Ten Years Since The Outbreak Web War One

Uploaded on 2017-07-03 in NEWS-News Analysis, INTELLIGENCE--International, GOVERNMENT-Defence, FREE TO VIEW

It was ten yeras ago that Russian hackers attacked Estonia, crippling government websites and emails, so that it was unable to counter a Kremlin propaganda blizzard that depicted the Baltic state as a hellhole run by fascists. The attack also swamped online banking and public services.

Estonia, one of the world’s most Internet-savvy countries, soon bounced back. But a decade later, we are still grappling with the new era of increasingly sophisticated digital weapons.

The natural reaction is to look for answers from the nuclear age. We developed weapons of awesome destructive power but we also created a diplomatic, legal and strategic framework that contained them. MAD, mutual assured destruction, plus the non-proliferation treaty and a series of arms-control deals saved us from Armageddon. We should do the same in cyber-space.

The ambition is laudable. The digital arms race is spiraling out of control. Cyber-weapons are getting more sophisticated, just as our dependence on computers and networks is accelerating. 
A few lines of code, maliciously deployed, can bring down an airliner, burn down a house, shut down a power grid or freeze a financial system. In an interlinked, inter-dependent world, all the cyber-powers should have an interest in refraining from such attacks.

Yet the nuclear analogy is misleading. A nuclear warhead, and the missile that delivers it, are open to precise measurement and calculation. So too are the means for stopping them, such as missile defence systems. That meant that the superpowers could put transparency at the heart of nuclear arms control and deterrence, “trust but verify” as Ronald Reagan phrased it.

But digital weapons are invisible and their powers are a matter of guesswork. Cyber-arsenals are necessarily shrouded in total secrecy. If you have the ability to make Vladimir Putin’s mobile phone catch fire in his pocket, by remotely sabotaging the software that controls the battery, you certainly won’t disclose it. He will get a different phone and you must invent another weapon. If Russia’s cyber-soldiers can do the same thing with Donald Trump’s phone, they won’t disclose it either. Until recently countries did not want even to admit that they possessed offensive cyber capabilities at all.
In real-world, “kinetic” in military parlance, warfare you also have a pretty good idea of who is shooting at you. In cyber-space, you may be mystified. Though Nato believes that Russia was behind the attack on Estonia in 2007, the Kremlin disputes it. 

That kind of crude swamping attack can be organised quickly for a few hundred pounds. All you do is rent a “botnet”, a swarm of computers, to send simultaneous phony Internet requests to the target until it crashes. The owners of these computers will have no idea that their machines have been conscripted into a digital renta-mob.
More sophisticated attacks may leave more clues, such as the time zone and language in which malicious software is written. This is why cyber-forensics experts believe Russia was behind last year’s attacks on the American political system.
But these trails of digital breadcrumbs can be faked. The US says that it reserves the right to retaliate to a cyber-attack with kinetic force: i.e., high explosive. That is a powerful deterrent, if the Pentagon can be sure that its response will be directed against the real perpetrator.

Even if you are sure of the attacker’s identity, his motives may be obscure. Nuclear weapons were a binary threat: they are either being used or they are not. Digital techniques are much subtler; the lines between espionage, political competition and outright warfare are blurry. Are you hacking into Mr Putin’s phone to bug it or to blow it up? Or both?

In 2015 it emerged that hackers, said to be Chinese, had broken into the US Office of Personnel Management and stolen 20 million files containing details of current and former government officials. That caused anguish in American spookdom (it’s hard to spy on China when its spy-catchers know who to look out for). But not outrage; the CIA would do the same to China, given the chance.

Perhaps trickiest of all for military planners is that digital weapons may hit energy, financial and transport systems over which they have little or no control. It is one thing to harden your nuclear bunkers against a rocket attack, quite another to fortify your country’s editorial decision-making. A state’s single biggest vulnerability may be individual carelessness with logins and passwords.

The line between political influence and coercion is particularly blurry. Many Americans are furious about the Russian propaganda and other attacks during last year’s presidential election. But Russians would argue that in the 1990s America repeatedly threw its weight behind favoured candidates in Russian elections. It may be unpleasant to be on the receiving end of such tactics, but it is hard to put them in the same category as a missile strike.

A Nato cyber-centre (appropriately in the Estonian capital Tallinn) publishes a thought-provoking law manual for cyber-conflict. Oxford University politics dons are applying their minds to digital security issues too. But the insidiousness and scope of digital weapons makes them more like terrorism than old-style warfare: we civilians are in the front line whether we like it or not.

The Times

You Might Also Read:

How A Nation Became Russia's Cyberwar Experiment:

Hacker, Tailor, Soldier, Spy: Future Cyberwar:

Information Warfare Isn’t Just Russian – It’s Also American As Apple Pie:

 

« App Or Browser: Which Is Safer For Online Banking?
Hacking A Chip With A Wave of Your Hand »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Techmeme

Techmeme

Techmeme is an online news curation service focused on leading edge technology, including cyber security.

CERT-MU

CERT-MU

CERT-MU is the Mauritian National Computer Security Incident Response Team.

Federal Office For Information Security (BSI)

Federal Office For Information Security (BSI)

The BSI (Bundesamt fur Sicherheit in der Informationstechnik) is the federal cyber security agency and the chief architect of secure digitalisation in Germany.

Veridify Security

Veridify Security

Veridify Security (formerly SecureRF), develops and licenses quantum-resistant, public-key security tools for the low-resource processors powering the Internet of Things.

Mi-Token

Mi-Token

Mi-Token is an advanced two-factor authentication solution that offers unparalleled security, flexibility, cost-effectiveness and ease of use.

CRU Data Security Group (CDSG)

CRU Data Security Group (CDSG)

CRU is a pioneer in devices for data mobility, data security, encryption, and digital investigation.

Applied Risk

Applied Risk

Applied Risk is an established leader in Industrial Control Systems security, focused on critical infrastructure security and combating security breaches that pose a significant threat.

VKANSEE

VKANSEE

VKANSEE offer the world's thinnest optical fingerprint sensor for mobile device protection.

National Cybersecurity Student Association (NCSA)

National Cybersecurity Student Association (NCSA)

The National Cybersecurity Student Association is a one-stop-shop to enhance the educational and professional development of cybersecurity students through activities, networking and collaboration.

Fortalice

Fortalice

Fortalice provide customizable consulting services built on proven methodology to strengthen your business cyber security defenses.

ImpactQA

ImpactQA

ImpactQA is a global leading software testing & QA consulting company. Ten years of excellence. Delivering unmatched services & digital transformation to SMEs & Fortune 500 companies.

StarLink

StarLink

StarLink is an acclaimed Value-Added Distributor across the Middle East, Turkey and Africa regions with on-the-ground presence in 20 countries including UK and USA.

GTT Communications

GTT Communications

GTT are a global network provider that serves thousands of multinational and national enterprise, government and carrier customers with a portfolio of advanced connectivity and security services.

Trojan Horse Security

Trojan Horse Security

Trojan Horse Security are specialists in corporate security. Our services include: Comprehensive Cyber Security Analysis, Penetration Testing, Network Security and Security Audits.

ARGOS Cloud Security

ARGOS Cloud Security

ARGOS aims to simplify and strengthen cloud security, by creating a visual map of security vulnerabilities, to your priceless information stored in any cloud provider environment.

Simbian

Simbian

Simbian, with its hardened TrustedLLM system, is the first to accelerate security by empowering every member of a security team from the C-Suite to frontline practitioners.