Could Cyberwar Knock Us Back to the Stone Age?

Uploaded on 2015-08-08 in NEWS-News Analysis, GOVERNMENT-Defence, FREE TO VIEW

55-Trends-for-Cyberwar_clip_image002_0000.jpg

Source: davidteffler.com

While there are many aspects of cyberwar worthy of discussion, one area rarely explored is just how dangerous a full-on cyberwar could be to the US, and to global society. Could a cyberwar knock us back to the Stone Age?
For the purpose of our exploration, we will assume that cyberwar doesn't lead to a nuclear or biological war, that the effects resulting from the conflict remain within the bounds of digital means of destruction rather than traditional NBC (nuclear, biological, and chemical) warfare.

Most examinations of cyberwar threat took place before the enormous breach at the US Office of Personnel Management. OPM is, essentially, the American government's HR department.
In June, OPM announced it had been the victim of a persistent penetration that went back at least to March of 2014. More than 21.5 million individual, highly personal personnel records were stolen from the agency, including confidential disclosures by government personnel with security clearances.
In addition to the other data stolen, 1.1 million fingerprint patterns were also grabbed. This means, if you think about it, that since enemy actors had access to fingerprint and personnel systems, they not only could take information, they could plant fake information, as well.

But we've seen the damage even one or two rogue workers can do. Witness the damage Bradley Manning and Edward Snowden have caused, and they were just two relatively low-level government workers. Imagine, instead, the damage that could be caused by workers turned, either because of blackmail based on the stolen OPM data, or enemy agents, complete with government IDs that are confirmed by the now falsified OPM data, inserted into critical positions.
The Edward Snowden revelations have rocked governments, global businesses, and the technology world. Here is our perspective on the still-unfolding implications along with IT security and risk management best practices that technology leaders can put to good use.

This takes our thought experiment to a whole new level. What would happen if we were hit by a devastating cyberattack and the government's continuity systems did not function as expected, because they, too, were compromised?
Let's assume, through a combination of malware, espionage, denial of service, and sabotage, that our national systems were to break down. What then?

Our path down the rabbit hole requires us to identify what sorts of systems would be interrupted. So let's start by assuming the financial system would come to a halt. Stock exchange transactions would stop, and all electronic fund and electronic banking transactions would cease. At that point, checks and credit cards would no longer have value, businesses would no longer be able to operate, and even cash would likely lose its transaction value.

What about communications? Over the past ten years, most of us have moved off of landlines and away from over-the-air broadcast TV (notwithstanding a small group of HD antenna owners). Most of us communicate over mobile services and the Internet. In a catastrophic cyberwar, and for the purpose of our thought experiment, let's assume all communications with the possible exception of ham radio would go offline.
Without financial support and communications, our supply chains would be toast. Goods and services would no longer move across the country. There would be mobs storming supermarkets, hardware stores, and gun shops. Gasoline for vehicles would run out in a matter of days.

National government would cease to function. Instead, the primary governance touch points would be some responsible local law enforcement officers. More likely, we would see feudal governance take hold, where those with the most firepower, survival resources, and physical strength would take power.
Surely other governments would jump in to lend a hand, if for no other reason than a precipitous decline in the US economy would have devastating results worldwide.
Here's where the scenario branches. If the cyberattack were limited to the United States, then it's likely that other governments would involve themselves to a limited extent, if only to regain access to our ability to buy their goods.
This includes China, by the way. Since China's economy is so dependent upon America's (and us upon them), it is unlikely that China would engage in extinction-level cyberwar. In fact, so much of the world's economy is intermingled, that it is actually quite unlikely that most major countries would engage in terminal cyberwar.

That leaves activists, crazies, and highly isolated rogue nations like North Korea. In fact, it mostly leaves North Korea, because even Iran and Russia rely on a functioning world economy. Before we discuss North Korea, let's get one other factor out of the way: the Stone Age. This article asked whether cyberwar could knock us back to the Stone Age. Rather than letting the hyperbole of the question stand, let's understand that the Stone Age preceded humanity's ability to work metal. Cyberwar (without an accompanying NBC event) would not deny us the ability to work metal, even iron and steel.

In fact, if we were to look at how far back something like a universally devastating cyberwar might take us, we'd probably land right around the technology level of World War II. Unfortunately for our postulated post-cyberwar society, nations in World War II were highly structured. For example, England, even during the worst of the London Blitz, was able to function as a nation.

