Pages

12 September 2016

Understanding the military buildup of offensive cyberweapons

By Conner Forrest

September 1, 2016 

"Shall we play a game?"

"Love to. How about Global Thermonuclear War?"

True geeks will recognize the above exchange as one of the seminal pieces of dialogue from the 1983 film WarGames, where a young hacker named David Lightman nearly starts World War III after gaining access to a powerful military supercomputer. The film was a critical success, and set the stage for a variety of films that explored the relationship between cybersecurity and the military.

WarGames, and films like it, were meant to be perceived as fictional. As time has gone on, though, the line between what kinds of cyberwarfare are possible, and what are science fiction has begun to blur. Computer programs like the Stuxnet worm, for example, have taken down large portions of government infrastructure, including centrifuges used in Iran's nuclear programme.

But, when and how did this happen? The rise of offensive cyberweapons has changed the landscape of cyberwar, from protecting against data theft to defending against physical destruction. To understand this rise, it's helpful to look at the history of such weapons.

The birth of offensive cyber


There's much confusion around some of the language used when referring to elements of cyberwarfare. According to Ewan Lawson, senior research fellow for military influence at RUSI (Royal United Services Institute), it's important to clarify that offensive cyberweapons don't typically deal with passive activities like data collection or surveillance; rather, a cyberweapon is something that is "deliberately designed to do damage or destruction."

Bob Gourley, co-founder of the cyber security consultancy Cognitio and former CTO of the Defense Intelligence Agency, echoed that sentiment. According to Gourley, at least in the US, "offensive cyber weapons are not designed to take information, but to degrade, disrupt or destroy systems."

You can download our full special report as a PDF in magazine format. It's free to registered ZDNet and TechRepublic members.

Cyberwarfare, and these offensive weapons associated with it, have been around for a long time. Gourley, and others, would argue that these weapons have been around since the US Civil War, when both sides began destroying the telegraph lines that carried vital information. As technology progressed, military targets continued to be attacked, but civilian infrastructure did as well, Gourley said.

"I would suspect that, since the beginning of networking, there's been cyberwars going on, but we just haven't known about them," said Forrester analyst John Kindervag.

More recently, though, major cyber attacks have come to light showcase just how powerful cyberweapons can be. Perhaps the most notable of these is aforementioned Stuxnet, a computer worm that caused some centrifuges involved in Iran's nuclear programme to self-destruct.

"Stuxnet is interesting in that it was one of the first incidents where cyber accesses, effectively, were used for destructive purposes," said RUSI's Lawson. "Prior to that, there might have been some deletion of data, there have been DDoS-type attacks, but Stuxnet is one of the first where you see actual, physical destruction as a consequence of an attack through cyberspace."

Of course, that's just the surface-level effect. Stuxnet also proved how far some entities are willing to go to successfully carry out an offensive cyberattack. Forrester's Kindervag said that tools like Stuxnet were obviously not built overnight, and some experts on the development of such tools have estimated that, if it was to be built as a commercial product, the development costs would be around $100 million.

The Stuxnet worm was uncovered by accident, when its source code escaped into the wild. According to Scott Warren, a partner at Squire Patton Boggs who specializes in cybersecurity, this presents another serious problem.

"The worry here is that it has mapped a blueprint for the next generation of cyberwarfare. From the previous being focused on corporations and individuals -- and which were primarily financially motivated -- to one where an attack on a city's infrastructure is now possible," said Warren.

Still, Stuxnet isn't the only attack of its kind to make headlines. Around the same time that the famous Sony hacks were coming to light, a cyberattack was used to cause massive destruction at a German steel mill, Lawson said. And, even more recently, hackers were able to attack Ukraine's power grid and shut off power in some areas.

Despite these things seeming to happen more often, it doesn't necessarily mean that the world is seeing a rise the availability of cyberweapons. Lawson argued that it's a matter of more opportunities presenting themselves, while Kindervag said that it could just be a matter of increased awareness.

On the flip side, Warren would argue that there is evidence of a rise in the use of cyberweapons. However, he said, it's important to understand the semantics around some of the phrasing.

"Under the UN definition, there have been very few attacks that would qualify as 'cyberwarfare,'" Warren said. "Perhaps many of the other examples are more 'cyber-terror', where individuals act in a coordinated fashion -- such as 'hacktivisits' -- to disrupt or destroy infrastructure."

Whatever the terminology, the fact is that offensive cyberweapons are here, and are bound to become more prevalent and more powerful in the future.
The reality of cyberwarfare

One of the other big questions to answer is: Who has these weapons? The short answer is, no-one is entirely sure. When it comes to traditional weapons, like nuclear missiles, there are measures in place to track their origin of launch, or to measure how much enriched uranium a country has stockpiled. For cyberweapons, these things are far more difficult to track.

So far, we know that the US and UK have declared programs, Lawson said. China, Russia, Israel, and North Korea are all typically regarded as potential major players in cyberwarfare as well. But, it's also plausible that many more groups are involved.

"My instinct and experience tells me that every nation state is involved in this," Kindervag said.

Even though it's unclear what capabilities many countries have, their responses to the rise of cyberwar have been more public. The US is especially open about this, declaring that it has two cyberspace weapon systems available and elevating its Cyber Command to a Unified Combatant Command (UCC). The US government has even declared cyber as the fifth domain of warfare -- land, sea, air, space, and cyber.

Around the world, though, jobs have been popping up for government roles in cyber. Lawson said that the UK model tends to be mostly government-based, while the US model is a mix of contractors and government. The Russian model, he said, appears to be a combination of formal military service organizations and a willingness to use non-state groups and activists. China, on the other hand, is very military-focused. What's interesting to note, Lawson said, is that the approaches to cyber among these countries are very mixed.

However, there's still no governing body that deals with issues related to cyberwarfare, Warren said.

"If a country goes rogue with chemical weapons, there will be sanctions placed on it by the UN or others," Warren said. "This is not yet the case for cyberwarfare. Proving who was behind a given attack is also difficult, with some countries pointing the finger at a group of patriotic hackers. No government has admitted any role in Stuxnet, for example."

These risks affect business and consumers as well: if a business is working with the government, or providing a product for them, it will be targeted. For example, Lockheed Martin had its plans for the F-35 stolen, Lawson said.

SEE Network Security Policy Template (Tech Pro Research)

The potential for attacks on infrastructure pose a challenge for both businesses and consumers. Attacks such as one that would shut down a power grid would be early aims in a cyberwar, Lawson said. And while the effects are often temporary, a cyberattack on a power grid could cost billions of dollars.

Critical national infrastructure like water and power come into play, but non-traditional infrastructure will also be targeted, Lawson said.

"What about things like food distribution networks in the West, where everything is 'just enough just in time?' It wouldn't take much to disrupt those to the point where there's no food on the shelves," Lawson said.

Despite the increased risk brought about by cyberwarfare, some experts would argue that there is an intrinsic value that comes with its rise. Both Gourley and Kindervag made the argument that the use of Stuxnet possibly saved the involved parties from a ground war. One could hypothesize, Kindervag said, that Israel might have felt it necessary to attack the nuclear refineries in Iran if they hadn't first been disabled by Stuxnet.

An additional argument would be that, if war has to happen, it would be better if it was perpetrated in cyberspace instead of the real world.

"If we're going to have warfare, the cyber world is a pretty bloodless place to do it," Kindervag said.

No comments:

Post a Comment