17 July 2020

Cyber Warfare is the New Warfare

Tyler Elliot Bettilyon

In the last few months we’ve seen a number of examples of the increasingly blurred line between conventional force and cyber attacks. After Iran shot down a U.S. surveillance drone the U.S. disabled Iranian missile capabilities by hacking their computer systems. In response to a conventional missile attack, the U.S. deployed a cyber attack. An example of the opposite played out earlier this year when Israeli forces used missiles to destroy a Hamas controlled hacking den.

These two examples are part of a larger trend in the use of computers as weapons of war. Hackers are no longer confined to the world of intelligence and espionage. Instead, we can expect a future where cyber attacks will routinely be a component of conventional warfare and where the hackers who deploy these attacks will be increasingly subject to retaliation in the form of conventional weapons. The continued internetification of everything from missile systems to electric grids has resulted in an attack surface too juicy for military actors to ignore.


Furthermore, the evolution of cyber attacks has forced nations to change the way they respond to a network intrusion, consider the malware known as Triton. This virus is designed to disable industrial safety controls and is capable causing significant loss of life, diminished defensive capabilities, and destruction of critical infrastructure. Triton was first discovered on the network of a Saudi petrochemical plant, and researchers say that the malware could have been used to cause the plant to explode. Taking the threat one step further: The infamous Stuxnet virus — which was successfully used to cripple an Iranian nuclear facility — was mercifully designed to achieve its goals without any loss of life, but imagine if it had been designed to cause another Chernobyl instead.

While hacking intrusions are classically considered to fall within the realm of espionage, destroying a petrochemical plant with Triton is clearly different. The knowledge that digital intrusions can escalate to physical destruction makes it much easier for nations to justify violent retaliation, and harder to justify more passive responses. Israel’s physical response to Hamas’ hacking efforts may become the norm as digital attacks become more deadly.

Another example of hackers entering the realm of the physical is the ongoing tet-a-tet between the U.S. and Russia over remote control of each other’s electrical grid. Far from benign, control over a foreign electrical grid would be an extraordinary tactical advantage in the context of a conventional war: Imagine being able to cause a massive blackout or power plant explosion in the moments just before a missile strike or an invasion. It doesn’t stop at state actors either. Malware like Triton is especially dangerous in the hands of terrorist groups or lone-wolf types. These actors generally don’t have infrastructure that can be easily targeted in retaliation, and are therefore difficult to deter. They are often harder to identify as well, making deterrence through retaliation even harder.

Every day more devices are connected to the internet, more information is stored on those devices, and more control is given to those systems. As the attack surface continues to grow nations that have invested significantly in computers as tools of war have seen impressive yields. In addition to the well established information theft and intelligence gathering capabilities, we now have malware capable of controlling moving vehicles, destroying petrochemical plants, disabling electrical grids, and more. All of this is possible from arbitrary distances at the press of a button and is enacted near instantaneously.

For a conventional hegemon such as the U.S. the emergence of cyberspace as a major battleground could pose a real threat. While the hackers at the CIA, NSA, and FBI are among the world’s best there is an inherent power imbalance in computer warfare: Cyber offense is much easier than cyber defense. It is significantly harder to secure any given system against all attacks than it is to find one attack against that system. Similarly, it is orders of magnitude more difficult to secure every critical system against every possible attack than to find a single vulnerable target.

Computer based warfare is also extremely cost effective compared to the R&D budget required to build nuclear weapons, aircraft carriers, and stealth bombers to fill said aircraft carriers. A nation that could never really compete with the U.S. in terms of conventional weapons may well be able to obtain enough computational power and know-how to strike a significant blow against U.S. assets via cyberspace. Making matters worse, cyber attacks are generally harder to trace than conventional attacks. In the event of a well organized cyber attack the responsible nation may well have plausible deniability, making a response harder to justify.

Changing the medium has sometimes meant changing the target too. Targeting conventional military assets — as the U.S. did with Iran’s missile systems — remains an important goal. At the same time, information and economic warfare have been brought to the forefront in today’s digitized and globalized world. North Korea deployed the WannaCry ransomware against businesses around the world as part of a larger cyber crime fueled economic strategy. Extremist groups have manipulated platforms like YouTube and Twitter to recruit members and spread propaganda. China and its network of co-opted corporations continue to invest in spyware, espionage, and computer based social control mechanisms. As international competition continues to evolve — especially if we can keep avoiding a war between major powers — the tools of conventional warfare may find themselves taking a back seat to digital tactics.

The nature of some cyber attacks can also make it difficult to craft a proportional response. How should the U.S. government respond to North Korea’s targeting of American businesses with ransomware? We can’t use conventional force without risking serious escalation; there are already extensive economic sanctions against the nation, so we can’t really turn that dial; North Korea doesn’t have an economy that we can similarly extort in a ransomware tit for tat; but doing nothing only further incentivises the use of ransomware and similar tactics. So what should we do?

Another challenging example — and one that is sure to come up again soon — is how to respond to Russian disinformation campaigns against U.S. citizens? Russia has proven themselves adept at weaponizing the internet and they seem keen on continuing to do it. Their efforts to influence American politics have been well documented by Robert Mueller, and the Russians seem to have used a similar playbook to influence other elections around the world as well. By weaponizing tools like Facebook and Twitter foriegn powers have found powerful propaganda platforms and more direct access to foreign audiences than ever before.

Many little laws were broken along the way, but much of what the Russians did is perfectly legal. For example, Russians crafted websites and sought out original content from controversial American writers. They sold patriotic merchandise like paintings featuring American soldiers, bald eagles, and the American flag, targeting the American right. They also sold merchandise targeting the LGBTQ community and the Black community, especially people interested in the Black Lives Matter movement, targeting the American left. They even helped organize real life political rallies in the United States.

Some crimes were committed: Stealing the DNC’s emails is a crime and Meuller’s office filed many other criminal charges against Russian individuals and entities, including the Internet Research Agency. But these actions — even the legal ones — were fundamentally about making America less stable, less democratic, and less powerful. We (and especially our politicians) got ourselves into this mess of outrage and polarization, but Russia is happy to add fuel to the fire.

Do these disinformation and propaganda campaigns constitute an act of war? Probably not, but it is clearly in our best interest to give Russia an adequate incentive to stop. If you believe that Russian influence was enough to tip the scales in Donald Trump’s favor — a position that is well within the realm of possibility given how close the election was — then you could argue that Russia effectively succeeded in causing an American regime change. Wars have been fought over much less, and have been fought specifically over regime change in the past.

The U.S. plainly overthrew Saddam Hussein in Iraq, and we tried to do the same thing in the Vietnam war. Our government has also surreptitiously worked towards those ends through propaganda efforts and arms deals. We helped orchestrate coups in Iran and in Chile, for example. Iranians and Chileans are right to consider our efforts towards regime change a violation of their sovereignty, and we’re right to consider Russian efforts a violation of our sovereignty. But what can we do in response… hack Russian voting systems to ensure that votes are counted fairly?

I don’t have the answers, but one thing is clear: As international competition and warfare continue to move into digital ecosystems we need to develop new paradigms to respond to these new threats, unless we want to invite more of the same.

No comments: