Cyberwarfare: The 21st Century Battlefield
Note: This article was originally published in "Safety & Security Today Quarterly Magazine Apr-June-2019.
We are living in an age of technology revolution which already has and will continue to fundamentally change the way we live, work and interact with each other as a society. Technology has brought a lot of good, however, at the same time technology has created problems with regards to security and privacy. Technology has also changed the way a war is waged as fighting a conventional war these days has almost unbearable costs in terms of human lives, economy, resources, and international legitimacy. Another important distinction is that enemy is visible in conventional warfare, whereas in cyberwarfare this is not the case. Therefore, in contrast - cyberwarfare is effective and cheap.
Evolution of Warfare
Conventional Warfare: During the First and Second World War, the belligerents fought in three major domains of warfare; air, land, and sea. Under the conventional warfare doctrine, millions of combatants were recruited and deployed on the battlefield with armor and artillery under the cover of air forces to mount mass invasions of enemy countries, for example, the invasion of Poland, France, and the Soviet Union by Germany.The Nuclear Age: The era of Conventional Warfare abruptly ended by the development of a nuclear bomb by the United States under the Manhattan Project. The United States decided to use its newfound weapon of mass destruction against Germany, however, the German Army was defeated before the bomb could become operational. The US then deployed its nuclear bombs against the cities of Hiroshima and Nagasaki in Japan, killing a vast number of innocent people, believed to be in hundreds of thousands. The repercussions of a nuclear war were made evident and as the US lost its status as the sole nuclear power on earth in 1946 as the Soviet Union built its own nuclear bomb, a paradigm of strategic parity and restraint was enacted. Although the countries couldn’t fight directly after the Korean War, a worldwide cold war was fought in Vietnam, Afghanistan, the Middle East, and South America.
Hybrid Warfare: When the Cold War finally ended in the early 1990s with the collapse of the Soviet Union, the dynamics of the global conflicts changed drastically as the world become unipolar with the United States as its sole superpower. The newly born Russian state felt humiliated at such a defeat and decided to invent a new type of warfare with which to restore its lost power. It, therefore, invented a new doctrine called ‘Hybrid Warfare’ which borrowed three elements of the ‘Cold War’; the proxy warfare, political warfare and economic warfare, while integrating them with two new domains of modern warfare, the information Warfare, and cyberwarfare. These elements together created Russia’s hybrid warfare doctrine which was later adopted by many countries including India to be used against Pakistan.
Enter Cyberwarfare: Cyberwarfare refers to the use of digital attacks, like computer viruses and hacking by one country to disrupt the vital computer systems of another, with the aim of causing damage, death, and destruction. Future wars will see hackers using computer code to attack an enemy’s infrastructure, fighting alongside troops using conventional weapons like guns and missiles. Governments are increasingly aware that modern societies are so reliant on computer systems to run everything from financial services to transport networks that using hackers armed with viruses or other tools to shut down those systems could be just as effective and damaging as traditional military campaign using troops armed with guns and missiles. Unlike traditional military attacks, a cyber attack can be launched instantaneously from any distance, with little obvious evidence of any build-up, unlike a traditional military operation, such as the attack would be extremely hard to trace with any certainty to its perpetrators, making retaliation harder.
Cyberwarfare refers to the use of digital attacks, like computer viruses and hacking by one country to disrupt the vital computer systems of another, with the aim of causing damage, death, and destruction.
As a result governments and intelligence agencies worry that digital attacks against vital infrastructure -- like banking systems or power grids will give attackers a way of bypassing a country’s traditional defenses and are racing to improve their computer security. However, they also see the opportunity that cyber warfare capabilities bring, offering a new way to exert influence on rival states without having to put soldiers at risk. The fear of being vulnerable to the cyber weapons of their rivals plus a desire to harness these tools to bolster their own standing in the world is leading many countries into a cyber arms race. Moreover, the US elections in 2016 became controversial as allegations of Russian meddling in the elections were popularized which in turn directly affected the US democratic institutions by undermining their credibility and integrity. By combining elements of cyberwarfare and information warfare, the Russian intelligence services allegedly manipulated public sentiments in favor of Donald Trump while severely hurting the repute of his arch rival, the Democratic Party candidate, Hillary Clinton. Russia, a country with major diplomatic and demographic trends working against it made people of United States lose trust in their most fundamental democratic process i.e. elections. This method was also seen during high profile events like the attempted coup in Turkey (in 2016), Arab Spring protests in Egypt, Tunisia, and Syria as well as during important referendums like Brexit and the Scottish referendum etc.
There are various types of cyberwarfare operations being carried out today.
Cyber Espionage: It is the theft of classified data stored on secure computers.
Cyber Sabotage: It is the destruction of classified, highly important data stored on secure computers and networks to cause disruption, confusion, and loss, for example, Stuxnet.
Cyber Intelligence: It is the use of cyber mediums to collect intelligence or to perform counter intelligence operations.
Cyber Terrorism: It is the use of instruments of cyberwarfare to carry out or facilitate acts of terrorism through logistical, economic or by means of propaganda and intelligence gathering. While cyber counterterrorism is a subject that deals with developing capabilities to defeat cyber terrorism, terror financing and to disrupt and infiltrate terrorist networks online.
Cyber – Economic Warfare: Using cyberwarfare to induce economic loss to a state or a private enterprise. The hacking of Sony’s STEAM gaming service by North Korean hackers caused severe loss to the Japanese company. It can also be used in conjunction with a kinetic operation to cause psychological collapse, confusion, and chaos by carrying out distributed denial of service attacks at a massive scale.
