The great technological evolution that has been experimented by humanity in its most recent history has modified the way modern societies interrelate. The gradual miniaturization of computer systems, as well as the great reduction of their prices, allowed computers to permeate almost every aspect of modern everyday life. With the consequent connection of large computerized systems, capital began to disregard geographical limits: large sums enter and exit financial markets instantly, through electronic transactions; With the popularization of the Internet, access to information and knowledge has become immediate and universal for anyone with a connection to it. Evidence of this is the process of globalization, through which we have passed since the end of the twentieth century.
It is observed that in developed countries, the economy, transportation, communication and other companies are integrated in the digital infrastructure. This dependence on a country’s critical infrastructure to the Internet exposes it to the threats of cyber space.
The threat of cyberattacks is a constant challenge for a country’s defense policy mainly because there has been an increase in cyberattacks in recent years. However, as Internet technology still has shortcomings, such as the lack of ability to attribute cyberattacks to a particular country, cybercrime prevention and advocacy is a strategic point for governments today.
As a result of this situation, we can cite the fact that today the vast majority of the main information systems necessary for the functioning of any modern society are interconnected through computer networks. Schwartau defines this phenomenon as being “Computers Everywhere and the Global Network”. These circumstances allow a whole nation to be led to capitulation without, however, any political or military maneuver for that purpose. As an example of what has been said, we can cite the wave of attacks targeting Internet sites of ministries, political parties, banks and newspapers, among others Estonian entities in 2007, due to the country’s disagreement with Russia, which according to Traynor (2007), almost led that nation to collapse. It is therefore clear that, in the context of hostilities between two States, the exploitation of computer networks in the opposing country is an efficient way of gaining advantages over it; In the military context, the exploitation of computerized information systems established by the enemy forces during the course of their operations may lead to a superiority on the battlefield. It is precisely these two situations that Cyberwarfare deals with.
There seems to be no consensus among the authors on the definition of the term “Cyberwarfare”, which can be explained by the relative novelty of the subject. However, a consensual aspect is that in order to occur Cyberwarfare, State sponsorship is necessary, that is, actions originating from an individual with personal motivations can not be considered as Cyberwarfare, although they may be equally harmful.
State-backed hackers, whether they are members of a country’s military or financed by that country, attack computers and networks of the opponent that affect resources needed for war. They do this the same way as any other computer or system: they study the system deeply, discover their failures, and use those flaws to control that system or destroy it. Cyberwarfare targets any major industry for the enemy’s infrastructure. This means obvious sectors such as the army, national defense and the war industry. However, these targets may also be civilian factories of weapons, mines, and other manufactures that assist in the operation of these factories and the electrical system, which provides power for all these sectors.
Like the Cold War’s nuclear weapons, digital weapons can indiscriminately target civilian and military targets. Although a missile causes much greater damage than a virus, cyberattack can, in effect, result in casualties and civilian casualties. It is very difficult to discover the author of a cyberattack; So the governments that fund these attacks do not have to deal with the consequences of their actions. One aspect that makes digital weapons worse than nuclear weapons is figuring out who made the attack. It is very easy to hide the origin of a cyberattack, thanks to proxies that mask the attacker’s identification. Even if the government discovers from which computer the attack was carried out, there is still the difficulty of finding out who the person was behind the screen, and it is even more difficult to know whether or not he was a government agent.
Without attribution, there is no responsibility. If a government can not be blamed for cyberattacks, there is always the possibility that this country will go further and move towards semi-terrorist attacks, such as the interruption of a country’s electric service, or physical (and dangerous) attacks on factories and cities. In both cases, innocent citizens are taking risks.
With this in mind, we seek the definition of cyberwarfare proposed by Parks and Duggan, making the definition of the term clearer and more concise: “Cyberwarfare is the sub-set of information warfare that involves actions taken within the cyber world. The cyber world is any virtual reality contained within a collection of computers and networks. There are many cyber worlds, but the one most relevant to cyberwarfare is the Internet and related networks that share media with the Internet. The closest military definition to our term, cyberwarfare, is a combination of computer network attack and computer network defense, and, possibly special information operations. We define kinetic warfare as warfare practiced in the “real world”. All the tanks and ships and planes and soldiers of current militaries are the protagonists of kinetic warfare.”
It is important to note that the above definition embraces another apparently consensual tendency among authors: the separation of cybernetic (or virtual) and kinetic (or real) worlds. We must consider, however, that although this separation exists, these two “worlds” are interrelated, since actions taken in the cyber world affect the kinetic world and vice versa.
