Pro-Tech Me: A Series

Source: http://www.slate.com/articles/technology/future_tense/2016/03/are_we_headed_for_cyber_world_war_i.html

Cyber War, Cyber Espionage, Cyber Terrorism, Cyber Space — all terms circulating the news daily, but do we really understand these concepts?

When dealing with the topic of “cyberspace” many people may be inclined to see it as new and different, which can at times make it seem like we are walking through unknown territory that brings never-before seen challenges. This can give way to exaggerations in the way the topic is analysed and dealt with. Wonk Bridge has thus decided to embark on its latest project: Pro-Tech me. A series of articles that aim to strip the topic down to its basics, and get a more accurate picture of how cybersecurity interacts with the fields of International Relations and War studies. (SEE BELOW: How to get involved?)

Before venturing into the project, we thought some background may be useful.

Source: https://theweichertreport.com/2016/10/22/the-u-s-needs-a-preemptive-cyber-warfare-doctrine/

What does warfare look like in cyberspace?

Cyberwarfare is a difficult notion to define due to its ambiguity. Both the concept of “cyber” and “warfare” are terms that are slapped onto a variety of cases yet fail to offer a clear meaning. Therefore instead of defining the term, we will show you what it tends to encompass.

1. Aims: Cyberwarfare is generally considered to be the use of Computerised Network Attacks (CNA) or Computerised Network Exploitation (CNE) against a State to achieve a political objective.
2. Tools: Computerised Network Operations (CNOs) comprise the tools used to conduct cyberwarfare. Two types of network operations are CNAs and CNEs:

Computerised Network Attack (CNA)

• A CNA is “The deliberate disruption or corruption by one state of a system of interest to another state”. Disruption entail networks that are “tricked into performing systems that impede their functionality”. Systems that are corrupted occur when “data and algorithms are changed to the detriment of their correct functioning”. These attacks are generally manifested in three ways:
• Network attacks: This occurs when “a flood of traffic from a large number of systems” are directed toward a network to “crash or disrupt network access”. These are known as Distributed-Denial-of-Service(DDOS) attacks.
• Basic Malware: This includes viruses, phishing scams, and worms. “A computer program that employs numerous surreptitious means to open up an access point, transmit data, and/or disrupt the way that target systems behave”
• Advanced Malware: This type of malware is normally produced by nation-states. This is due to the amount of research and development required to build and test this complex malware. An example is the worm “Stuxnet” used against Iranian nuclear facilities. This advanced malware is described below.

Major International Computerised Network Attacks

Stuxnet

• Stuxnet is a worm that infected Iranian nuclear facilities in Natanz around 2010. Its objective was to covertly destroy a select number of nuclear centrifuges without any attribution. The strategic aim of Stuxnet was to curb Iranian production of weapon grade uranium by undermining confidence in their nuclear facilities. The worm eventually spread to the world wide web and was picked up by cyber-security experts. The United States and Israel are normally credited for its production.

Saudi Aramco

• In 2012 the most valuable company in the world, worth over $8 trillion dollars and a yearly revenue of over $300 billion was attacked. Saudi Arabian Oil Company, otherwise known as ‘Aramco’, was the victim. According to experts it was hit by one of the most critical CNAs in recent history. A virus infiltrated the companies internal networks via a phishing email during the holy month of Ramadan. After subtle sabotage of the network the virus began to shut-down computers. The company, unable to purge the network of the virus, was forced to recall its 35,000 computers from operation. It loss the ability to operate with 21st century technology. Instead it had to rely on typewriters and fax machines. The CNA disrupted the company’s day-to-day operations, virtually paralysing its ability to function. Only after five months was Aramco able to re-install its computer infrastructure- suffering untold losses.

Computerised Network Exploitation (CNE)

Another tool used in cyberwarfare are ‘Computerised Network Exploitations’ (CNEs). A CNE is identified when “states steal data from other states”. Generally a more complicated form of hacking with a political objective behind it. Hacking not for the sake of creating chaos but rather to achieve a greater political aim.

Continue following the series to read about more major international Computerised Network Attacks and Exploitations. Join us as we cover the development of Computerised Network Defences to challenge these threats from a wide range of actors and analyse their successes and failures.

Source: https://www.flickr.com/photos/army-cyber/35385846032/

Who are the major players?

It is now unusual to encounter a state or an organisation who has not at some point or another encountered issues of cybersecurity, and done something to address them. We live in a world where our every move comes in contact with some form of computational technology. Actors have now realised the huge potential that comes with being advanced in the cyber domain, whilst at the same time see the real threat to them if their cyber defences are weak.

As a result, we have seen a rapid and massive proliferation of cyber capabilities- be that defensive or offensive, as actors either try to adapt and remain resilient to the threats that may emerge in the cyber domain, or try to take advantage of these cyber capabilities to further their aims.

We can briefly divide the main players in the cyber domain into three categories:

States

Perhaps the main actor that tends to come to mind when discussing the security implications facing the cyber domain. According to the World Economic Forum, the states with the most developed cyber capabilities are the United States, China, Russia, Israel and the United Kingdom. However, this is not to say that states not included within this list, do not possess the capability to wreck serious damage. For instance, Iran is thought to have been behind the series of attacks on American Financial Institutions in 2011 and 2012, and having attempted to attack a dam in the state of New York.

Private Sector

Crucial actors in this discussion- seeing as most critical infrastructures are privately owned. If any serious discussion is to take place in regards to cyber war, cyber espionage, and cyber security, the role of the private sector must be addressed. Just think of the recent cyber attacks on Deloitte and Equifax.

Non-State Actors

These can include a range of groups, but the ones that are often talked about within this category are criminal organisations, terrorist organisations, and cyber espionage groups. As a way to maintain plausible deniability, states often relegate the actual attack to a non-state actor. This can be seen in the case of the DNC hack. The actual hack was perpetrated by a cyber espionage group known as “Fancy Bear”, but they were later associated with the Russian intelligence services.

How to get involved?

Here at Wonk Bridge we value and welcome contributions as they provide us with a broader view of the world. For Pro-Tech me to work, we require these contributions, so we ask you to be part of it.

Pro-Tech me aims to look at the following questions:

• Which is more advantageous: Offensive or Defensive Cyber-Operations?
• Can a Computer Network Attack be considered an act of war?
• Are Computer Network Attack’s most effective as a force enablers or stand-alone operations?
• Can a Computer Network Attack be considered a weapon of mass destruction
• Should cyberwarfare doctrine be based on deterrence, as was previously seen in the nuclear age?
• To what extent can collateral damage be mitigated in a Computer Network Attack?
• What does cyberterrorism look like? Is there such a thing?
• Are Computer Network Exploit’s fundamentally different than traditional espionage?
• How does the attribution problem impede reaction by the international community?
• What should NATO’s threshold of retaliation be against Computer Network Attacks?

We are open to other case studies, and questions which you want to find an answer to.

We look forward to reading your submissions!

For further details send us a message to editor@wonkbridge.com or contact us through our Facebook page (@wonkbridge).

Authors: Cyber-security editors Sofia Liemann and Nicolas Seidman are 3rd Year War Studies students at King’s College London.