A noted computer scientist has warned that an all-out cyber-attack could be as deadly as a nuclear strike.
Jeremy Straub of the North Dakota State University warns that hackers have already begun the groundwork for such an assault.
Straub’s warning comes as reports of escalating state-sponsored cyber-attacks have hit headlines around the world.
On June 20th, just hours after Iranian missiles destroyed a US drone over the Strait of Hormuz, the US initiated a cyber-attack on Iran’s security systems.
Then, in a remarkable departure from previous policies, US government officials, through strategic leaks, told the world what the Americans had done.
The incursion crippled Iran’s ability to launch and control its missiles — temporarily, at least.
But experts say the consequences of the raid have permanently changed geo-politics and the way we fight wars.
“A military action got diverted to really becoming a cyber action,” says Haiyan Song, Sr. Vice President for Security Markets at the software company, Splunk. “I think this is really a new way for a lot of countries and nation states to really think about their competitiveness in the military world.”
True enough, many see the attack as an indication of a massive policy shift in the US defense establishment. Perhaps for the first time, in fact, the US military has official permission to launch pre-emptive cyber-attacks against foreign targets.
Last year, reports emerged that US Cyber Command disabled servers used for Russian hacking operations.
The US military reportedly staged the electronic assault on the day of the US midterm elections.
The attack on the servers forms part of a long history of cyber skirmishes between the two nations. Most of the tit-for-tat happens in secret.
Some reports nevertheless claim the US military already has cyber-warfare tools poised within Russia’s power grid.
The Kremlin has meanwhile warned that any US hacking of Russia’s electrical network could trigger a full-blown cyber-war.
Accusations and Threats
The accusations and threats of hacking are not confined between the US and Russia. The US has repeatedly blamed China for a growing number of cyber-attacks on its military and corporate interests.
Two years ago, Chinese hackers went after Australian F-35 defense contractors, stealing information on the cutting-edge US fighter.
More recently, US officials accused Chinese hackers of breaking into the systems of a company that manages IT for other firms.
“China’s goal, simply put, is to replace the US as the world’s leading superpower, and they’re using illegal methods to get there,” FBI Director Cristopher Wray told reporters in December.
The electronic saber-rattling is reaching a crescendo of sorts, and cyber security professionals have begun to take notice.
“This might sound alarmist, but look at what has been happening in recent years, in the US and around the world,” Straub says.
The Guns of August
In fact, the Center for Strategic and International Studies (CSIS) has alleged five significant cyber-related incidents this month:
- Hackers linked to Iranian networks infiltrated several Bahraini government agencies and critical infrastructure providers;
- Western cyber intelligence operatives have discovered a previously unidentified Chinese cyber-espionage group. The group apparently gathers data from foreign firms in industries identified as strategic priorities by the Chinese government;
- Intelligence operatives observed Russian hackers using vulnerable connected devices like printers, VOIP phones, and video decoders to break into high-value corporate networks;
- An unidentified Spanish-language espionage group reportedly stole sensitive mapping files from senior officials in the Venezuelan Army; and
- State-sponsored Chinese hackers conducted a spear-phishing campaign against employees of three major US utility companies.
Straub worries such incidents could ignite a sequence of events that ultimately ends in a full-scale cyber-war.
“As someone who studies cyber-security and information warfare, I’m concerned that …an intrusion in one area that spreads to others … could cause significant damage, including mass injury and death rivaling the death toll of a nuclear weapon,” he says.
“Advanced Persistent Threat”
Straub recalls how, in 2016, hackers breached a US water company’s control systems and altered valve and flow settings.
If the intruders had altered chemical settings, and the changes had gone unnoticed, it could have resulted in mass poisonings.
The following year, cyber-spies infiltrated companies that operate nuclear power plants and energy facilities in the US and other countries.
The US government insists it has not pinpointed the origin of the attack. But both the FBI and the US Department of Homeland Security (DHS) suggest an “advanced persistent threat” actor was responsible.
This, according to the New York Times, is the language security specialists use to describe state-sponsored hackers.
Straub notes that a compromised nuclear facility could result in the discharge of radioactive material and chemicals. He says hackers can even initiate a reactor meltdown.
Experts agree that strong, state-of-the-art cyber-security is required to fend off attacks of the magnitude that Straub describes.
Cyber-weapons are stealth ordnance. They come in the form of silent, inconspicuous zeros and ones.
The malicious codes can bamboozle enemy signals, sabotage military attacks before they occur, and bog down communication systems.
The task of parrying such an assault is not easy.
The problem is like a Japanese puzzle box. Unlocking it may seem like a simple enough proposition. Things take a maddeningly complicated turn the moment you try.
There is in fact an acute shortage of cyber-security professionals worldwide. The workforce is dwindling. With the advent of AI-powered cyber-weapons, the job is meanwhile getting tougher, exacting a startlingly profound human toll.
Depression, burn out, and addiction, have become workplace issues in many cyber-security companies. Suicide rates are on the rise, according to an Axios report.
Straub suggests it will take nothing less than a global effort to ward off possibly catastrophic attacks in the future.
“My concern is not intended to downplay the devastating and immediate effects of a nuclear attack,” Straub writes in an article that appears in the Conversation. “Rather, it’s to point out that some of the international protections against nuclear conflicts don’t exist for cyber-attacks.”
For now, military cyber-security forces are learning to establish and maintain stronger command structures.
They may be our first line of defense in the riveting and dangerous battlefields of the future.
To stay ahead of the enemy, they will need to be at their absolute best.
Do you think the world is ready?