EFFECTS OF CYBER WARFARE

The nation’s top spy, Michael McConnell, Director of National Intelligence, thinks the threat of
cyberarmageddon! is so great that the U.S. government should have unfettered and warrantless
access to U.S. citizens’ Google search histories, private e-mails and file transfers, in order to spot
the cyberterrorists in our midst.

Like DNI, many believe we are either in the early stages of a cyber arms race or a global cyber
war. Given the number of attacks we have seen this year, it would be difficult to argue with
either statement. If indeed we are headed into a global cyber conflict, what would be the
implications for the United States?

A cyber conflict differs greatly from what we typically associate with a war. There are no bombs
bursting or gun fire. It is a silent conflict that is hard to notice until you try an electronic
transaction. When we evaluate the progress of a war today we measure death and physical
destruction. While there can be minor physical destruction in a cyber war, the political economic
and financial implications are the primary measures of success.

The political fallout of a cyber attack will certainly be high, but this will pale in comparison to
the financial and economic implication. The results of research on this topic conducted by Spy-
Ops are listed below.

Physical Impact 1.2 Very Limited

Social Impact 4.3 Very High
Political Impact 4.0 High
Financial Impact 4.3 Very High

The financial and economic impact of a one day cyber war that disrupts U.S. credit and debit
card transactions is estimated at being about $35 billion USD.

The United States is one of, if not the country most dependent on computers. Computers control
our financial system, the traffic on streets, rail and in the air, and have become an integral part of
our every day lives. In an all out cyber assault against the United States, the financial and
economic, social and political implications could be greater that that felt by the 9/11 terrorist
attacks.
— Kevin Coleman

EFFECTS OF CYBER WARFARE ON CIVILIAN POPULATION

Introduction
In the twenty-first century, everything significant that happens in the real world, including every political
and military conflict, will also take place in cyberspace. For national security planners, this includes
propaganda, espionage, terrorism, and even warfare itself. The nature of a national security threat has
not changed, but the Internet has provided a new delivery mechanism that can increase the speed,
diffusion, and power of an attack. Its ubiquitous and unpredictable characteristics mean that the battles
fought in cyberspace can be just as important – if not more so – than events taking place on the ground.
The dynamic and constantly evolving nature of computing technology ensures that cyber defenses will
never be easy to maintain. The intangible nature of cyberspace can make the calculation of victory,
defeat, and battle damage a highly subjective undertaking. And amazingly, even knowing whether one is
under attack can be a challenge. Much information lies outside the public domain, there have been no
wars between two first-class militaries in the Internet era, and the ignorance of most organizations
regarding the state of their own cyber security is alarming.

Growing dependency on information technology (IT) and the interdependence of related critical
infrastructures have made a secure cyberspace vital to the functioning of the modern state. At the same
time, advances in the IT sector have also presented terrorists and other criminals with new opportunities
and attack vectors that they are increasingly exploiting. Notably, perpetrators of cyber-crimes share
common methods even if their goals and motivations differ. They learn from each other and frequently
work together.

I will try to showcase how dependency on cyberspace is continuously increasing, and will outline recent
developments as they pertain to threats emanating from cyberspace. It will point to related challenges for
those tasked with keeping cyberspace safe and secure and argue that today’s threats to cyber security
can best be tackled. It will conclude by offering a few policy options for contemporary decision makers.

Although nobody can accuse the Internet’s early developers of a lack of fore- sight, they could never have
imagined that their invention would develop into the global communication infrastructure it is today. Still,
much has changed since the Internet was first developed as a tool to share scientific and military
information, and much of the challenge in keeping cyberspace safe, secure and functional derives from
the fact that security was not a priority when the Internet was created. Instead, the focus was on
redundancy, efficiency and interoperability. But, exactly how dependent on cyberspace are we really?

Cyber-attack goals
A cyber-attack is not an end in itself. Rather, it is an extraordinary means to a wide variety of ends. The
goals of a cyber-attack are primarily limited by the imagination of the attacker and his or her access to a
target network. Here are five examples that national security thinkers should keep in mind as they
incorporate cyber security into their defense strategies.

Espionage
Increasingly, world leaders publicly complain of the threat posed by cyber espionage (“Espionage
Report…» and Cody, 2007). On a daily basis, anonymous computer hackers steal vast quantities of
computer data and network communications. In fact, it is possible to conduct devastating intelligence
gathering operations, even on highly sensitive political and military communications, remotely from
anywhere in the world.

