Pages

8 October 2022

The Looming Threat of Cyber War

David Jackson

New technology has always played a pivotal part in warfare. In World War I, death tolls reached massive heights due to the incorporation of poison gasses and machine guns on both sides of the trenches. In World War II, the devastating impact of the nuclear bombs on Japan brought the world’s greatest tragedy to an end. Today, the United States spends hundreds of billions of dollars every year to ensure its military has the latest weaponry in its arsenal. Yet just like the rest of the world’s activities, the threat of war has made the transition to the cyber sphere.

The threat of cyber war looms over every country to some extent, but for some countries, it’s already arrived. In the first 10 weeks of the year, over 150 cyber attacks were launched against Ukraine. In January 2022, hackers disabled more than 70 different government websites in Ukraine. In their investigation, Microsoft found malware in Ukraine government systems that could be triggered remotely. A month later in February, the FBI asked US companies to alert them to any increased cyber activity against Ukraine. The Cybersecurity and Infrastructure Security Agency (CISA) issued a “shields up” alert to encourage organizations to adopt a heightened cybersecurity posture. Finally in March, mere hours before Russian troops began the physical invasion, Ukraine was hit by new malware designed to wipe data from government systems. Cyber war both preceded and heightened the conventional war now taking place in Ukraine.

For Russia, the war with Ukraine is likely serving as a live testing ground for its next generation of cyber war tactics and weapons. Ukraine’s tech infrastructure is similar to that of West Europe and North America, but they have comparatively limited resources to mount counterattacks. Cyber attacks in the region have grown over time; in 2015, suspected Russian hackers knocked out electricity for 230,000 customers in west Ukraine. In 2016, a similar attack went after Ukrainian government agencies and financial establishments. In 2016, the “NotPetya” attack on Ukraine wiper computers belonging to financial, business, and power grid sectors.

How has the US responded to this form of aggression? Both the US and the EU have provided support to bolster cyber defenses in Ukraine, but cyber attacks are unlikely to stay within any country’s borders. Another, more grassroots approach to cyber attacks has pro-Ukraine hackers targeting websites in Russia to create panic and chaos, but not target critical infrastructure. Such attacks typically scan wide swaths of the internet for vulnerable devices. The malware automatically attacks targets where it’s likely to succeed. Despite the intentions of the hackers, these attacks are more likely to bring collateral damage across borders.

The issue of cyber war is not far from home. Half of US tech execs say they consider state-sponsored cyber warfare to be their biggest threat. About 1 in 3 say that defining a national cybersecurity protocol should be a top priority. The growing connection between cyber and physical assets brings greater risk to both network and physical security. In 2021, the average cost of data breaches and cyber attacks on companies was $4.24 million, up 10% from the previous year. Changes spurred by the COVID-19 pandemic have only heightened the potential for damage from cyber threats. More information has moved onto the cloud. More services are provided digitally than ever before. Perhaps most importantly, more people are working remotely using their relatively less secure home networks and personal devices.

What distinguishes cyber attacks from a cyber war? So far, the difference lies in scale. To date, most cyber attacks have been less devastating, perhaps because they were trial runs for cyber weapons instead of the real deal. Even so, cyber attacks have the potential to shut down electrical grids, destroy pipelines, or explode power infrastructure. If an attacker were particularly aggressive, they could knock down many targets at one time, thereby magnifying the impact of their assault.

This idea leads into cyber warfare, which could have an impact on the same scale as a natural disaster. If this is hard to imagine, take the example of knocking out a power grid. Depending on conditions at the time, knocking out a power grid could create similar conditions to the 2021 Texas freeze, in which the state-owned power grid was incapable of serving customers in winter conditions and led to massive blackouts. This led to widespread damage due to frozen and burst pipes. Millions of people lost electricity, food storage, and/or access to water. The disaster was a massive disruption to everyday activities, and as a result, over 200 people died. While the Texas Freeze was due to unusual weather and poor grid management, a similar situation could arise intentionally from cyber malfeasance.

Even though the US is ranked most secure against cyber war attacks (second place going to Japan), 93% of Americans still fear the prospect of cyber war. A dismal 19% of citizens are totally confident the government can defend them on the digital front. So for those who fear for the wars to come, what is there to know about cyber warfare?

