Global Cyber Conflict Is Close

The announcement of a sixth subterranean nuclear test has the world talking about how to contain the threat of a nuclear -ready North Korea, but there is another concern getting insufficient attention: the potential for full spectrum cyber war.

Just what that might look like is known, but seldom discussed.

Remember the NASDAQ flash crash? It happened on May 6, 2010, at 2:32 pm and lasted for more than 30 minutes. It was a trillion-dollar stock market crash.

At the time, a minority in the cybersecurity community believed that crash was a hack. Some time ago the Washington Post chided the tendency to cry “hacking” when something systemic fails.

“The 2003 Northeast blackout was first blamed on hacking, the 2010 ‘flash crash’ was first blamed on hacking.” That said, James Lewis opined, “Evil mad-genius hackers who want to wreak mass havoc on society because they are in a bad mood don’t exist in real life.”

Fair enough, but evil state-sponsored hackers do want to wreak mass havoc on the societies they deem to be the enemy.

It is probable, not just possible, that cyberattacks will shut down the power grid (that may have already happened in the Ukraine), erase or paralyse financial data systems or cause military equipment to malfunction in the near future.

Certainly very odd

“It certainly is very odd that so many incidents have taken place in a relatively short period of time,” Finnish computer programmer Harri Hursti told me.

Hursti said vulnerabilities in GPS technology would be the logical place to start any investigation into the US Navy mishaps that have plagued the Pacific fleet this year, but pointed out that there was not enough information about the systems used to make an educated guess at what may have happened.

He did go on to say that pseudolites (a contraction of pseudo-satellite) might have been involved, since these mechanisms are capable of sending false information to the kinds of receivers used in marine navigation.

The unpredictability of war

Say what you will about President Trump’s missteps, he’s right about the need for stealth when it comes to wartime decisions. And make no mistake, with or without missiles flying, we are at war with many nation states, although North Korea seems to be first among them.

“A one-time event is unpredictable,” said Ondrej Krehel, CEO and founder of LIFARS, a digital forensics and cybersecurity intelligence firm.

We were discussing the crash of the Navy destroyer USS John S. McCain, specifically the possibility that the “steering failure” experienced by that ship was a hack.

Earlier hacks made it at least conceivable. There was the infamous example where white hat hackers were able to kill the engine of a Jeep driving at the upper speed limit on a highway and still other car hacks, including speculation that the one-car crash that killed journalist Michael Hastings may have been the result of a hack as well.

“Anything is possible,” Krehel said.

“All the systems on a ship are interconnected.” Listing the various modes of possible attack, including a man-in-the-middle take-over of the destroyer’s satellite navigation system, Krehel said the most likely mode was one that would be undetectable, and has not been discussed much in media reports.

“Implants,” Krehel said. “That would be impossible to detect.”

Krehel was talking about cyber organisms that live in memory systems, migrated there through spear phishing campaigns targeted at specific personnel, which is still the most common way this kind of infiltration occurs. The organisms have the ability to create complete system failure, destroying all data in the process, including the bug.

When it comes to cyber protections, it is a truism that for every knock on the front door, there are a thousand-fold attempts at windows, side doors and vents, and human beings are the weakest link in any system.

“The beauty of this kind of attack,” Krehel told me, “is that when it shuts down the system, it is deleted. There is no trace.”

Forewarned is forearmed

In our post-Wikileaks, post-Stuxnet world, we know state-sponsored cyber war exists, and the capabilities are unknowable.
As I’ve said elsewhere, things that look like freak accidents, glitches of technology, could be acts of war. It is simply impossible for anyone outside of the Pentagon to know for sure.

President Trump announced recently that Cyber Command would no longer report to the NSA but would rather, and finally, be elevated to a "Unified Combatant Command." This means that it would be a military operation in its own right, on an equal footing with the other commands overseeing military operations worldwide.

It is up to Defense Secretary Gen. James Mattis to sort out exactly how this will happen, something that may get lost in the shuffle while the world scrambles to get a nuclear muzzle on North Korea. It’s imperative that we stay focused on Cyber Command at such a crucial juncture, because while we look at the sky for scudding missiles, a worm could very well turn off the lights.

The Hill

You Might Also Read

Is A Cyber Attack An Act of War?:

Which Countries Are Ready For Cyberwar?:

« Measuring The Economic Value of Data
Cybersecurity Investigations After US Naval Collision »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

WEBINAR: 2024 and Beyond: Top Six Cloud Security Trends

WEBINAR: 2024 and Beyond: Top Six Cloud Security Trends

April 4, 2024 | 11:00 AM PT: Join this webinar to find out about six emerging trends dominating the cloud cybersecurity landscape.

SiteLock

SiteLock

SiteLock is a global leader in website security solutions. We provide affordable, cybersecurity software solutions designed to allow small to midsize businesses to operate without fear of an attack.

Avast Software

Avast Software

Avast Software is a security software company that develops antivirus software and internet security services.

High Sec Labs (HSL)

High Sec Labs (HSL)

High Sec Labs develops high-quality, cyber-defense solutions in the field of network and peripheral isolation.

KayHut

KayHut

KayHut is a young, innovative company engaged in cyber research and security solutions.

Cybertech

Cybertech

Cybertech Conference & Exhibition presents commercial problem solving strategies and solutions for the global cyber threat that meet the diverse challenges for a wide range of sectors.

National Security Authority (NBU) - Slovakia

National Security Authority (NBU) - Slovakia

The National Security Authority (NBU) is the central government body in Slovakia for the Protection of Classified Information, Cryptographic Services, Trust Services and Cyber Security.

Matrix42

Matrix42

Matrix42 software for digital workspace experience manages devices, applications, processes and services simple, secure and compliant.

Zuratrust

Zuratrust

Zuratrust provide protection for all kinds of email related cyber attacks.

Dataprovider.com

Dataprovider.com

Our Brand Protection Suite gives you the tools to discover trademark infringement on the Internet, such as websites selling counterfeit products, even when this is not immediately noticeable.

Newtec Services

Newtec Services

IT should be responsive, adaptive, and smart. Now more than ever, you need a business that runs efficiently and can adapt to today's challenges. We can help with custom IT solutions.

RocketCyber

RocketCyber

RocketCyber is a Managed SOC platform empowering Managed Service Providers (MSPs) to deliver security services to small and medium businesses.

Belcan

Belcan

Belcan is a global supplier of engineering, manufacturing & supply chain, workforce and government IT solutions to customers in the aerospace, defense, automotive, industrial, and private sector.

FastNetMon

FastNetMon

FastNetMon is a very high performance DDoS detection and mitigation tool which could detect malicious traffic in your network and immediately block it.

Resourcive

Resourcive

Resourcive is the first Value Added Sourcing “VAS” consultancy. We deliver strategic IT sourcing solutions to mid-market and enterprise clients.

InfoSec Brigade

InfoSec Brigade

InfoSec Brigade offers a suite of specialized solutions that help businesses to mitigate risk by integrating cyber and IT security protocols with business goals.

OutKept

OutKept

OutKept offers the highest quality phishing simulation campaigns, supported by a community of ethical phishers, to build awareness, and maintain alertness.