Propaganda
Cheap and effective, this is often the easiest and the most powerful form of cyber-attack. Propaganda
dissemination may not need to incorporate any computer hacking at all, but simply take advantage of the
amplification power of the Internet. Digital information, in text or image format – and regardless of whether
it is true – can be instantly copied and sent anywhere in the world, even deep behind enemy lines. And
provocative information that is removed from the Web can reappear in seconds.

Denial-of-Service (DoS)
The simple strategy behind a DoS attack is to deny the use of data or a computer resource to legitimate
users. The most common tactic is to flood the target with so much superfluous data that it cannot respond
to real requests for services or information. Other DoS attacks include the physical destruction of
computer hardware and the use of electromagnetic interference, designed to destroy unshielded
electronics via current or voltage surges.

Data modification
This category of attack targets the integrity of data. It is insidious, because a successful attack can mean
that legitimate users (human or machine) could make important decisions based on maliciously altered
information. Such attacks range from website defacement (often referred to as “electronic graffiti,” but
which can still carry propaganda or disinformation) to database attacks intended to corrupt weapons or
command-and-control (C2) systems.

Infrastructure manipulation
National critical infrastructures are, like everything else, increasingly connected to the Internet. However,
because instant response is often required, and because associated hardware may have insufficient
computing resources, security may not be robust. The management of electricity may be especially
important for national security planners to evaluate, because electricity has no substitute, and all other
infrastructures depend on it (Divis, 2005). Finally, it is important to note that almost all critical
infrastructures are in private hands.

Critical Infrastructures are those infrastructures, or parts thereof, which are of substantial relevance in
maintaining important societal functions. Their disruption or destruction has serious effects on the health,
security or the economic and social wellbeing of the population. or on the effective functioning of
government. Plans for protecting such infrastructures should be cognizant of their importance and
comprehensive in their approach. For example, on the basis of the European Program for Critical
Infrastructure Protection, a national master plan was elaborated for Austria, called – the Austrian Program
for Critical Infrastructure Protection (APCIP). APCIP describes the principles of the program, including
listings of priority sectors; definitions of criteria for rating critical infrastructures; identifying risk factors
and relevant actors; listing measures for the protection of critical infrastructures; and developing an action
plan with detailed sub-goals.

The Europe-wide program lists 11 sectors of critical infrastructures: energy, nuclear industry, ICT, water,
victuals, health, finances, transport, chemical industry, space travel and research institutions. The
centers, communication nodes and steering systems of these critical infrastructures at the disposal of a
modern society are based on information and communication technology or are of considerable
importance for the ICT and can only be operated in certain locations.

For Austria not all of these sectors have the same relevance as they do for the EU. For example, nuclear
industry and space travel are of no specific national importance, but conversely, emphasis is placed on
constitutional installations, the maintenance of the social and defense systems as well as first responder
organizations. Austria’s transformation into the information age is relatively more advanced than that of
Estonia, and therefore Austria depends even more upon the functioning of its critical infrastructures. This
calls for great efforts in order to ensure and sustain their functioning by taking comprehensive security
measures.

Conclusions
The fact that a computer network attack during an armed conflict is not kinetic, physical or violent in itself,
does not put it beyond the remit of Intern. Humanitarian Law (IHL). Computer network attacks open up
new questions since they can be used, f.e., against the enemy’s production, distribution and banking
systems, making the impact more difficult to judge. The IHL principle that civilians should be protected
and their livelihoods and the environment in which they live should not be targeted, provides basic
guidance when faced with these new methods of warfare. Some cyberattacks over the past decade have
briefly affected state strategic plans, but none has resulted in death or lasting damage! Preparation in a
wider sense can only be done in protection of critical (vital) infrastructure and concrete Cyber Defence
measures.

The state has to provide adequate resources in developing a national means of analyzing, assessing and
predicting developments in strategic ICT – including risk assessment, a permanent situation center for
observation, estimates of the threat environment and, if necessary, for early warning, alert, and the
activation of reactions and emergency organizations (such as CERT/CSIRT, or Computer Emergency
Response Team/ Computer Security Incident Response Team).