Cyberwarfare – Perception & Reality
In cyberwarfare, the gap between
perception and reality is still very high
as it is often argued that cyberwarfare
does not result in any physical destruction or human causalities. A lot of experts therefore argue that cyber war
is an incorrect terminology rather it
should be referred as cyber espionage
or cyber terrorism. However, there are
instances where people died directly as
a result of cyber-espionage. For example:
There were multiple reports pertaining to Ukrainian Artillery Soldiers getting their mobile phones infected by a
variant of FANCY Bear X AGENT Implant
which was distributed on Ukrainian
military forums packed within another
legitimate Android application developed by Ukranian artillery officer which
enabled forces to more rapidly process
targeting data for the Soviet era D30
Howitzer employed by Ukrainian artillery soldiers. The infected mobile app
upon installation was used to obtain
geo locations after which artillery fire
was launched. Open source reporting
indicates that Ukrainian artillery forces lost over 50% of their weapons in
the 2 years of conflict and over 80% of
D-30 howitzers, the highest percentage of loss of any other artillery pieces
in Ukraine’s arsenal.
Another notable example worth
mentioning is the compromise of Ukranian power company Prykarpattyaoblenergo which reported an outage on
Dec 23, 2015 in mid of winters which
left about 230,000 Ukrainians without
power in bone-chilling cold. The attack was carried out by compromising
the domain controller and from there
pivoting into SCADA systems which
tripped the power breakers and disabled UPS systems.
To exacerbate the effect a TDoS
(Telephone Denial of Service attack)
was launched on electrical grid’s call
centers in order to delay the company
from noticing the full scale of the attack. The attack was tackled in a span
of 6 hours if this attack had persisted
long enough Ukraine would have been
dealing with human casualties.
Parallel Internet
Nations are increasingly worried
about this new type of warfare and
are adopting new measures in order
to counter propaganda and subversion. For example, North Korea has completely isolated its audience from
accessing the internet by building a
parallel internet of its own and by restricting access to global internet only
to the limited subset of people and
that too after special authorization.
The only way of transmitting subversive information into North Korea is
via radio on South/North Korean border, thus limiting the number of ways
to indoctrinate the North Korean people against their leadership.
China, on the other hand, has implemented The Great Firewall of China
(GFW) which acts as a trade protectionism strategy for promoting local services. GFW applies various techniques
for blocking internet traffic and has
been pretty effective in blocking the
majority of Proxy/VPN based services
as well. Over the years, some bypasses
have been reported. However, China
keeps on proactively fixing them. GFW
to a large extent has successfully restricted and prevented the majority of
Chinese population from accessing the
US-based services and has successfully
provided alternative services such as
Tencent Video for YouTube, Tencent
Weibo (Twitter), WeChat (WhatsApp)
etc. This was done for preventing
US-based companies from collecting
information pertaining to the behavioral traits about their population and
prevent them from building psychometric profiles based upon which their
opinions can be swayed and enticed to
cause a digital insurgency against the
Chinese government.
5th Generation warfare is aimed at influencing the perception of the people to sway their opinions about a certain issue through disinformation and propaganda while using the offensive Cyberwarfare operations to inflict damage and punishment in times of hostilities.
Russia, on the other hand, has not
been as stern as North Korea and China, however, it has been slowly following a similar path towards creating
its own internet. In April 2018, Russia
blocked Telegram, a well-known messaging application for not being able
to comply with court orders which
required Telegram to give access to
encrypted messages. In an attempt
to block Telegram, ISPs blocked about
16 million IP addresses which lead to collateral damage and resulted in the
unavailability of a wide range of other
Google Services. This happened due
to the fact that Telegram was using a
technique known as Domain Fronting
for serving content via Google Cloud
servers. By using Domain Fronting the
legitimate Telegram servers were hiding behind legitimate high reputation
Google Cloud servers, more specifically Content Delivery Networks (CDN).
In the following days, Google blocked
domain fronting facility.
Russia at present is in the process
of testing the parallel internet which
upon execution will convert the entire
internet into the intranet, this means
that users will only be able to access
government controlled local services. In order to accomplish this, all the
traffic will be re-routed to Government
controlled internet exchange points
whereby any traffic originating from
Russian source to any foreign destination will be blocked. This in critical
times will ensure that Russian users
are not subject to any propaganda
or disinformation campaigns as well.
It will also disrupt communications
of compromised machines to their
command and control if placed outside Russia. Furthermore, Russia has
also taken steps to build its own Root
DNS server which will make sure that
Russian local services hosted at .ru top
level domain will still work even if .ru
top level domain is removed from the
ICANN database.
Conclusion
Traditionally information warfare
was being fought through airborne
leaflets, loudspeakers etc. However,
due to vast adoption of social media it
became easier to collect psychographics and spread propaganda. However,
since countries like China and Russia
are building their own internet which
in critical times can be completely segregated, in that case, psychological
warfare will revert to traditional techniques.
If Russia’s parallel internet initiative
materializes, we will fall back to traditional propaganda and disinformation
methods such as airborne leaflets, radio, and loudspeakers. The 5th Generation warfare is aimed at influencing
the perception of the people to sway
their opinions about a certain issue
through disinformation and propaganda while using the offensive cyberwarfare operations to inflict damage
and punishment in times of hostilities.
States which are not prepared or are
too slow to catch up will soon be left
at a severe disadvantage whereby they
will be unable to defend themselves if
attacked by a fifth-generation cyber
weapon.
