What with the current news around the events in Iran, the security level has been raised across most of the western world. With the heightened security levels, we can also expect cyber attacks from nation state actors based in Iran and the middle east on western infrastructure.
This blog has been in my backlog for a while, and due to this heightened threat I decided it was time to write up what Cyber Warfare was all about and what we can do to mitigate its effects.
What is Cyber Warfare?
First lets define what Warfare is. A simple definition is given below taken from Dictionary.com:
- the process of military struggle between two nations or groups of nations
- war, armed conflict between two massed enemies, armies, or the like
- conflict, especially when vicious and unrelenting, between competitors, political rivals, etc.
Another definition can be taken from the Oxford learners dictionary.
There are typically four theaters of warfare:
Land warfare is concerning land based forces (army, marines, etc). Air is about delivering ordinances via aircraft for both defensive and attack postures. Sea is warfare using ships on the Sea. Space is conducting warfare through space based satellites, which is a reasonably recent innovation.
The Land and sea theaters are the traditional ones that have been around for hundreds of years. Air is more recent and came to prominence around the 1st World War. Space is more recent to within the last 50 years and is largely surveillance. However, in the Regan Presidency in the US this also became defensive space born weapon systems (The Strategic Defense Initiative – aka Star Wars).
What is more recent, probably within the last 10 years, is the new theater of warfare known as Cyber Warfare. This is where malware is used to cause critical damage to a countries infrastructure in times of conflict. This is typically exercised by nation states and not regular hackers.
Origins of Cyber Warfare
The first self replicating programs were developed back in 1949 by John von Neumann at the University of Illinois. This was basically a study on the Theory and Organization of Complicated Automata. The Creeper virus was first detected on ARPANET (the forerunner of the Internet), in the early 1970s. Creeper was an experimental self-replicating program written by Bob Thomas at BBN Technologies in 1971. I don’t intend to give a full history of the development of virus’s/malware at this point, but a very good Wikipedia article covers this in more detail if you are interested.
Wind forward to 2010 and we see the first documented cyber attack using the Stuxnet worm. This was a malicious programme that is believed to have been developed jointly by the US intelligence agency the CIA a their Israeli counterpart Mossad to cripple the development of nuclear weapons in Iran. This malware attacked centrifuges that were a key part in the nuclear enrichment process. The malware caused the centrifuges to spin at excessive speeds causing them to exceed engineering tolerances and therefore explode while telling the controllers that everything was working OK.
During the early days of the Internet a lot of our critical infrastructure (e.g. Electricity generation and distribution, Gas, Transport) was put online to allow engineers easier access the control systems remotely in the case of an emergency. At this time security was not really a concern as very few people had access to the Internet outside of industry, academic and military organizations. However, in more recent times access to the Internet has expanded to the point where ordinary consumers could not live without it and business is largely conducted using online systems.
There have been cases where the control systems for power generation have been secured behind a simple username and password, and were not typically encrypted. In today’s Internet such lack of security is irresponsible, but we are still finding legacy systems that have minimal security that are still live. These systems were just not built with security in mind and were, and still are, capable of being exploited by modern day techniques.
What is the Public Effect of Cyber Warfare?
As mentioned above, Cyber Warfare is largely concerned with attacking critical infrastructure through zero-day vulnerabilities, unpatched systems and Denial of Service attacks (DoS) to deny the attacked country access to that infrastructure.
As an example, we occasionally experience intermittent power cuts due to failures in the electricity distribution network. These incidents are often repaired quickly and the supply is restored. In the case of a successful cyber attack, possibly using some form of ransomware or a wiper malware (you can look these up in our glossary), the ability for engineers to restore the affected systems could take weeks. Having no electricity supply to industry, transport, etc. for an extended period would be economically crippling to a country, not to mention the supply of essential services like healthcare. Most critical infrastructure will have emergency generators (e.g. Banks, Hospitals, Military), but that is only meant to be short term. Eventually fuel will start to run out and these generators will start to fail if the electricity supply wasn’t restored.
