Over the years, we have seen an escalation in the series of hacks on health care services, power grids, nuclear plants and our privacy, with no respite. The threat is not just from China alone. It could be from North Korea or, as a matter of fact, from any state or non-state actor. This intent is to destabilize a country.
Cybersecurity is critical for national security and requires indigenization, and the cybersecurity framework of a nation should aim to provide a safe, secure and resilient system for the country’s prosperity. Cybersecurity is not the responsibility of an individual or an organization, but of the country as a whole. It is a culture that has to be inculcated. Furthermore, government ministries should be cognizant of the latent threat of cyberwarfare and not behave like an ostrich!
This article walks you through the possible cyberwarfare tactics that could be the knockout blow for democracies around the globe.
The Future of Cyberwarfare
We live in a highly connected world. Most of the cities across the globe are connected to computerized systems that connect vehicles, traffic, utility services, people and the government to one another. These connections are themselves connected to grids that manage the networks efficiently; be it the energy grid, the finance grid or the transportation grid, all are connected, interdependent and, sometimes, connected to a super grid.
However, a super-connected smart nation also means security threats that have the potential to destabilize, or at least disrupt, the country. A potential vulnerability on one grid can have a multiplier effect that impacts them all.
The Cost of Deterrence
Most countries are substantially equipped with weapons of mass destruction. The Federation of American Scientists estimates that Russia possesses 6,800 nuclear weapons, while the United States has 6,185, India has 150 nuclear warheads, while China and Pakistan have 320 and 160, respectively. Certain countries have significant military advantages, with thousands of troops and an advanced infantry, and also are armed with possible allies.
India’s latest – and one of the most advanced – medium range artillery guns, the ATAGS Howitzer, comes at a price of USD $3 million; each artillery shell costs USD $14,000. On the other hand, developing a cyber weapon is quite cheap and easy. The Top 10 VPN Hacking Tools Price Index found malware that can be bought for $45, while tutorials on building an attack are available for a mere $5. Considering the fact that, if a nation-state sponsors such attacks and bears the cost, $1,000 to buy a single component for a zero-day exploit or $28,000 for a cell tower simulator kit to intercept call data seems insignificant.
Cyberwarfare is unlike any war we have witnessed, and will almost certainly be a tragic part of our future. In fact, it has already begun. Cyberwarfare, put simply, will include fighting enemies remotely using new classes of weapons such as computer viruses, malware and programs that alter a system’s operability or initiate a complete system shutdown. Cyberattacks will be the new battlefield — unseen, invisible and unpredictable, where hackers from various nations will compete to disrupt economies and lives.
Although there are legal frameworks in place for prosecuting cybercrimes, incidents are exponentially rising — warfare that lets nations or individuals take down organizations and economies without guns and bombs. As the cybercrime statistics of 2020 prove, the most significant threats we face today are threat actors operating from their home desktops with an intent to propagate harm.
The future seems grim, as recent reports reveal state-sponsored cyberwarfare tactics. According to the 2020 Verizon Data Breach Investigation Report (“DBIR”), there’s been an increase in state-sponsored espionage-related incidents, ranking only second after organized crime. What’s more, Google’s Threat Analysis Group (TAG) revealed in October 2020 that it had managed to absorb one of the biggest DDoS attacks in 2017 – a massive bandwidth attack of 2.5 TB per second over six months. In a separate report, Google TAG also revealed that the attack was state-sponsored, wherein the researchers could connect the dots to internet service providers in China.
The list goes on. In February 2020, Iran announced that it faced and eliminated a DDoS against its communications infrastructure that disrupted the internet. In the same month, Chinese hackers tried to steal confidential information on Malaysian government-backed projects through its officials. As reported by the DHS and the FBI, the Russian government has deliberately intruded into the U.S. CI since 2011.