We might not be able to replicate that level of functioning, primarily because our existing modes of communication are now nearly universally reliant on the Internet and digital technology. So we'd have to move back a few centuries, even before the telegraph that Lincoln used so powerfully in the Civil War, to a world where communications relied on fast horses and capable riders. At least bicycles are relatively common in the modern world.

Our worst case, therefore, is a society largely feudal in nature, knocked back in some ways to a technology base roughly akin to those the Founding Fathers had when they revolted against King George.
But could North Korea (again, without nukes or EMP weapons) generate a cyber-event devastating enough to take out all major nations and knock us all back to a pre-telegraph world?

My analysis of North Korea shows the country is indeed capable of mounting a cyberattack, especially if they use resources and agents located outside the nation's physical borders. But could North Korea simultaneously take out digital systems worldwide? First, they don't have the resources. Second, it's far more likely the OPM breach was by China, rather than North Korea.

Any total cyberwar extinction event would have to remove the United States' deep contingency operations, and while China or Russia might be able to turn a few more Snowdens, that's way out of North Korea's capability level. Plus, breaking US contingency planning would take more than a handful of blackmailed government employees.
The enemy's reach would have to be deep and pervasive, and that's simply not going to be able to happen with the depth and pace necessary to unhinge all our preparatory measures.

So let's conclude our thought experiment with a few observations and conclusions. The simple answer is no, cyberwar would not knock us back to the Stone Age. There is no rogue nation or organization with the reach to hit all of modern society across nations, and that's what would be required to push modern society out of the Information Age.

There is no doubt that cyberwar and cyberattacks can be devastating, and have a high financial and operational cost. But there's also little doubt that we would recover, in time.

David Gewirtz is a Director of the US Strategic Perspective Institute.  Twitter: @DavidGewirtz

Ein News: http://bit.ly/1Itgp63

 

« Internet of Things Unlocks Revenue Opportunities
Global Spy System ECHELON Confirmed by Snowden Leak »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Information Technology Association of Canada (ITAC)

Information Technology Association of Canada (ITAC)

ITAC is the voice of the Canadian ICT industry and are dedicated to making Canada a world class, cutting-edge digital society.

ReadWrite

ReadWrite

ReadWrite is a leading media platform dedicated to IoT and the Connected World.

Optimum Insurance

Optimum Insurance

Optimum's Cyber Risk & Data Protection Insurance policies are designed to protect against cyber exposures that arise when a company’s data and customer information is breached or stolen.

Hodgson Russ

Hodgson Russ

Hodgson Russ is a US business law firm. Practice areas include Privacy, Data Breach & Cybersecurity.

Advenica

Advenica

Advenica develops, manufactures and sells innovative cybersecurity solutions for encryption and secure information exchange.

Bundesdruckerei

Bundesdruckerei

Bundesdruckerei specializes in secure identity technologies and services for protecting sensitive data, communications and infrastructures.

CIRT.GY

CIRT.GY

CIRT-GY is the national Computer Incident Response Team for Guyana.

2Secure

2Secure

2Secure is one of Sweden's largest private security companies. Service inlcude personal security, corporate security, information and cyber security.

National Cyber Summit (NCS)

National Cyber Summit (NCS)

The National Cyber Summit is the preeminent event for cyber training, education and workforce development aimed at protecting our nation's infrastructure from the ever-evolving cyber threat.

A-LIGN

A-LIGN

A-LIGN is a technology-enabled security and compliance partner trusted by more than 2,500 global organizations to mitigate cybersecurity risks.

NewGens

NewGens

NewGens is a solution and service provider to banking institutions in the APAC region. Areas of expertise include cybersecurity, AML, fruad prevention, compliance and risk management.

ZEBOX

ZEBOX

ZEBOX is an international incubator & accelerator of innovative startups. Focus is on Transport/Logistics and Industry X.0 including technologies such as AI, Blockchain and Cybersecurity.

Keyless Technologies

Keyless Technologies

Simple, secure, and interoperable authentication. Keyless offers unmatched security, privacy and usability, while reducing risk and infrastructure costs.

Dell Technologies Capital

Dell Technologies Capital

At Dell Technologies Capital we lead investment in disruptive, early-stage startups in enterprise and cloud infrastructure.

Aujus Cybersecurity

Aujus Cybersecurity

Aujas is a pure-play cyber security services company with deep expertise in Identity and Access Management, Managed Security and Security Testing services.

Bores Security Consultancy

Bores Security Consultancy

Bores Security Consultancy are an established family-run business delivering expertise in security and technology.