Troops massed on a border, politicians making declarations, markets watching nervously. The situation at the Russian-Ukrainian border was such a quagmire until last week. As we go to press, the situation — now kinetic and violent — remains in flux.
There are lessons here for all chief digital officers. Cybersecurity pros often use combative terms like “attack surface” or “intrusion,” and these concepts are easier to visualize when real-life armies are slinging heavy metal at one another.
War of any kind is tragic and represents the ultimate failure of diplomacy. We can view successful cyberwarfare as a failure of digital security, but the term itself is controversial.
However, “There is significant debate among experts regarding the definition of cyberwarfare, and even if such a thing exists. One view is that the term "cyberwarfare" is a misnomer since no offensive cyber actions to date could be described as war.”
Perhaps. But the term “war” is always controversial, as opponents in armed conflict always try to spin their positions. As ever, the first casualty of war is the truth.
The Stuxnet Worm
Deployment of the Stuxnet worm in 2010 constituted a cyberattack. Wikipedia: “Although neither country has openly admitted responsibility, the worm is widely understood to be a cyberweapon built jointly by the United States and Israel in a collaborative effort known as Operation Olympic Games.”
As we go to press, the situation remains in flux
And although neither of the purported players admitted responsibility, “In May 2011,” says Wikipedia, “the PBS program Need To Know cited a statement by Gary Samore, White House Coordinator for Arms Control and Weapons of Mass Destruction, in which he said: 'we're glad they [the Iranians] are having trouble with their centrifuge machine and that we — the U.S. and its allies — are doing everything we can to make sure that we complicate matters for them,' offering 'winking acknowledgment' of United States involvement in Stuxnet.”
Stuxnet is a targeted weapon. “Exploiting four zero-day flaws, Stuxnet functions by targeting machines using the Microsoft Windows operating system and networks, then seeking out Siemens Step7 software,” says Wikipedia. “Stuxnet reportedly compromised Iranian PLCs, collecting information on industrial systems and causing the fast-spinning centrifuges to tear themselves apart.”
Never has cybersecurity been more important
The last phrase shows the facilitation of destruction that code warriors enjoy in our digital age. Say a centrifuge typically runs at 3,000rpm, well within its spec of 5,000 (figures are examples). A worm infiltrates the control program and inserts a zero in a single line of instruction. Centrifuge promptly spins up to 30,000 rpm, destroying itself. System dependent on centrifuge collapses. Attack successful.
“Stuxnet reportedly ruined almost one-fifth of Iran's nuclear centrifuges,” says Wikipedia. “Targeting industrial control systems, the worm infected over 200,000 computers and caused 1,000 machines to physically degrade.”
Whether this constitutes warfare or not is a matter of semantics. Destroying a thousand physical machines through remote code execution reportedly required the collaboration of intelligence communities from two nations. But no declaration of war, or even declaration of intent from said nations.
If not warfare, definitely cyber.
The Internet has created another class of cyberattackers — activists motivated by idealism. The most famous collective is known as “Anonymous” and is represented by a figure in a Guy Fawkes mask.
Wikipedia: “Anonymous is a decentralized international activist and hacktivist collective and movement primarily known for its various cyberattacks against several governments, government institutions and government agencies, corporations and the Church of Scientology.” The keyword here is “decentralized” which describes both the organization and its attack strategies.
Anonymous is naturally drawn to the Ukrainian situation and currently enjoys a resurgence in news headlines. Media coverage increases rapidly as we go to press — reports of governmental websites compromised now litter the Internet.
The collective's latest action apparently exposed 200GB of emails from Belarusian weapons manufacturer Tetraedr. “Anonymous breached the firm’s defenses and released the most recent 1,000 emails from inboxes belonging to Tetraedr employees, passing them over in .EML format to the information transparency platform DdoSecrets,” says a report on Cybernews.com.
The nature of this cyberintrusion is telling. The collective reportedly swiped a lot of emails — do these digital documents contain anything damaging? It takes time to parse this amount of data. Who will sift through it and decode not only the languages involved but whether the information is vital to war efforts and not a bunch of cat videos?
As the DDoS website says: “Datasets that were released in the buildup to, in the midst of, or in the aftermath of a cyberwar or hybrid war. Therefore, there is an increased chance of malware, ulterior motives and altered or implanted data, or false flags/fake personas. As a result, we encourage readers, researchers, and journalists to take additional care with the data.”
In the same spirit, interested parties should take additional care with resultant news stories and other rumors.
Is it cyberwarfare?
Conducting operations in the digital realm removes troublesome logistics from the operation: there's no need for physical supply chains or masses of troops. Instead, digital intelligence can pinpoint an opponent's weak spot.
For today's CDOs, the message is clear: Never has cybersecurity been more important. Caveat lector.
Stefan Hammond is a contributing editor to CDOTrends. Best practices, the IOT, payment gateways, robotics and the ongoing battle against cyberpirates pique his interest. You can reach him at [email protected].
Image credit: iStockphoto/bgton