Global Cyber Conflict Is Close

The announcement of a sixth subterranean nuclear test has the world talking about how to contain the threat of a nuclear -ready North Korea, but there is another concern getting insufficient attention: the potential for full spectrum cyber war.

Just what that might look like is known, but seldom discussed.

Remember the NASDAQ flash crash? It happened on May 6, 2010, at 2:32 pm and lasted for more than 30 minutes. It was a trillion-dollar stock market crash.

At the time, a minority in the cybersecurity community believed that crash was a hack. Some time ago the Washington Post chided the tendency to cry “hacking” when something systemic fails.

“The 2003 Northeast blackout was first blamed on hacking, the 2010 ‘flash crash’ was first blamed on hacking.” That said, James Lewis opined, “Evil mad-genius hackers who want to wreak mass havoc on society because they are in a bad mood don’t exist in real life.”

Fair enough, but evil state-sponsored hackers do want to wreak mass havoc on the societies they deem to be the enemy.

It is probable, not just possible, that cyberattacks will shut down the power grid (that may have already happened in the Ukraine), erase or paralyse financial data systems or cause military equipment to malfunction in the near future.

Certainly very odd

“It certainly is very odd that so many incidents have taken place in a relatively short period of time,” Finnish computer programmer Harri Hursti told me.

Hursti said vulnerabilities in GPS technology would be the logical place to start any investigation into the US Navy mishaps that have plagued the Pacific fleet this year, but pointed out that there was not enough information about the systems used to make an educated guess at what may have happened.

He did go on to say that pseudolites (a contraction of pseudo-satellite) might have been involved, since these mechanisms are capable of sending false information to the kinds of receivers used in marine navigation.

The unpredictability of war

Say what you will about President Trump’s missteps, he’s right about the need for stealth when it comes to wartime decisions. And make no mistake, with or without missiles flying, we are at war with many nation states, although North Korea seems to be first among them.

“A one-time event is unpredictable,” said Ondrej Krehel, CEO and founder of LIFARS, a digital forensics and cybersecurity intelligence firm.

We were discussing the crash of the Navy destroyer USS John S. McCain, specifically the possibility that the “steering failure” experienced by that ship was a hack.

Earlier hacks made it at least conceivable. There was the infamous example where white hat hackers were able to kill the engine of a Jeep driving at the upper speed limit on a highway and still other car hacks, including speculation that the one-car crash that killed journalist Michael Hastings may have been the result of a hack as well.

“Anything is possible,” Krehel said.

“All the systems on a ship are interconnected.” Listing the various modes of possible attack, including a man-in-the-middle take-over of the destroyer’s satellite navigation system, Krehel said the most likely mode was one that would be undetectable, and has not been discussed much in media reports.

“Implants,” Krehel said. “That would be impossible to detect.”

Krehel was talking about cyber organisms that live in memory systems, migrated there through spear phishing campaigns targeted at specific personnel, which is still the most common way this kind of infiltration occurs. The organisms have the ability to create complete system failure, destroying all data in the process, including the bug.

When it comes to cyber protections, it is a truism that for every knock on the front door, there are a thousand-fold attempts at windows, side doors and vents, and human beings are the weakest link in any system.

“The beauty of this kind of attack,” Krehel told me, “is that when it shuts down the system, it is deleted. There is no trace.”

Forewarned is forearmed

In our post-Wikileaks, post-Stuxnet world, we know state-sponsored cyber war exists, and the capabilities are unknowable.
As I’ve said elsewhere, things that look like freak accidents, glitches of technology, could be acts of war. It is simply impossible for anyone outside of the Pentagon to know for sure.

President Trump announced recently that Cyber Command would no longer report to the NSA but would rather, and finally, be elevated to a "Unified Combatant Command." This means that it would be a military operation in its own right, on an equal footing with the other commands overseeing military operations worldwide.

It is up to Defense Secretary Gen. James Mattis to sort out exactly how this will happen, something that may get lost in the shuffle while the world scrambles to get a nuclear muzzle on North Korea. It’s imperative that we stay focused on Cyber Command at such a crucial juncture, because while we look at the sky for scudding missiles, a worm could very well turn off the lights.

The Hill

You Might Also Read

Is A Cyber Attack An Act of War?:

Which Countries Are Ready For Cyberwar?:

« Measuring The Economic Value of Data
Cybersecurity Investigations After US Naval Collision »

Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Free Access: Cyber Security Supplier Directory listing 5,000+ specialist service providers.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Cylance Smart Antivirus

Cylance Smart Antivirus

An antivirus that works smarter, not harder, from BlackBerry. Lightweight, non-intrusive protection powered by artificial intelligence. BUY NOW - LIMITED DISCOUNT OFFER.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

WEBINAR: How To Build A Security Observability Strategy In AWS

WEBINAR: How To Build A Security Observability Strategy In AWS

Thursday, Apr 22, 2021 - Join this webinar to learn how to build a security observability strategy in AWS, covering cloud-native monitoring sources, guardrails, and automation capabilities.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Contrast Security

Contrast Security

Contrast Security is a leading provider of security technology that enables software applications to protect themselves against cyberattacks

J2 Software

J2 Software

J2 Software is a leading African Information Security and ICT business providing information security, governance, risk and compliance solutions.

Silensec

Silensec

Silensec is a management consulting, technology services and training company specialized in information security.

BooleBox

BooleBox

BooleBox is the cloud for business data security that allows to share sensitive files by reducing the risk of external attacks or insider theft.

ERMProtect

ERMProtect

ERMProtect is a leading Information Security & Training Company that helps businesses improve their cybersecurity posture and comply with regulations.

Resistant AI

Resistant AI

Resistant AI protects against evolving online fraud. We connect the dots to provide a new layer of trust and performance for our clients’ systems.

BAI Security

BAI Security

BAI Security is a Nationally Recognized Leader in IT Security. Keeping your data safe and your business compliant is our singular focus.

Cybots Alliance

Cybots Alliance

Cybots MDR (Powered by CyCraft) is leveraging Artificial Intelligence and Machine Learning to advance its detection engines of the cyber threats, so that they can always stay ahead of the attackers.