Thus, what any state with a high degree of dependence on IT today needs is a central body to collect,
analyzes, and assesses all pertinent information from government agencies at all levels as well as from
private parties. This organization should also have the authority to take the necessary reconnaissance,
prevention, defense, and reaction measures, or at least obligate other assets to do so. This authority
would also ensure underpin the effective steering and coordination of national and international
cooperation regarding cyber war. Clearly however, the necessary legal preconditions for such a body
would have to be established and tailored in each national context, and the manner in which this is
accomplished may well affect the way in which individual states can defend themselves against cyber war
threats in the future.

CHINA IN CYBER WAR

(3) China is champion in cyber-spying ! Chinese government has been alleged multiple

times by reliable sources for being involved in a number of high-profile cases of
espionage, primarily through the use of a "decentralized network of students, business
people, scientists, diplomats, and engineers from within the Chinese Diaspora". A
defector in Belgium, purportedly an agent, claimed that there were hundreds of spies in
industries throughout Europe, and on his defection to Australia Chinese diplomat Chen
Yonglin said there were over 1,000 such in that country. And as usual after every attack,
China continues to deny it play the victim card. China has immensely expanded its cyber
capabilities and in the process of integrating it with it military to ensure increased
education of its soldiers in cyber warfare.

RUSSIA IN CYBER WAR

(6) Russia - FSB nurtures a sizable number of computer hackers which are mainly
involved in political blog/email hacking, internet surveillance, disinformation
dissemination. Everyone knows who sought their services lately ! In the words of Mr.
Trump “Russia, if you’re listening, I hope you’re able to find the 30,000 emails that are
missing !”
Rumblings of cyberwar
Foreign hacking is top of mind right now, thanks to Russia's attempts to shake up the U.S.
presidential election. With a high degree of confidence, U.S. intelligence agencies say the
highest levels of Russia's government are behind the Democratic National Committee email
leaks intended to embarrass Hillary Clinton. According to the reports I've read, most of these
Russian hacks seems to be based on simple password phishing.

China has been involved in hacking American (and other) companies for decades. Most
computer security experts believe that China already has every intellectual property secret it
wants. I didn't believe the Chinese hacking rumors for years because accusers failed to
provide public evidence. I've since changed my tune because many companies have
released that evidence, and it appears quite convincing. Also, the Chinese government's
tight control over its domestic internet makes it unlikely that Chinese hackers could have
hacked U.S. targets without either direct orders -- or at least tacit acceptance.

Regardless, recent evidence suggests that Chinese hacking against American companies
has decreased since President Obama and Chinese leaders signed an antihacking
agreement last year. I've been involved in dealing with advanced persistent threat (APT)
attacks for more than a decade, and I'm personally hearing less complaints about Chinese
intrusions.

Which hackers cause the most damage?

If by "damage" you mean frequency and severity of attacks, Chinese hackers take the No. 1
spot. Very likely tens of thousands of them, funded by the government, have broken into any
company they like. I'm convinced they've stolen more secrets and intellectual property than
any other country, with a single breach potentially incurring many millions of dollars in
damage. 

I've seen American companies work on a secret new product, only to have a Chinese
company release a very similar, if not identical product first. Sometimes even the wording in
the documentation is identical. I've seen entire American company divisions shut down as a
result. 

Russia's hackers are more focused on direct financial crime and probably incur hundreds of
millions of dollars in damage each year. Who knows -- it could be billions of dollars. But if I
compare the direct financial costs of Russia versus China, China probably wins that battle
due to its theft of high-value intellectual property.

What about Russia's impact on the American elections, especially if that hacking results in a
presidency friendly to the Russian government? Luckily, despite Russia's best efforts, the
American voting system is probably too much of a hodgepodge systems to be affected in a
material way.
Best hacking skills
In my personal experience, the best hackers have always come from the United States or
one of its friendly allies. I know that sounds biased, but when I taught hacking classes, the
U.S. hackers always completed the hacking tests the fastest.

In the Foundstone classes we ran little tests during the day that allowed our students to
practice some skill we had taught them. Most students, regardless of country, tended to
perform roughly the same. At the end of the class, we had a major capture-the-flag test,
which required that students put together everything we had taught them, but in slightly
different ways. It required thinking outside the box. U.S. students were always able to
complete the major test and were always fastest.

Unfortunately, my Foundstone experiences ended 10 years ago. Since then, several other
countries have risen to become part of the elite club of hackers. Israel, for such a small
country, has an enormous number of incredible hackers, and they enjoy a well-earned
reputation as the best-thinking defenders.