World Cyberwar I

Minor skirmishes in preparation for an all out cyberwar have been taking place in the Middle East for a number of years now. Since the Stuxnet attack on Iran’s nuclear facilities in 2010, the region has seen a number of attacks on key infrastructure. These attacks have been troubling but have intentionally been kept at a level to irritate but not mitigate. No nation in the region will declare an all out cyberwar unless they are already in a declared conventional war. The reason for this is that cyberwar is a zero sum enterprise. All the major players have cyber weapons that could severely damage the infrastructure of the other players. Attacking a rival nation will almost certainly bring an identical cyber response from the attacked nation. It’s the only factor that has kept most of these attacks at the espionage level. There have been a few exceptions, such as the Iranian attack on Saudi Aramco last December, but such attacks have been heavily obfuscated to the point where absolute attribution cannot be assigned. Maybe, but most cybersecurity experts have little doubt that Iran was behind the Aramco attack.

Now, the situation may have changed. Israel has put Iran in its sights. It will only take one key event by either adversary to set off a chain reaction that will lead to the first declared cyberwar. I suggest that the situation is similar to the state of the world before World War I. In that scenario, one event, the assassination of Austria’s Archduke Ferdinand by a schoolboy, triggered preset alliances into a wartime footing.

In World War I, the assassination of the Archduke forced the Austro-Hungarian Empire to declare war on Serbia. However, Serbia was aligned with Russia, which, in turn, declared war on the Austro-Hungarian Empire. The entrance of Russia into the fray led Germany to declare war on Russia. France, then, declared war on Germany and the Austro-Hungarian Empire. Germany, then, invaded France, which pulled Great Britain into the war. Japan, The United States, and Italy entered the war later.

In the Middle East, Iran is allied with Syria, Lebanon (Hezbollah), the Palestinian Authority, and Russia. It considers Israel, Saudi Arabia, and the US as its enemies. Egypt has grown closer to the US and has historic animosity towards Iran. Turkey is in a tough position. Although Turkey has traditionally been antagonistic towards Saudi Arabia, they have a common enemy in Iran, which may be enough to pull Turkey into any conflict that develops. Turkey has always wanted Assad out as the leader of Syria and resents the fact that both Russia and Iran are helping him maintain his power. The United Arab Emirates has mixed feelings towards Iran. Iraq has been friendlier towards Iran after Saddam Hussein’s departure, but they have enough problems to solve in their own country and will likely try to avoid being drawn into any conflicts. The US will stand with Israel. Whether the US’s European allies will offer more than moral support is difficult to say, but they may be drawn in under some circumstances. Interestingly, the only major country that might be able to avoid this conflict is China.

So who are the greatest cyber powers among these operatives? The US must be considered as the strongest with Russia second, Israel third, and Iran a close fourth. All are among the world’s top cyber powers and each is able to deliver devastating cyber attacks.

An official declaration of war would not be necessary for an all out cyberwar to begin. If confrontations between major participants are severe enough to threaten the existence of one of the parties, cyberwar will ensue. Any nation pushed into a corner will use whatever weapons it has at its disposal as it would believe it would no longer have anything to lose. Here, briefly, are the types of attacks that would take place during such a cyberwar.

Attacks on Industries Related to the War Effort

Don’t expect the target to be obvious. It may not be a main aerospace industry that is attacked, but a smaller industry that makes a key component. A sophisticated attack would attempt to alter the parameters of such components so that they malfunction when used. This is basically what Stuxnet did to Iran’s centrifuges. Most participants would try to find ways to cause weapons to misfire. Russian hackers infected an app that helped the Ukrainian artillery hit targets. They purportedly infected the app to send out geolocation signals which, in turn, transformed the artillery into targets. Some have claimed that Russia is using Ukraine to hone their cyberwar skills.

There are other ways to target key industries. They may be hacked to get information that can be used by the adversary. They may be undermined with a DDoS attack so that their internet connectivity is disrupted. Or, their networks may be injected with malware that can either hold crucial information for ransom or destroys it outright.

Attacks on Infrastructure

 Infrastructure attacks are the scariest aspect of an all-out cyberwar. Most people think such an attack would simply mean that their lights go out for a while. However, it is far worse than this. Here are some implications of such an attack on a power grid.