From the work done by Parks and Duggan, we find that some of the principles of classical warfare (kinetic combat) have no meaning in virtual combat, so new principles are needed. The principles proposed by these authors, with their respective denominations are:
• Principle of Kinetic Effect (Cyberwarfare must have effects in the kinetic world): there is no point in triggering any action against cybernetic entities, unless these actions produce some effect in the real world, and this effect translates into advantage.
• Principle of Dissimulation and Visibility (active measures can be taken to disguise themselves in the cyber world, but whatever one does is visible): how any actions taken in the cyber world involve the movement or manipulation of data, and these reside in programs and equipment developed by humans, the very fact that someone tries to trigger cyberwarfare actions means that some bit in some data stream is modified to reflect those actions and the presence of this person. However, this information will only be useful if it can be detected.
• Principle of Mutability (there are no immutable laws of behavior in the cyber world except those that require action in the real world): the real world is governed by the laws of physics; In this way it is possible to predict certain behaviors. In the cyber world, there are no laws to predict types of behavior, due to the chaotic nature inherent in the operation of equipment and programs (physical failures, fluctuations in equipment performance, etc.)
• Disguise Principle (some entity in the cyber world has the necessary authority, access, or ability to perform any action an attacker wishes to perform; the attacker’s purpose is to assume the identity of that entity in some way): Of the cyber world that is not controlled by humans or their tools (such as programs, for example); In this way, there will always be some entity that is able to accomplish what the attacker wants; Thus, it is enough for the attacker to assume the identity of the entity that can perform the desired action, so that the attack is successful.
• The Duality Principle of Armament (tools or weapons of Cyber War are dual in nature): in kinetic combat, tools, equipment and armaments have a single, well-defined use: rifles are used for targeting, casemates for protect yourself and radars to detect the approach of the enemy. In cyber combat, the same tools are used by attackers and system administrators for different purposes: a tool that looks for system vulnerabilities, for example, can be used by attackers to find points that represent opportunities for attack on their target systems, and by administrators to discover the weaknesses of equipment and networks.
• Principle of compartmentalization (both the attacker and the defender of a system control a small portion of the cyberspace they use); And Principle of Usurpation (whoever controls the part of the cyberspace that the opponent uses, can control the opposing one): Parks and Duggan initially proposed the earlier claim as a single principle; Cahill, Rozinov, and Mulé, however, identify the enclosure of two principles. Since all cyberspace is contained in equipment, programs and data flows, all by-products of human labor, any cyber space controls at least the portion of cyberspace comprised between its equipment and programs, and the interface with the communications infrastructure (and rarely controls more than that); If a particular group has control of a service used by the opponent, for example, a server, it can also control the opponent.
• Principle of Uncertainty (cyberspace is neither consistent nor reliable): this principle is related to the principle of mutability; In cyberspace and equipment, let alone programs, will always work in the expected way; So, it is never possible to know, with complete certainty, whether the next step in a cybernetic action will work.
• Principle of Proximity (physical limitations of distance and space do not apply to the cyber world): in the cyber world, actions unleashed on the other side of the world, or the next room, are executed with equal effectiveness; Therefore, physical distances do not constitute an obstacle in the conduct of the attacks.
As we have seen from the above-mentioned, cyber warfare imposes a new reality for military operations. The targets are no longer just personnel and military installations. Now banks, power plants, telephone and telecommunications companies, transportation and logistics systems, emergency and public safety services, among others are potential targets, since the continued unavailability of any of these services would certainly lead a nation to collapse.
Another rule for identifying cybernetic warfare vulnerabilities is to consider that any computerized information system could be the target of an attack, even those that are isolated. According to Alford, the primary means of protecting cyber systems is their physical security. This assertion gains importance when passive defense measures are considered: isolating all critical systems, placing critical operations on hand (can not be performed by software, or automated), reducing the level of system integration (which reduces the number of entries in them), and where this reduction is not possible, keeping the human element in the cycle and stick to potential security holes (communication connections are always the expected gateway for intruders).
Active defense measures involve the use of passwords and authentication, anthropomorphic measures (or security based on biometrics), use of tokens, multilayer authentication schemes (distinct authentication for different access levels), authentication for multiple connections, multiple address authentication and use of monitoring software.
