Is Cyber The Perfect Weapon?

Uploaded on 2018-07-16 in NEWS-Cybersecurity News, INTELLIGENCE--International, GOVERNMENT-National, FREE TO VIEW

Joseph S. Nye, Jr., a former US assistant secretary of defense and chairman of the US National Intelligence Council, is University Professor at Harvard University has this to say…

‘For years, political leaders have warned of the danger of a “Cyber Pearl Harbor.” Thus far, however, cyber weapons seem to be oversold, more useful for signaling or sowing confusion than for physical destruction.

Leaders such as former US Secretary of Defense Leon Panetta have warned of the danger of a “Cyber Pearl Harbor.” We have known for some time that potential adversaries have installed malicious software in our electricity grid. 

Suddenly the power could go out in large regions, causing economic disruption, havoc, and death. Russia used such an attack in December 2015 in its hybrid warfare against Ukraine, though for only a few hours. Earlier, in 2008, Russia used cyber-attacks to disrupt the government of Georgia’s efforts to defend against Russian troops.

Thus far, however, cyber weapons seem to be more useful for signaling or sowing confusion than for physical destruction, more a support weapon than a means to clinch victory. 

Millions of intrusions into other countries’ networks occur each year, but only a half-dozen or so have done significant physical (as opposed to economic and political) damage. 

As Robert Schmidle, Michael Sulmeyer, and Ben Buchanan put it, “No one has ever been killed by a cyber capability.”

US doctrine is to respond to a cyber-attack with any weapon, in proportion to the physical damage caused, based on the insistence that international law – including the right to self-defense – applies to cyber conflicts. Given that the lights have not gone out, maybe this deterrent posture has worked.

Then again, maybe we are looking in the wrong place, and the real danger is not major physical damage but conflict in the gray zone of hostility below the threshold of conventional warfare. In 2013, Russian chief of the general staff Valery Gerasimov described a doctrine for hybrid warfare that blends conventional weapons, economic coercion, information operations, and cyber-attacks.

The use of information to confuse and divide an enemy was widely practiced during the Cold War. What is new is not the basic model, but the high speed and low cost of spreading disinformation. Electrons are faster, cheaper, safer, and more deniable than spies carrying around bags of money and secrets.

If Russian President Vladimir Putin sees his country as locked in a struggle with the United States but is deterred from using high levels of force by the risk of nuclear war, then perhaps cyber is the “perfect weapon.” 

That is the title of an important new book by New York Times reporter David Sanger, who argues that beyond being “used to undermine more than banks, databases, and electrical grids,” cyber-attacks “can be used to fray the civic threads that hold together democracy itself.”

Russia’s cyber interference in the 2016 American presidential election was innovative. Not only did Russian intelligence agencies hack into the email of the Democratic National Committee and dribble out the results through Wikileaks and other outlets to shape the American news agenda; they also used US-based social-media platforms to spread false news and galvanise opposing groups of Americans. 

Hacking is illegal, but using social media to sow confusion is not. The brilliance of the Russian innovation in information warfare was to combine existing technologies with a degree of deniability that remained just below the threshold of overt attack.

US intelligence agencies alerted President Barack Obama of the Russian tactics, and he warned Putin of adverse consequences when the two met in September 2016. But Obama was reluctant to call out Russia publicly or to take strong actions for fear that Russia would escalate by attacking election machinery or voting rolls and jeopardise the expected victory of Hillary Clinton. 

After the election, Obama went public and expelled Russian spies and closed some diplomatic facilities, but the weakness of the US response undercut any deterrent effect. And because President Donald Trump has treated the issue as a political challenge to the legitimacy of his victory, his administration also failed to take strong steps.

Countering this new weapon requires a strategy to organize a broad national response that includes all government agencies and emphasizes more effective deterrence. Punishment can be meted out within the cyber domain by tailored reprisals, and across domains by applying stronger economic and personal sanctions. We also need deterrence by denial, making the attacker’s work more, costly than the value of the benefits to be reaped.

