The evolution of cyber attacks has raised the profile of cyber warfare. For example, one cyber attack against state-owned Saudi Aramco almost destroyed the company’s entire computer system. The attack was rated as being capable of causing $150 billion in damage, which would rank it equally among the world’s top 20 most expensive disasters of all time. But now, nations are starting to squeeze those who make the hacking tools to reduce the number of attacks. Is this the right strategy?
First Published 23rd March 2017 | Latest Refresh 1st December 2021
"Look President, LOOK!! I'm phishing the enemy! Phew... Phew... Phew!!"
4 min read | Reflare Research Team
In this report, we look at the public perception of cyber warfare, how it has changed in recent years, and what these changes indicate from a forecasting perspective.
Early Interpretations
The concept of warfare wrought through computer systems is decades old and has captured the public imagination since at least the early 1980s when the movie WarGames was released. The movie conveniently also illustrates the perception that cyber warfare held for most of the time since then: A computer system directly controlling conventional or nuclear weaponry is compromised or at least disturbed by a hacker, leading to all-out use of physical force.
This image persisted from the 1980s all the way into the early 2010s. Even during the Russo-Georgian War of 2008, when allegations that Russia had used cyber attacks to shut down parts of Georgia’s broadcasting and civic infrastructure surfaced, the perception that this was merely a step towards cyber-attacks leading to the application of physical force held.
A Shift in Perception
From the mid-2010s, this perception began to shift, as cyber-attacks from governmental actors became more common. The primary concern is now given to targets such as the electricity grid and internet infrastructure of a nation as well as indirect attacks, using information gathered during attacks to discredit targets in the public eye. Comparatively little is said about weapons systems being compromised. What caused this shift?
For one, precedents were set. The US election of 2016 and interference by hackers who released private emails from Clinton’s team, temporary internet outages due to an attack on central DNS servers earlier in 2016, alleged North Korean involvement in hacks against Sony in 2015 and alleged Russian involvement in hacks against Yahoo in 2014 are the most notorious examples.
These attacks managed to have a significant impact on their respective targets. The temporary DNS outage highlighted how many businesses are ultimately dependent on working internet connections and how much damage can be done by jamming them. At the same time, the identity of the attackers behind each of these major attacks has not so far been proven by a court (an indictment has been issued for the Russians allegedly involved in the Yahoo attacks). The difficulty of proving the identity of the attacker during cyber attacks has turned out to be one of their major strengths when used by government actors.
The effectiveness of an attack is measured as the cost-performance between effort, impact and consequences. While leveraging cyber attacks into conventional warfare might have a higher impact, the current style of low-effort and low-consequence operations appear to be more cost-effective at this point in time.
Secondly, many weapons systems - especially those controlling nuclear arsenals - are ancient by the standards of computer technology. Nuclear control systems often rely on floppy disks or in some cases even punch cards. Much of the technology predates the concept of computer networking. For all practical purposes, these systems are thus air-gapped and incredibly hard to attack even for a well-versed and funded attacker.
Governments Make a Move
There is a belief in many governments that if you limit the supply of hacking tools, you will intern reduce the number of cyber security warfare attacks. Furthermore, it's been no secret that the United States has been pushing to limit the international production of hacking tools since the Obama administration. Now, we are starting to see this strategy be executed.
In 2021, one of the highest profile companies to feel the heat was Israel's NSO Group, producer of the Pegasus spyware. It is reported that Pegasus has been used to conduct surveillance on international journalists, foreign dignitaries and civil society groups in many different countries, as well as the odd ex-lover. Therefore, it only makes sense for nations to put pressure on Israel to reign in 'NSO and friends', and that's exactly what has happened.
According to the Washington Post, Israel's Ministry of Defence has reduced the number of nations its companies can sell spyware tools to (without government-issued licensing) from 102 down to 37. Likewise, the United States has banned US companies from selling commercial hacking tools to several countries, including China and Russia.
There are firm moves from governments to limit the supply and cross-border sale of such tools, but is this going to deliver the results they expect? Limiting the availability of these sophisticated products is one thing, but having an unaware employee click on a phishing attack still remains one of the most successful methods for breaching state-owned assets. Just ask Saudi Arabia's Saudi Aramco, who some year back fell victim to a massive breach for "crimes and atrocities in various countries across the world". Interestingly, Saudi Aramco still finds itself being successfully hacked. It is both reasonable and unreasonable to assert that this attack could be conducted under the guise of a persistent nation-state. But like so many hacks, the true origin is incredibly difficult to identify.
Forecast
While it is virtually impossible to make an exact prediction regarding the future of cyber warfare, we are at this point in time operating under the assumption that the current style of using cyber attacks to bring down network infrastructure or acquire damaging information will be the primary style for the foreseeable future.
Suppose an enemy’s political parties and economic infrastructure can be severely impacted with relatively easy and hard-to-prove attacks. In that case, targeting the exponentially better-secured conventional weapons systems makes no economic sense.
This is not to mean, that cyber warfare does not have troubling prospects. Any country that has its networking connectivity completely crippled would effectively experience a sudden double-digit percentage drop in economic activity. This impact - if sustained - would have economic effects similar to those of a nuclear strike but without causing the immediate repercussions that nuclear warfare would entail.