Attack measures, by their very nature, can only be active. Among others, we can mention: password-breaking programs, observation programs, obtaining information, disguising address and identifying the target; attack programs (targeted to a specific system); Targeting programs; Virulent behavior programs, Trojan horses; System overload programs; Direct manipulation of data; And finally, logic bombs (specific code sequences in data files that manipulate programs that access these files).
US intelligence chiefs said that cyberattacks and digital espionage have overtaken terrorism as a major threat to US security. This assessment, included in an annual global threats hearing, covering concerns as diverse as North Korean belligerence and the Syrian civil war, was reinforced by statements by intelligence chiefs before the Senate Intelligence Committee. They have expressed concern that security experts are failing to keep pace with advances in computing. But in a written statement, National Intelligence Director James Clapper has toned down his warnings, minimizing the possibility of a catastrophic attack in the United States.
White House national security adviser Tom Donilon said, citing complaints from US companies about Chinese digital espionage, that this is a growing challenge to US-China economic relations. A private US company released a study pointing to a secret military unit of China responsible for cyberattacks on various US economic sectors. China rejects such accusations and claims to be the victim of digital espionage by the US government. Cyberattacks are estimated to cause tens of billions of dollars a year.
In another hearing on the Senate Armed Services Committee, General Keith Alexander, head of the US Armed Forces Cyber Command, said that cyberattacks on private companies and especially against the US banking industry are escalating. He predicted that the intensity and number of attacks will grow significantly in the past years. Alexander said the Armed Forces are bolstering their cyber warfare teams, thickening them with military and civilians. He said there will be three teams: The National Cyber Mission, charged with addressing threats at the national level; The Cyber Combat Mission, in charge of operational control; And the cybernetic force, which will defend military information systems.
US President Barack Obama would have secretly ordered cyberattacks against Iranian nuclear facilities to intensify. The operation had already been initiated by the administration of former President George W. Bush and codenamed “Olympic Games.” The news was published by The New York Times, from interviews during 18 months with people close to this program. Among them are US, European and Israeli military sources. The program advanced even after the computer virus Stuxnet was accidentally launched in 2010. The virus would have been developed by the United States and Israel to damage the centrifuges at the Natanz facilities, where Iran enriches uranium, says journalist David Sanger, author of “Confronting and Hiding: Obama’s Secret Wars and Surprising Use of American Power”.
But a programming error caused it to spread accidentally over the Internet. Despite this, Obama has decided to intensify attacks against Iranian nuclear facilities, to preclude the development of nuclear weapons and also to contain the urges of Israel for a military attack on Iran. According to Sanger, after Stuxnet’s cyberattack was discovered in 2010, Obama met with the White House with several members of his administration and advisers, including Vice President Joe Biden and the then head of the CIA and current Secretary of State for Defense, Leon Panetta. The attempt to halt the advance of Iran’s nuclear program seemed to be compromised and the president asked, “Shall we stop this?” He was told that it was not clear to what extent the Iranians would know that it was Stuxnet who had caused chaos in Natanz facilities. That is why Obama decided to continue cyberattacks, and in the following weeks, Natanz nuclear facilities were hit by a new version of the virus.
These attacks would have damaged one thousand of the 5,000 centrifuges that at that moment were in operation. The attacks would have caused delays of up to two years in the Iranian nuclear program. The revelation comes in the same week that Russian anti-virus and computer security company Kasperksy announced it has identified a new virus with unmatched ability to cause damage and capture data from computer systems. The capabilities of this powerful virus include monitoring vehicle traffic, recording audio conversations, the record of what is written on the keyboard and other actions.
It is clear that Cyberwarfare is no longer a fiction. The concern shown by countries such as China and Taiwan to set up special units dedicated to the military in the armed forces and the United States of America in seeking to develop doctrine in the area indicate that this field of employment can no longer be disregarded in a modern theater of operations.
There is, therefore, an exaggeration on the part of some governments and of the own media in emphasizing the existence of cyberwarfare when in fact they are in fact most acts of espionage. This exaggeration is very bad for democracy, as governments try to control cyber space more and more in the name of national security. And perhaps some countries end up disrespecting important democratic values such as privacy.
According to Schneier, a cyberattack can be launched by criminals, politically motivated groups, government or private sector spies, terrorists or the military. The tactics are also varied: data theft, easvesdropping, data poisoning, data manipulation, denial of service attacks, sabotage etc. Cyber space is a space of risks, its software is complex and full of failures. Hackers use all their knowledge about the opponent’s failures to carry out the attacks. When these cyberattacks are the result of the political continuation of a country, they could be classified as cyberwarfare. In this way, the political motivation of a country’s conflict is essential for cyberattacks to be characterized as acts of war. In other words, war is not simply a political act, but also an instrument of real politics, the continuation of political trade, an accomplishment of it by other means.