There are many ways to make the US a tougher and more resilient target. 

Steps include training state and local election officials; requiring a paper trail as a back-up to electronic voting machines; encouraging campaigns and parties to improve basic cyber hygiene such as encryption and two-factor authentication; working with companies to exclude social media bots; requiring identification of the sources of political advertisements (as now occurs on television); outlawing foreign political advertising; promoting independent fact-checking; and improving the public’s media literacy. Such measures helped to limit the success of Russian intervention in the 2017 French presidential election.

Diplomacy might also play a role. Even when the US and the Soviet Union were bitter ideological enemies during the Cold War, they were able to negotiate agreements. Given the authoritarian nature of the Russian political system, it could be meaningless to agree not to interfere in Russian elections. 

Nonetheless, it might be possible to establish rules that limit the intensity and frequency of information attacks. During the Cold War, the two sides did not kill each other’s spies, and the Incidents at Sea Agreement limited the level of harassment involved in close naval surveillance. Today, such agreements seem unlikely, but they are worth exploring in the future.

Above all, the US must demonstrate that cyber-attacks and manipulation of social media will incur costs and thus not remain the perfect weapon for warfare below the level of armed conflict.

Project-Syndicate.org

You Might Also Read: 

A Brief History Of Cyber-Deterrence:

NATO Could Go To War In Response To A Cyber Attack:
 

 

« Russia Will Keep Up Cyber Attacks For Geo-Political Influence
What Does The EU Cybersecurity Vote Mean To You? »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CloudHesive

CloudHesive

CloudHesive provides cloud solutions through consulting and managed services with a focus on security, reliability, availability and scalability.

Xage Security

Xage Security

Xage is the world’s first blockchain-protected security platform for Industrial IoT.

CyberSwarm

CyberSwarm

CyberSwarm is developing a neuromorphic System-on-a-Chip dedicated to cybersecurity which helps organizations secure communication between connected devices and protect critical business assets.

MSPAlliance

MSPAlliance

MSPAlliance is the world’s largest industry association and certification body for cloud computing and managed service professionals.

Cyber Range Malaysia

Cyber Range Malaysia

With Cyber Range Malaysia organizations can train their security professionals in empirically valid cyber war-gaming scenarios necessary to develop IT staff skills and instincts for defensive action.

Gijima

Gijima

Gijima is one of SA’s leading ICT companies in Cloud & Outsourcing, Systems integration, Human Capital Management & Training, Cybersecurity, and Unified Communications.

PSafe

PSafe

PSafe is a leading provider of mobile privacy, security, and performance apps. We deliver innovative products that protect your freedom to safely connect, share, play, express and explore online.

Gotham Digital Science (GDS)

Gotham Digital Science (GDS)

Gotham Digital Science is an international security services company specializing in Application and Network Infrastructure security, and Information Security Risk Management.

Apollo Information Systems

Apollo Information Systems

Apollo is a value-added reseller that provides our clients with the complete set of cybersecurity and networking services and solutions.

Eunetic

Eunetic

Eunetic IT security solutions - we secure your websites, emails, domains and data.

NXM Labs

NXM Labs

NXM is a leader in a leader in advanced cybersecurity software for connected devices.

Exacom

Exacom

Exacom is a leading provider of multimedia logging/recording solutions across public safety, government, DoD, energy, utilities, transportation, and security applications.

Panoplia Digital Protection

Panoplia Digital Protection

Panoplia Digital Protection is a cutting-edge cybersecurity company that leverages the power of AI and ML to help businesses and consumers protect themselves against cyber threats.

DerSecur

DerSecur

DerSecur has been engaged in advanced technology activities in the field of Application Security since 2011. We offer R&D technology solutions in the field of SAST, DAST and SCA analysis.

Safe Data Storage

Safe Data Storage

Safe Data Storage offer a fully managed, professional, secure UK-based online backup service to businesses, education and charities.

UKON

UKON

UKON is the free cyber insurance marketplace for MSPs, agencies and partners to turn risk into revenue.