When I began to post a blog about cyberwarfare for the first time, I did not have much knowledge about this topic. With reading numerous news and academic literature for several weeks, I learned that cyberwarfare is a very interdisciplinary subject, spanning technical, legal, sociological, and political realms, which presents a growing threat to national security. In this final post, I want to summarise understandings of current issues involved and find how they relate to each other in cyberwarfare.
The emerging threat of cyberwarfare
Britain’s military chief Sir Nick Carter warned that “the UK is fighting cyber battles with foreign powers like Russia every day.”
The UK National Cyber Security Centre said that “more than 650 attacks against the UK were tackled in just 12 months, including from rogue states.”
The military and government systems are an obvious target of cyberwarfare campaign. However, because most developed economies rely on digital technology, such as banking systems, industrial control systems and suppliers of critical service, which can be obvious targets from state-sponsored attacks. That means cyberwarfare is not just a threat to data, but potentially to critical national infrastructure, intellectual property and trade secrets, which would disrupt the wider economy. But not all cyberattack focus on disrupting systems directly. Flaherty points out that many assaults are aiming to damage other countries for political aim through disinformation campaigns such as fake news.
In addition, as we connect up more and more devices to the Internet, the rise of the Internet of Things may extend the battlefield into our homes. Connected thermostats, cameras and other devices with sensors could all be used either to spy on citizens or to cause physical damage if they were hacked.
Besides, the cybercriminals or terrorist groups may also receive direct or indirect support from states. And the tools needed to carry out terrorist attacks are increasingly available to purchase or hire online. For now, terrorist groups have mainly used the Internet as a recruitment and propaganda tool. But they could acquire capabilities that enable them to carry out destructive cyberattacks with the support from states.
How to attribute cyberwarfare?
Attribution is a fundamental element of cyberwarfare. Wheeler and Larsen define attribution as “determining the identity or location of an attacker or an attacker’s intermediary”. Attribution is a very demanding and complicated exercise in the context of cyberattacks because of the nature of the cyber domain. It is not only to trace back the attack to its source, but to identify the person who operated the attack, and more importantly to find the real mastermind behind the attack. To give an example, the UK National Cyber Security Centre has exposed a Russian-based cyber hacking gang called Turla this year, who masqueraded as Iranian crooks and carried out attacks on 35 countries. It is unique in its complexity and makes the eventual identification of the operators or the mastermind behind the attack very difficult.
Regarding the technical aspects of attribution, although attribution mechanisms which can trace back the computers that launched the attack are continuously developing, at the same time, the anti-attribution mechanisms are also developing which can hide the provenance of the attack. Thus, technical attribution cannot always identify the person who operated the attack. Tsagourias argues that “in addition to technical investigation, intelligence and information analysis is needed in order to profile the authors of the attack and to provide information about their capabilities and intentions or their links with States or other entities. Moreover, the political climate within which the attack took place or who benefited from the attack need also to be taken into account.”
How does an entity defend itself from cyberattacks?
“The UK government has announced new cybersecurity initiatives through partnership with industry in October to ensure better protection for businesses and the public from cyber-attacks and online threats such as disinformation and cyber-bullying.”
“According to the government, the cybersecurity project has the capability to stop hackers from remotely taking control of computer systems, and help businesses have better protection against cyberattacks and data breaches.”
The national effort will gather the best minds and formulate the effective defence strategy but is also require the cooperation of many government agencies and a huge budget. Fernandez Vazquez et al. suggest an alternative approach, emphasising the information sharing networks between government and business, could help mitigate attacks from states.
O’Connell provides another perspective, stating that educating users on security is a significant part of cyber defence so that they can avoid assisting an attacker. Many cyberattacks start with employees, who are targeted via so-called phishing emails, including a download or link to a malicious site.
Perhaps the safest way to improve security is removing internal systems from the Internet entirely. Bigman says. “Access to the Internet should optimally be physically isolated from the internal network with one-way, tightly secured paths to move data into and out of the internal network.” However, for enterprises where segregating internal networks from the Internet is not feasible, protecting data with encryption and data-loss-prevention technologies can help develop defences to prevent the pilfering of vital data.
Thought for the future cyberwarfare
For now, all cyberattacks are planned and coordinated by people. In the near future, cyberattacks are likely to be carried out by artificial intelligence and drive the next major upgrade in cyber weaponry. Dixon and Eagan point out that “AI’s fundamental ability to learn and adapt will usher in a new era in which highly-customised and human-mimicking attacks are scalable.” We will probably see a full-scale cyberwarfare level event over the coming years.