The first thing to keep in mind is the sort of weapons likely to be used. 90% of potential cyberattacks are distributed denial of service, or DDoS attacks. A DDoS attack seeks to make a resource unavailable to users, with the most common target being financial services. This lines up well with the service Americans are most afraid of losing: finances, followed by cell service, running water, and internet, respectively. Other concerns are fresh food, utilities, and health records. In fact, a recent cyber attack carried out by suspected North Koreans went after US hospitals for ransom. The United States has been able to recover much of the money lost in the ransom, but the attack proves just how vulnerable many systems are in the US. Healthcare devices are a particularly easy target due to the abundance of outdated machinery in hospitals and the emphasis on patient privacy over safety.

What can everyday Americans do to protect themselves against cyber warfare? There are a few basic steps everyone can take, regardless of technology proficiency. The first is to make sure all software for computers and mobile devices is up to date. Most updates include improved cybersecurity measures, and cyber attacks are often crafted based on the previous generation of targeted software. Annoying as update notifications can be, they serve an important purpose in keeping devices safe.

Another good policy is to backup important documents offline. This can mean downloading them onto a hard drive, but paper copies are even more secure against cyber attacks. Of course, part of the digital revolution has meant moving away from paper documents. As convenient as that has been for most parties, it comes with its own set of risks. Recall that several cyber attacks on Ukraine operated with the intent of wiping whole devices clean. The hackers didn’t stop at the internet. In the same vein, it may be worthwhile to back up photos, contacts, and important emails offline as well. While it may take up storage space, it secures what’s important to the user from the threat of loss in the case of a cyber event.

As helpful and convenient as online banking is, it’s an increasingly bad idea to have all an individual’s finances exclusively in digital form. Having cash reserves has a terrible return on investment, but it can secure people in the case of a major emergency. Even in people exposed to more conventional disasters, cash and commodities (like gold) have proven handy in securing goods and services.

Taking the idea of physical reserves a step further, 31% of Americans report having generators installed and extra food and water stored away in the case of an adverse event. While these measures may not be designed with cyber war in mind (many are in response to natural disaster threats) they can help individuals weather disasters of many types. Just make sure the water isn’t contaminated and the food doesn’t spoil.

The next tip on this list is to change important passwords. Don’t use the same one for too long, and don’t use the same password for too many different accounts. Nowadays, bots can guess short passwords (or passwords made up of only letters), in as little as a few seconds. Tools such as machine learning can expedite the process by feeding artificial intelligence a set of real passwords. This means people should avoid using typical passwords (such as real words, capitalizing the first letter of a word, and years), and generate a more intricate key to the lock of their online account. Difficult as these passwords can be to remember at first, they come as second nature with enough practice, and having a difficult password is worth the pain if it protects an individual against a cyber attack.

Beyond keeping passwords secure, follow common sense when using the internet. A lot of phishing schemes rely on human error to succeed. While phishing schemes may not be attacks on the same level as the war in Ukraine, they can still cost individuals and companies large sums of money. Never give away sensitive information to an unverified source, check email addresses before responding, and don’t click on links unless their destination is reasonably known. Many inboxes are equipped with a way to report suspected phishing or spam, and even the ones that don’t offer a handy “delete” button for all suspicious messages. As more organizations are becoming aware of the threat cyber attacks can pose to them, more and more are making employee cybersecurity training a mandatory course of instruction at their workplace. These courses can offer just as much protection to the worker as they do the company.

While the above solutions are all things that any individual can do, it’s important to recognize that some people are more proficient with technology than others. Cybersecurity is a growing profession, with demand spreading across the country. People who provide cybersecurity services can make better-than-average salaries even at the entry level. As warfare moves online, cybersecurity professionals act as the new generation of soldiers. They rarely see physical violence, yet their efforts provide safety and security to a growing number of people around the world.

The world has changed. The face of warfare has changed with it. Thanks to the anonymity and ambiguity of cyber war, lines on the battlefield are more complicated than ever. Individuals need to prepare themselves for battle with a strong defense.

No comments:

Post a Comment