempts like it could have a dangerous ramification. Unlike a bomb that's been dropped and detonated, cyberattacks can sometimes be reverse engineered. This enables the enemy to have the same hacking capabilities as the creators of the malware. Where this will take warfare is unknown, but it's certainly an interesting development to keep watch over. 

America isn't alone

Although the U.S. has been on the forefront of cyber warfare, America is in no way the only country to utilize a cyberattack against an opposing nation. On Dec. 23, 2015, Ukrainian power companies were hit by a massive cyberattack the likes of which had never been seen. At least six different electricity providers were hit, according to CNN, taking out a large chunk of Ukraine's grid. Wired reported that more than 80,000 people were affected by the attack

Much like Stuxnet, discovering the culprit behind the cyberattack has proved difficult. That said, U.S. Deputy Secretary of Energy Elizabeth Sherwood-Randall strongly believes Russia perpetrated the event. This certainly wouldn't be a stretch, considering the country's interest in the region. Regardless, the point here is that cyberwar isn't being perpetrated solely by the American government. Rather, this is a global phenomenon that the U.S. is simply trying to stay ahead of.

Is America vulnerable?

The answer to this question isn't as clear-cut as one might think. While it's true America's cybersecurity defenses are some of the best in the world, it's really just a numbers game. The U.S. can stop a countless number of cyberattacks against it, but all it takes is missing one for a massive intrusion to wreak havoc on American infrastructure. In fact, former cyber warfare operations officer for the U.S. Air Force Robert M. Lee was quoted in the Wired article as stating America isn't as safe from an attack similar to the Ukrainian power outage as some might think. 

"The capabilities used (in the Ukraine attack) weren't particularly sophisticated but the logistics, planning, use of three methods of attack, coordinated strike against key sites, etc. was extremely well sophisticated," said Lee. "Despite what's been said by officials in the media, every bit of this is doable in the U.S. grid."

The problem with America's power infrastructure actually has to do with how technologically refined it is. Much of the American grid runs automatically, which is great for overhead but means the country wouldn't be able to go to manual control like the Ukrainian power companies chose to do following the attack. 

Only time will tell what the future of cyberwar will look like. Regardless, it is imperative that U.S. governmental agencies begin to understand the gravity of the current situation. Cyberattacks can now have physically damaging results, which means that cybersecurity efforts have never been as important. 

Category: Cybersecurity