BEN MACINTYRE
OCTOBER 31, 2015
A new sort of war is looming: it is undeclared and undefined, its battlefield both universal and invisible. No one can be sure how such a war would start, how it might be fought, and how it would end. If naval power defined international relations in the 19th century and air power shaped combat between nations in the 20th, then cyber power will be the defining feature of the 21st-century battle.
The rules for this sort of war have yet to be written. An attack can come in many forms, and for many reasons: to cause disruption, or destruction, or to make a point. It can be a carried out by organs of the state, semi-authorised actors, criminals or independent hackers. The attacks may be motivated by financial greed, industrial espionage, mischief, power, politics or propaganda.
A cyber attack may be merely annoying. But it also has the potential to be as devastating as a nuclear attack, only far less predictable and controllable.
One of the principal roles of GCHQ is to defend Britain against cyber attacks. Its primary function is not to defend, say, a dating website from hacking (although it plays a role in advising private industry) but to protect the systems essential to the nation. The “cyber umbrella” covers the military and intelligence agencies, the government and the critical national infrastructure: the energy, financial and other networks, such as air traffic control, that enable the country to function.
“We’re explicitly about protecting British interests in cyber space, and any system with an on/off switch is potentially vulnerable,” says director-general for cybersecurity Ciaran Martin.
As every military analyst knows, a purely defensive posture is no guarantee of peace; an offensive cyber capability is part of the new battlefield planning.
The methods or detecting and dealing with a cyber attack are very similar to those used by GCHQ for counter-terrorism and preventing crime. Bulk communications data are combed for evidence of threats: “It’s the same tradecraft,” Mr Martin says. “We’re looking for foreign adversaries by examining technical patterns in the data ... If the government infrastructure comes under attack, we can see the malware as it hits us, and where it comes from.”
Cyber attacks tend to fall into one of three categories, depending on whether they are motivated by money, power or propaganda. Cyber thievery is endemic. “There is a huge amount of illegal activity, ranging from spamming and phishing emails to sophisticated internet intrusion for espionage and disruptive purposes,” Mr Martin says.
Beyond ordinary criminality, there is cyber espionage against government targets and companies to steal property, market data, blueprints and other information to gain advantage. China is adept at commercial hacking and the theft of big company data: it is part of state planning, with a section of the People’s Liberation Army devoted to cyber operations.
It is also about power; the secretive cyber conflict can be compared to a form of rearmament, a demonstration of covert technological muscle in the digital age as a tool of international relations. For China, Russia and North Korea, a display of cyber strength sends a message to the enemy, an implied threat.
Russia is adept at this form of “pre-positioning”. Russian state-led cyber assaults were detected in Ukraine at the start of the conflict there. Iran has used cyber aggression as a diplomatic weapon: when talks with the US were going badly in 2012, US banks were hit by a wave of attacks.
The extent to which such attacks are state-led and state-enabled, or merely encouraged or tolerated, is hard to say because, like everything on the internet, attribution and identity are fluid. Criminals, hackers and guns-for-hire may be working for a government, but nation states frequently use proxies to ensure deniability. In traditional war, it is fairly clear who fired the weapon: in cyber space, there is no such certainty, and all parties cover their tracks or hide behind “false flags”.
The third element of cyber aggression is propaganda, the invasion of a computer system to make a political statement. The cyber attacks on Sony after a film mocking North Korea are widely attributed to Pyongyang, although the issue of attribution was muddied by the attackers.
The cyber threat is huge, growing, and potentially devastating. Imagine the destruction if the air traffic control system or the national grid were shut down. But Mr Martin disputes the nuclear comparison: “Cyber is more graded. You can’t be a bit nuclear. But you can be a bit cyber.”
With cyber aggression growing between states, the issue arises of what constitutes an act of war. If the source of a cyber attack is hard to identify definitively, what is a justified response? These issues are under debate at the UN, but in such a fast-changing arena any new rules of cyber war set today may be out of date by tomorrow.
“We have not seen state cyber attacks used for destructive purposes yet,” Mr Martin says.
“It has mostly been done for political purposes aimed at targets in the private sector. But it’s a small step to go from disruption to destruction.”
The immediate threat may come not from nation states but from tech-savvy terrorist groups such as Islamic State.
“If a terrorist can fly into the World Trade Centre, he would want to turn off the banking system if he could,” he says. But building a cyber threat requires a sophisticated technology network and considerable resources. “It’s a serious threat if they could manage it from Ramadi. But the terrorist hacker able to blow up the world hasn’t happened yet ... a really bad attack requires organisation, resources, training.”
As for the menace of a cyber caliphate emerging from the ranks of ISIS in Syria and Iraq, Mr Martin is sanguine. “They have some sophisticated users of media and IT, but they don’t appear to have a centre for the development of cyber warfare. Yet.”
No comments:
Post a Comment