Modern Warfare: Cybersecurity on the Battlefield
Cybersecurity doesn’t just apply to your personal devices, it also is one of the biggest roles in modern warfare and cannot be ignored. Cyberwarfare is far from a theoretical threat. History has shown that the value of gaining access to privileged information and disrupting systems for political gain is more than enough motive to generate action from independent hacktivists, nation-states, and private organizations.
The ubiquity of technology has revolutionized warfare as we know it. Acts of war are no longer secluded to the battlefield – in today’s inter-connected world our everyday technology is the battlefield.
The prevalence and impacts of cyberwarfare are incredibly significant. In 2017, a report for the National Defense University Press revealed that the Pentagon reports getting 10 million cyberattack attempts a day. Malicious cyber activity also causes a significant economic impact, with cost to the U.S. economy being between $57 billion and $109 billion in 2016.
Technology’s role in warfare simply cannot be ignored. Our connected systems are all potential attack vectors for disrupting resources, spreading propaganda, damaging equipment, and even causing the loss of life.
Cyberwarfare throughout history
Cyberwarfare is far from a theoretical threat. History has shown that the value of gaining access to privileged information and disrupting systems for political gain is more than enough motive to generate action from independent hacktivists, nation-states, and private organizations.
2007 – Jeffrey Delisle leaks the STONEGHOST database
In 2007 Jeffrey Delisle, a former Sub-Lieutenant in the Royal Canadian Navy, leaked information from a database known as STONEGHOST. This database contained secret intelligence information shared between Canada, the United States, the United Kingdom, Australia, and New Zealand.
The leak was made possible by Delisle’s computer having an integrated floppy drive, despite protocols against the technology. Delisle manually captured intelligence data and transmitted it to a floppy drive, where it was later transferred to a USB memory stick using his personal computer. The data contained on the memory stick was then offered to the Russian spy agency GRU for sale.
2010 – The STUXNET worm destroys nuclear equipment
The damage caused by the STUXNET worm is a historically significant example, marking the first known use of malware to destroy physical objects in nation-state conflict. STUXNET caused significant damage to centrifuges in the Natanz uranium enrichment plant in Iran that were used to enrich uranium gas.
2015 – Cyberattack on western Ukraine’s power grid
The 2015 cyberattacks on Western Ukraine’s power grid lead to a blackout that left hundreds of thousands of citizens without power. The attack leveraged the vulnerability of organizations connected to an Industrial Internet of Things (IIoT) system that shared connectivity with regular IT systems. Access to Ukraine’s IIoT infrastructure was made possible through spear-phishing and social engineering techniques.
How cyberwarfare could be used
The potential for cyberwarfare is nearly boundless. Evolving technologies, new zero-day vulnerabilities, and increasing motivation will all contribute to advancements in this sector. In the end, the key takeaway is to understand that any system can become a potential vector for entry given the right circumstances – it’s not a matter of if, it’s a matter of when.
Consider these possibilities:
- Hijacked video streams from a UAV replaced with false footage
- Propaganda spread through compromised government accounts, websites, and communication channels
- Total shutdown of resources including internet, fuel, and electricity
- Election interference – the destruction/false attribution of votes, spreading of political propaganda, etc
Common attack vectors
To further emphasize the point stated previously, every single system inside or outside the network could be a point of entry for cyberattacks.
While cyberwarfare can be more sophisticated than is commonly seen in the civilian world, much of the same basic vulnerabilities still exist – namely the people we depend on most to keep these systems safe.
- Malware transmitted through phishing attacks that can unknowingly allow malicious software into the network
- Insider threats cooperating with unauthorized external forces
- Programmable logic controllers (PLCs) linked to equipment such as fuel supplies
- IoT/IIoT technologies such as supervisory control and data acquisition (SCADA) systems and Industrial Control Systems (ICS)
- A lack of air gapping – mixing IT and industrial control systems
How cyberthreats are being responded to
Addressing cyber threats in the context of modern warfare is a delicate subject. There is the issue of individual actors – hacktivists – being the source of the attacks. To instigate a war against an entire population over an individual act is not in the best interests of global powers.
There is also the issue of determining how and when to respond to cyberattacks. Not all “attacks” are created equal, after all. How are we to determine when a cyberattack is an act of war?
In terms of proactive measures, aside from the standard cybersecurity infrastructure you would expect from any organization, militaries are training modern soldiers through war games – realistic competitive scenarios that aim to simulate a ‘live-fire’ situation to provide practical training and insights to soldiers and other actors within the space.
Examples of cyberwarfare-centric war games include the Crossed Swords and Locked Shields experimental exercises. The NATO Cooperative Cyber Defence Centre of Excellence has an overview of Crossed Swords here. For an in-depth overview of the activities included in the Locked Shields exercise, visit this Tech Republic article on the subject.
The future of war is ever-evolving. The examples provided show how cyberwarfare has evolved over the previous decades, but what about the next? With self-driving cars, artificial intelligence, quantum computing, and countless other advancements integrating into our societies, how will they be exploited? How will we defend them? Time will tell.