Financial Breakdown

Without electricity, how will you use an ATM machine? How will companies and banks transfer money? How will the stock market operate? Forget about using your credit cards. It will be back to a cash-only society and stores will not be able to use cash registers. Cashiers will have to mechanically add up prices and figure out how much change to give you. Imagine waiting in those lines. If you use your smartphone for banking, that will only work until the battery runs down and assuming the internet is still operating. But that won’t matter because if you expect your pay to be electronically transferred to your bank account, it won’t be.

Transportation Breakdown

 You can imagine the chaos that would ensue if all traffic lights were suddenly turned off (or, in some scenarios, all turned to green). Trains and planes could not operate. Gas pumps could not pump gas. People could die in plane crashes when air traffic controllers cannot communicate with pilots. Others could be trapped in elevators and subways. In short, all transportation, other than bicycles, will come to a stop.

Health Breakdown

Hospitals have generators which will operate as long as their fuel supplies last. The lives of patients on life support systems will be in continuous jeopardy. Food will spoil as freezers stop operating. If the grid stays down for a long time, starvation may become a problem. Water pumps will stop. Water purification systems will not operate. Toilets will not flush. Sewage treatment systems will fail. Ambulances will not be able to save the rapidly increasing number of accident victims, either because roads will be blocked with abandoned vehicles, or fuel would be impossible to come by. Without streetlights and alarms, crime will certainly begin to rise.

Industrial Breakdown

Industries will be unable to operate. Manufacturing will stop. Important products, such as canned foods, would not be produced. Weapons and their components would no longer be manufactured. Basic commodities, such as oil, iron, and grains would not be available if such attacks continue for a long time. Large farms would be unable to supply food processing plants with their produce as they could not transport their crops. Without feed, animals will die.

industry attacks

Information Breakdown

Normally, the first hacks that occur in a war are those on media. Adversaries will try to infiltrate each others media in order to shut the outlets down, disseminate misinformation, or spread propaganda. Social media accounts will be hacked to make major players in the conflict look bad. High profile government agencies will be breached to make them look incompetent and vulnerable.

If the past is any indication of the future, the following graph shows the sectors most likely to be affected by an infrastructure attack.

cyber attack sectors

 

It seems evident that a full out conventional war will now incorporate cyber weapons. However, it is also possible that a serious cyber attack could cross the digital-analog divide and precipitate a conventional war. After all, if a country’s citizens were killed or seriously threatened by a cyber attack, there would be justifiable reason to retaliate physically. Indeed, this has already been taken into account by the members of NATO. In 2014, the NATO members agreed that a serious cyber attack on any of its members would trigger Article 5. Article 5 states that any “attack against one or more of them in Europe or North America shall be considered an attack against them all”. So could a serious cyber attack on the US pull NATO members into a Middle East fray? That certainly seems possible if the cyber attack was severe enough.

But is it really possible to launch a cyber attack that is devastating enough to start a war? Maybe, but it would be difficult to organize without being discovered and it would be so costly that it could probably only be pulled off by a nation-state. Even if the attack was successful, it may not be sustainable. Sustainability is crucial for devastating damage to occur. The BlackEnergy Trojan attack on the Ukraine, probably the largest such attack in history, only managed to cut off power to about 1.4 million people for a few hours: A bad, but not devastating attack, which probably cost more to organize than what it was worth.

Sustainable attacks, lasting 6 months to a year or more, are said to possess the potential to kill large numbers of people. According to former director of the Central Intelligence Agency (CIA), R. James Woolsley, in a widespread, sustained attack, “two-thirds of the United States population would die. The other estimate is that within a year or so, 90% of the U.S. population would die. We’re talking about total devastation. We’re not talking about just a regular catastrophe.” Although most experts consider this an exaggeration, numbers in the 10 to 20 million range are quite plausible.

As you are reading this, Israel’s elite cyber intelligence group, Unit 8200, is practicing defending itself against anticipated Iranian cyber attacks. Cybersecurity firm, CrowdStrike, has reported a sharp increase in malicious cyber activity coming out of Iran. No longer constrained by the nuclear agreement, they feel emboldened to attack adversaries and especially the US. Both Israel and the U.S. will be attacked. They will, in turn strike back. Israel’s prime minister, Netanyahu, professed that “Whoever hits us will get hit seven times over. Whoever prepares themselves to attack us will be attacked first. That is what we have done and that is what we will continue doing.” If Iran’s cyber attacks are met with this type of resistance, it will be a short path from incident to full out war.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s