There have been many cyber incidents that could be ranked as cyber warfare, with one nation state, attacking another, or hacker groups launching attacks on behalf of nation states.
What actually defines a cyber warfare incident?
- Whether an attack is considered to be an act of cyberwarfare depends on a number of factors. These can include the identity of the attacker, what they are doing, how they do it, and how much damage they cause.
- Cyber-crooks who crash a bank's computer systems while trying to steal money would not be considered to be engaging in cyberwarfare, whatever their nationality. But state-backed hackers doing the same thing to destabilise a country’s economy would be considered cyber warfare attackers.
- The nature and scale of the targets attacked is another point. For instance disabling a missile defence system could be considered an act of cyber warfare.
- There is one key definition of cyber warfare: a digital attack that is so serious and with far reaching consequences it is seen as the equivalent of a physical attack.
- This is likely to be an attack on computer systems that leads to significant destruction or disruption and even loss of life.
- If a country were hit by a cyberattack of significant scale, it would be within its rights, according to international law, to strike back using conventional military means.
- This doesn't mean that attacks which fail to reach this level of threat are irrelevant. Rather it just means that the country under attack can't justify resorting to military force to defend itself.
- There are other ways of responding to a cyberattack such as sanctions and expelling diplomats as well as firing cyber shots across the bows of the attacking nation.
Who is doing what?
- Russia has a highly advanced offensive cyber programme and has conducted several damaging and/or disruptive cyber-attacks including attacks on critical infrastructure networks.
- China has also used cyberattacks against foreign targets and continues to integrate and streamline its cyber operations and capabilities.
- Iran has already used its cyber capabilities directly against the US with a distributed denial of service attacks targeting the US financial sector in 2012 and 2103.
- North Korea is capable of launching disruptive or destructive cyber-attacks to support its political objectives.
- It's likely that the US has the most significant cyber defence and cyberattack capabilities. Former US president Barack Obama said: "We're moving into a new era… where a number of countries have significant capacities. And frankly we've got more capacity than anybody, both offensively and defensively."
- The UK has publicly stated that is working on cyberdefence and offence projects, and has vowed to strike back if cyberattacks are launched at it.
What are cyber weapons?
- Cyber warfare tools can range from extremely sophisticated to very basic. Many are part of the standard hacker toolkit. For example, a Distributed Denial of Service (DDoS) attack was at the core of the attacks on Estonia in 2007, believed to have been launched by Russian-backed hacker groups.
- Other standard hacker techniques are likely to form part of a cyberattack such as phishing emails to trick users into handing over passwords or other data. For example, these techniques were used to launch the Shamoon virus, which wiped the hard drives of 30,000 PCs at oil giant Saudi Aramco in 2012. It is believed Iran was behind the attack.
- It is rumoured that following revelations about Russian meddling in the run up to the 2016 US Presidential elections, the US developed cyber weapon implants and secretly implanted them in Russian networks. The idea was that they could be triggered remotely as part of a retaliatory cyberstrike in the face of Russian aggression.
- Stuxnet malware was developed by the US and Israel to target the Iranian nuclear programme. The worm targeted specific Siemens industrial control systems that controlled centrifuges in the Iranian uranium enrichment project. It apparently damaged 1,000 centrifuges by making them spin out of control.
- Ransomware might also be considered to be a cyber-weapon. There is some evidence to suggest that Petya ransomware was being deployed to effectively destroy data by encrypting it with no possibility of unlocking it.
What does all of this have to do with me, if anything?
There has been a long time understanding that nation state hackers are not interested in the common consumer. This is no longer true.
- The influence of Russia in the 2016 US election has proved that influencing individuals can lead to powerful results that helps countries shape their strategies.
- At the same time the increasing ubiquity of Internet of Things (IoT) devices provides nation states with a means to control hundreds of thousands, if not millions, of these devices.
- IoT provides attackers with the means to launch very targeted attacks whether as listening tools, points of access to larger networks, remote control of utilities or to install malware in specific homes and buildings.
Whether we like it or not the age of cyber warfare is upon us, and citizens and their devices are likely to be targets just as much as government institutions, power grids, financial organisations, nuclear plants and other critical infrastructure.
There’s not much we can do about this but at the very least we can protect our own devices and homes