Hacker, Tailor, Soldier, Spy: Future Cyberwar

In the dead of winter, the electricity goes out. Not just in your town, but in many small towns nearby. After a few hours, power returns, but not everywhere. In some places it’s out for days. 

Hospitals struggle to keep generators running to treat hypothermia sufferers; emergency lines are jammed, preventing ambulances from being dispatched. An overwhelmed police force struggles to maintain calm. What first appeared an inconvenient accident is soon revealed as an act of sabotage: someone wants the power down. Someone is sowing chaos and waiting to take advantage.    

This was the nightmare scenario lurking beneath the recent breathless reporting by the Washington Post that “Russian hackers had penetrated the US electric grid” via a Vermont utility. The specter of foreign invaders lurking in the nation’s infrastructure prompted a statement from Vermont Sen. Patrick J. Leahy: 

“This is beyond hackers having electronic joy rides, this is now about trying to access utilities to potentially manipulate the grid and shut it down in the middle of winter.” Other politicians were equally heated, with Vermont Gov. Peter Shumlin calling Russian president Vladimir Putin a “thug” and saying, “This episode should highlight the urgent need for our federal government to vigorously pursue and put an end to this sort of Russian meddling.”

Soon, though, the Post had to acknowledge that the Russians hadn’t infiltrated Vermont’s power grid after all. The computer in question, a laptop not connected to the grid, reportedly triggered an alarm when a user logged into his Yahoo email account, as millions of people do every day. Experts dismissed the false alarm.

The speed with which politicians rushed to cast blame speaks to a pervasive cultural concern about the vulnerability of interconnectedness. As more devices come online, think of the much-vaunted “Internet of Things,” encompassing cars, refrigerators, dolls, baby monitors, and more, it’s easier to imagine them becoming weaponized, used to disrupt our increasingly digital lives. 

For a certain cast of mind, it’s easier to imagine that everything is connected and vulnerable, even if that’s not the case. At the same time, there are real dangers. When experts talk about often murky concept of “cyberwar,” they’re often tempering understandable paranoia with realism. Like William Gibson’s concept of the future, cyberwar is already here, but it’s not evenly distributed, and certainly not in the fully formed way of actual war.

Take the now-familiar example of hacking the power grid. “There is no single electric grid in the United States,” said Mark Mills, a senior fellow at the Manhattan Institute. There are thousands of grids, both local distribution grids and long-haul transmission grids, and most aren’t connected to the Internet; there’s no universal switch to just turn off the power in the US. 

But Mills also argued that making grids “smarter” and more interconnected increases vulnerability to hackers. While the industry and many regulators understand that risk, there’s still a push to bring systems online, “smarter” is better. Multiple, coordinated attacks could disable multiple grids, increasing chaos and uncertainty.

Once inside the network, hackers can install backdoors to continue wreaking havoc even if they’re discovered. For a sophisticated attacker, that might mean using zero-day exploits, security holes that haven’t yet been discovered and patched. But Scott said that level of technical skill might not even be necessary. Too many small and mid-sized organisations don’t diligently update their software with security patches, he said, “and so they will have the networks completely riddled with exploits ready to go.”

The Northeast blackout of 2003, caused primarily by a software bug, knocked out power to 55 million people; nearly 100 people died, but there was no widespread panic. Scott, too, imagines a situation in which knocking out the power is a prelude to more violent tactics. And to further panic, attackers could disrupt emergency communications. “You could do that by spamming 911, making it so no legitimate calls could get through. That’s easy to do,” he said.

Still, countries continue to spend millions honing their cybersecurity capabilities, both offensive and defensive. Since 2010, NATO has run a cyber-defense exercise called Locked Shields, involving more 550 people across 26 countries, organized from Tallinn, Estonia. 

Participants can work from their home countries, carrying out attacks on a fictional country; defenders try to maintain the country’s servers, online services, and an industrial control system. 

It’s valuable preparation for a series of potentially unfortunate events; forewarned is forearmed, after all. But Singer cautions that we can be prepared for cyberwar without being paranoid about it.

Vocativ:       War In The Information Age:        Jason Bourne: Envisioning A ‘frightening’ Cyberwar:

Ukraine Blackout – The Future Of War

 

« Director's Departure Leaves A Big Hole At GCHQ
Directors Report January 2017. Cyber Security Checklist For Management (£) »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CounterCraft

CounterCraft

The CounterCraft Cyber Deception Platform fits seamlessly into existing security strategies and delivers high-end deception for threat hunting and threat detection.

Odyssey

Odyssey

Odyssey is an ISO 27001 certified, Cyber -Security, Infrastructure and Risk Management Solutions integrator and a Managed Security Services Provider.

Monegasque Digital Security Agency (AMSN)

Monegasque Digital Security Agency (AMSN)

AMSN is the national authority in charge of the security of information systems in Monaco.

SGBox

SGBox

SGBox is a highly flexible and scalable solution for IT security. Choose the modules which your company needs and implement it without any modification to your network infrastructure.

GlobalPass

GlobalPass

Covering 200+ countries with 78 000 databases, GlobalPass provides sophisticated facial biometrics verification and deep screening, delivering peace of mind to every client.

Elron Ventures

Elron Ventures

Elron partner with early stage ventures to build companies that transform lives and industries. Our main areas of focus are enterprise software, cybersecurity, and healthcare.

ISA Security Compliance Institute (ISCI)

ISA Security Compliance Institute (ISCI)

ISCI, a not-for-profit automation controls industry consortium, manages the ISASecure™ conformance certification program for industrial automation and control systems.

Blaick Technologies

Blaick Technologies

Blaick is an Israeli cyber-security company which deploys proprietary Artificial Intelligence threats detection technology for early prevention of online cyber crime.

Gula Tech Adventures

Gula Tech Adventures

Gula Tech Adventures invests in companies and nonprofits that help close the gap in needed technology and workforce to defend the country in cyberspace.

Ironhack

Ironhack

Ironhack provide intensive training courses & bootcamps in Web Development, UX/UI Design, Data Analytics & Cybersecurity.

Boxphish

Boxphish

Boxphish provides a proven solution to reduce Human Error and Cyber Human Risk via automated learning journeys and intelligent phishing simulations.

Cyber-Security Council Germany

Cyber-Security Council Germany

The German Cyber Security Council's objective is to consult businesses, government agencies and political decision-makers and to support them against cybercrime.

Port-IT

Port-IT

Port-IT is a leading partner in cybersecurity solutions tailored for the maritime industry.

Francisco Partners

Francisco Partners

Francisco Partners provide capital, expertise, and support for growth-aspiring technology companies.

Corix Partners

Corix Partners

Corix Partners is a Boutique Management Consultancy Firm focused on assisting CIOs and other C-level executives in resolving Cyber Security Strategy, Organisation and Governance challenges.

CyFox

CyFox

CYFOX is at the forefront of cybersecurity innovation, specializing in providing cutting-edge AI-driven solutions tailored for any businesses.