We have seen malicious actors attacking Hospitals recently with Ransomware. I believe the motivation is mostly to extract a payment to restore the systems. What if a nation state actor deliberately attacked Hospitals with the intent of denying medical care to the population as part of a wider attack? The WannaCry attack in 2017 that crippled large parts of the UK National Health Service (and we are still seeing the after effects of this incident) has been largely attributed to North Korea – a Nation State Actor.
Who are These Nation State Actors?
I have used the term “Nation State Actor” above. These are typically government sponsored teams of cyber attackers. Their intent is often to:
- Acquire Intellectual Property (something China has been accused of)
- Extract personal information that can be used as pressure points in espionage
- developing malicious code that can be delivered to systems to disable them as part of cyber attack.
A Nation State Actor is not normally interested in getting payment (although it appears that North Korea is the exception). Nation State actors include the intelligence communities of most western countries (e.g. CIA, MOSAD, MI5). The documents provided by Edward Snowden, following his whistle blowing about what the NSA was up to, implicated GCHQ (the UK Government Communications Head Quarters) as being worse in their transgressions than the NSA and CIA.
This is where the current threat comes in as Iran is stated as having an extensive capability in Cyber Warfare.
What Can We Do to Defend Ourselves?
Ask yourself first what you can do to defend yourself against more traditional warfare. The short answer is that this is not under the control of the general population. Governments will do what they see fit, and we all suffer any consequences of the fallout.
Cyber Warfare is no different. Critical infrastructure can be taken out by sabotage, direct attack or through crippling the computer systems that control/manage it using malware. We can’t do much individually to defend against this.
The one thing we can do, which is standing advice, is to ensure our computers, phones, tablets are up to date with all latest security patches, old hardware is taken out of service when it is replaced and to ensure our IoT devices are managed effectively using patches. We should also use at least 2-Factor Authentication to secure our accounts, and where this is not provided a unique user Id and long/complex password (definitely > 16 characters including alphanumeric and special characters) should be used. A password manager should also be used to store our authentication credentials. This will do something to remove opportunity to co-opt your devices into a Bot-Net to deliver malware and Denial of Service (DOS) attacks.
The teams managing the critical infrastructure need to secure their systems. I would say that nothing should be connected to the Internet unless it is absolutely necessary. When it is it should be protected by Firewalls, VPN’s, multiple layers of protection (e.g. encryption, authorizing only users who need access) and extensive monitoring for suspicious activity on the servers and networks. A general policy of Trust No-one should be employed. They also need to proactively patch all systems as they become available. These companies should also seal USB ports, remove optical drives and removable hard drives and exercise intense scanning of email and other messaging. Anti-Virus solutions should also be part of this.
Cyber Warfare is largely a remote control attack. In order to deliver traditional ordinances (bombs, missiles) to a target, there are several layers of defenses to get through, and you physically have to be there often to delver it. A Cyber Attack can be launched from an office block in some downtown location thousands of miles away from the target. Due to the indirection of this type of attack, often nation states have some level of deniability.
Cyber Warfare is definitely the fifth theater of Warfare and needs to be treated as such by the managers of critical infrastructure and our military.
The industry is waking up to this and a lot of these critical systems are being hardened against this form of attack. As these control systems are being replaced, security is slowly being designed in. However, while these systems are open to the Internet they will continue to be vulnerable.
There are things that the average consumer can do, which is largely in line with the recommendations from the Guidance Sections of this website.
I will leave you with a couple of references:
- David E. Sanger’s book “The Perfect Weapon: war, sabotage, and fear in the cyber age” – this is the book that woke me up to Cyber Warfare
- Edward Snowden’s Autobiography “Permanent Record” (currently reading this one).
Books that are on my personal reading list:
- Brad Smith “Tools and Weapons: The Promise and The Peril of the Digital Age“
- Peter Singer and Allan Friedman “Cybersecurity and Cyberwar: What Everyone Needs to Know“
- Bruce Schneier “Click Here to Kill Everybody“.
Update 12 January 2020: The Independent newspaper has reported that Britain is in the final stages of setting up a security force to wage offensive cyberwarfare against terrorist groups, hostile states and organised crime groups that are threats to the country.