Although the recent power grid failure in Mumbai was the result of human error, the power ministry confirmed cyberattacks happened on their SCADA system. The malware was unable to hit the operating systems, which is a wakeup call to strengthen our cyberfront further. Even the possibility that such a massive power outage could be a result of a state-sponsored attack was enough to send a shiver down a nation’s spine, especially during the pandemic.
These attacks are not only limited to data theft, impersonation, malware and viruses. Social engineering attacks that target a specific group are rampant, as well. For instance, in April 2020, it was found that a Russian hacking group forged diplomatic cables and planted articles on social media to turn the masses against the governments of Estonia and the Republic of Georgia.
In 2010, a virus named Stuxnet demolished a secret Iranian nuclear weapons plant. Hackers at Symantec Corporation unraveled its mysteries – what made Stuxnet different was that it impacted the cyber world and caused real-world kinetic damage, which baffled cybersecurity experts. Although Stuxnet’s threat actors are still unknown, it was clear from the objective that it was a nation-state that wanted to perpetuate damage in Iran.
The Cause and Effect
As cybersecurity experts expect more attacks that exploit how “hackable” humans are, it is prudent for countries to be prepared for strategic destabilization from an indirect cyberattack.
Cyberwarfare is a huge challenge, considering the widespread and long-lasting impact an attack can have. Such attacks have penetrated every aspect of our being — call logs, geolocation data and text messages across domains such as manufacturing, media, health care and non-profit sectors.
Cyberweapons have potential to inflict damage that is the equivalent to any other weapon. They can shut down the power grid of an entire city; for example, if the financial capital is out of power, banks can no longer operate or carry out transactions after backup generators fail, the stock exchange will be shut down, and consumers won’t be able to withdraw money, as ATMs won’t work. A well-orchestrated attack could lead to nationwide panic, as people try to stock up on cash and essentials as soon as possible.
What’s more, the ripples of the attack will be felt in other industries — for example, essential utilities such as water treatment plants and waste management will come to a screeching halt. Stores will run out of stock and credit cards won’t work, leading to absolute mass panic. An attack on the power grid would also mean blinding the armed forces by shutting down GPS and computer networks. It may take days or weeks for the systems to recover from a strategic cyberattack and return to normalcy.
It is estimated that by 2025, cybercrime will cost global economies over $10.5 trillion.
This represents the greatest peril for economic wealth in history, risks the incentives for innovation and investment, and dwarfs the damage inflicted from natural disasters and illegal drugs, combined, in a year.
Fighting the ongoing cyberwar is not going to be easy. Unlike traditional scenarios, where we could trace an IP and threat actor to eliminate both, in the cyber world, the very existence of a malicious module means that several mirrored, infected modules have already been propagated throughout the networks.
What makes threat detection even more difficult is that state-sponsored threat actors rarely draw attention to themselves. They reportedly use limited malware and generic administrator tools to unravel layers of security. They also have been reported to linger in the network for a long time, going undetected for days or months.
These threat actors are motivated by their own sense of nationalism, and are aware of the consequences of their actions. Their attacks may be a type of hacktivism, financially motivated or opportunistic. They may be part of a larger army of cybercriminals available for hire, and some often have close links to the military, intelligence or state administration of their country.
The objective of the undeclared cyberwar is to place persistent mechanisms on networks that may stay dormant for years. Their methodologies also exploit the industry-wide perception that the third party holding one’s data is not as vulnerable. Similarly, a company that doesn’t consider its data highly confidential or itself a prime target doesn’t tend to have appropriate measures in place for threat detection and response.
As a closing note, state-sponsored attacks are highly incentivized and relatively easy to carry out and get away with. It is also increasingly difficult to trace an incident back to a specific country. Thus, countries are now collaborating and innovating to counter such attacks. India, for instance, for the most part a silent observer, is now diving into cyberwarfare to protect assets, as well. The inherent lack of international norms in this domain will always be a gray area, until addressed seriously. The future may see a full-blown cyberwar if the uncertainty around global cybersecurity regulations persist.