In the context of cyber-prevention studies, some theorists believe that cyber deterrence is the best cyberwarfare prevention option. Many researchers believe that it is more economical to invest in cyber-deterrence policies than to suffer the disastrous consequences of a cyberattack. According to Will Goodman, there are three factors that lead many theorists to opting for cyber deterrence: the potential for cyber wars in the future, the effectiveness of cyber deterrence in other domains, and their low cost.
Cyber deterrence is defined as the fact that an actor gives up using the Internet as the goal of manipulating, degrading, or destroying any portion of a country’s critical infrastructure for two reasons: denial of potential benefits or punishment through reprisals. For the strategy to work, the actor must take into account that cost and risk outweigh the benefits. In addition, the threats must be credible so that the country is able to use its own means of reprisals. For Martin Libicki, US cyber deterrence will only be possible when other countries know what the US military is capable of doing. However, even the current disclosure of US monitoring capability in cyberspace does not make them effective defense.
Although cyber deterrence is recommended, there are several problems in adapting the traditional mechanisms of deterrence in cyber space due to the intrinsic characteristics of the Internet. Among them, we can cite the fact that cyberattacks can be created and launched by anyone since the Internet is an open space. Nevertheless, the enemies can attack without leaving any way of identification, eliminating the possibility of reprisals.
This ability to eliminate and destroy evidence instantly in cyberspace results in the impossibility of assigning the attack to a given country. In the case of cyberattacks in Estonia, for example, the government of Estonia made several statements blaming Russia, however, there was a technical impossibility to state that the attacks were launched at the behest of Russia, since most of the computers that participated in the attacks to Estonia were located in the United States.
On this way, the anonymity, characteristic of the Internet, destabilizes the precise identification of the aggressor, making it impossible for him to suffer the established penalties. The offensive threat of cybernetic capabilities will not deter aggression because if there is no possibility of identifying aggressors, there is no threat to them.
Another issue that inhibits deterrence policy is the fact that cyber space is interconnected and has no precise boundaries. The lack of barriers means that in carrying out the reprisals, the country can also suffer damages in its own cybernetic structure. Thus, both the weakness in the attribution of attacks and the interdependence in the cyberspace hinder the policies of deterrence by punishment.
Faced with the impossibility of assigning cyberattacks to a given actor and knowing their motivations, there is an enormous difficulty in formulating preventive measures. Although some theorists believe it is possible to adopt cyber-deterrent policies as a means of preventing cyberattacks, anonymity makes deterrence impossible because it would be blind prevention because of the lack of appropriate technology. Thus, the lack of cyberattack defense technology prevents sending an effective deterrent message to the enemy, rendering cyber-deterrent threats of reprisal ineffective.
In conclusion, it is noted that to create robust measures to prevent cyberwarfare, companies and governments should invest in technology studies to address the major technical flaws of cyber space. Nowadays, like any other space, the Internet is a risky environment and due to its technical flaws, the best policy to prevent cyber wars would be to reduce dependence on a country’s critical infrastructure to the Internet.
References
GOODMAN, Will. Cyber Deterrence: Tougher in Theory than in Practice? Strategic Studies Quarterly. p. 105.
ALFORD, Lionel D. Cyber Warfare: Protecting Military Systems, p. 97 –124, 2000.
SCHWARTAU, Winn. Information Warfare: Cyberterrorism: Protecting Your Personal Security in the Electronic Age.1996. p.750
TUCKER. Patrick. NSA Chief: Rules of War Apply to Cyberwar, too. Defense One. April 20, 2015. http://www.defenseone.com/technology/2015/04/nsa-chief-rules-war-apply-cyberwar-too/110572/
TRAYNOR, Ian. Russia accused of unleashing cyberwar to disable Estonia. The Guardian. 2007.
SANGER. David E. Obama Order Sped Up Wave of Cyberattacks Against Iran. June 1, 2012. The New York Times. http://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks-against-iran.html
PARKS, Raymon C.; DUGGAN, David P. Principles of Cyber-warfare. 2001.
LIBICKI. Martin C. Cyberdeterrence and Cyberwar. Rand Corporation. 2009.