Cyberwar
26 Jan 2020

The Evolution of Cyberwar

Cyberwar is a genuine threat to every person, organization, and nation-state. In today’s digitally driven society, every system that helps us navigate, participate and compete in the digital age relies on the availability and unhindered functionality of technology. Classical warfare doctrine, such as the treatise written by Sun Tzu, states that the supreme art of war is to subdue the enemy without fighting. The objectives stated by Sun Tzu have become a reality as warfare evolves in the digital realm. Cyberwar effectively attacks the enemy’s ability to wage kinetic combat. It has the capability to disrupt communication and render their equipment useless.

Cyberwar’s Appeal for Military Strategy

Waging war in cyberspace has many advantages for the aggressor. It gives the attacker the ability to target an enemy anywhere in the world from any location with little or no logistical support. It also allows the attacker to obfuscate their actual location making attribution extremely difficult, if not impossible. By using proxies, VPNs, and compromised servers in places far from their exact position, attacking parties can render target sites unusable with impunity. In addition to its range and stealth, waging cyberwar is also cost-effective. With time and skill, a relatively small country can build a cyberattack capability that can cause severe damage to larger, more powerful adversaries. 

The Evolution of Cyberwar

Web War One

The growth of the Internet over the years has led to the evolution and increased relevance of cyberwar. Many experts agree that the first cyberwar occurred back in 2007. During this incident, it became clear to the world that hacking and cyber offensive attacks could go beyond website defacement, criminal profiteering, and industrial espionage. In Estonia, hundreds of websites succumbed to crippling Distributed Denial of Service (DDoS) attacks. The precursor to this event was the Estonian’s government decision to move a Soviet-era statue, the Bronze Soldier of Tallinn, enraging the Russian ethnic minority living in the country. At the time, Estonia was the most wired country in Europe, having embraced digital technology for everything from banking to voting. Although the attacks came from Russia, the Kremlin denied involvement amplifying the fact that attribution is challenging, if not impossible, in the cyber realm.

Hybrid Warfare

In 2008, cyberwar evolved during the Georgian conflict. During this confrontation between Russia and Georgia, cyberattacks coincided with conventional warfare for the first time. Georgian websites and online services were inundated and knocked offline by DDoS attacks, similar to the modus operandi used in Estonia. However, during this conflict, the use of cyberattacks coincided with the movement of Russian forces as they made their way through Georgia. This conflict was the first real hybrid war and illustrated the use of cyber offensive capabilities in support of conventional kinetic combat forces.

Cyberwar Techniques Evolve to Cause Destruction in the Real World

The next evolution in cyberwar occurred in 2010. In mid-June of that year, a security company in Belarus discovered a piece of malware that targeted Siemens industrial control systems. As news of this new malware strain spread, it became apparent the objective of this malicious software was to attack a specific piece of equipment, a centrifuge used to enrich uranium for nuclear weapons. It was also prevalent on computers in Iran, where more than half of all infections occurred. The reason this malware, labeled Stuxnet, was an evolution in cyberwar is that it was the first piece of software that caused intentional damage in the real world. Stuxnet damaged centrifuges at Iran’s Natanz nuclear facility, setting their atomic weapons program back by years. However, even though this was an attack focused on Iran’s nuclear program, the malware spread to other parts of the world infecting computers in Indonesia, India, Azerbaijan, the United States, and Pakistan, among others. The rapid distribution of the malware illustrated that the containment of targeted cyber weapons is extremely difficult in a world where every device lives on the same network.

The Cyber Arms Race

Stuxnet was a watershed moment in the evolution of cyberwar. Nation states realized cyber was another combat front in addition to land, sea, and air. It also kicked off the cyber arms race as it illustrated the advantages of delivering a risk-free blow to your enemy’s critical infrastructure. As a cyber weapon gives you the capability to attack your enemy from anywhere on the planet without risking military personnel and equipment, it allows almost any nation to rise to the status of a cyber superpower.

Malware and DDoS Offensive Capabilities Increase

Since Stuxnet, there have been several notable examples of cyberattacks launched by nation-states. In 2012, malware labeled Shamoon infected and effectively crippled operations at Saudi Aramco, one of the world’s largest oil companies. Although an anonymous group of hackers claimed credit, many analysts believe the real perpetrator of this attack was Iran, attacking a US proxy as retaliation for Stuxnet. Over and above, malware-laden cyberattacks, nation-states also used crippling DDoS attacks to knock their opponent’s political, commercial, and social services offline. For example, a DDoS attack on every major bank in the US knocked their services offline a month after the incident at Saudi Aramco. Although a hacking collective claimed responsibility once again, many believe Iran was behind the assault as retribution for Stuxnet.

Cyberwar’s Hidden Menace – Espionage  

Looking at the evolution of cyberwar through the years, nation-states use three primary attack vectors. DDoS attacks and malware cripple an opponent’s infrastructure, detrimentally affecting their ability to communicate and operate. The third attack vector is espionage. DDoS and malware attacks often make the news headlines as they are visible. However, cyber espionage is a vital ingredient in any cyberwar strategy. Not only does this activity help an attacker probe and identify potential weaknesses in their opponent’s infrastructure, but it is also crucial in obtaining information on industrial and proprietary technology an attacker can leverage. Although these cyberwar activities do not make the news often, this vector cannot be ignored.

Cyberwar Matures as an Offensive Capability

Perhaps the most common example of a genuine, sustained cyberwar is the attacks targeted at Ukraine in recent years. With the annexation of the Crimean Peninsula by Russia in 2015, wiper malware crippled Ukrainian media and infrastructure affecting services such as the national railway and the airport in Kyiv, the capital and largest city in the country. On Christmas Eve of the same year, an attack on the energy utility caused a power outage affecting over 200,000 city residents. Following that incident, 2016 saw further attacks crippling Ukraine’s pension fund, treasury, and other vital government services, deleting terabytes of critical data.

The Challenge of Containment

In 2017, the next wave of attacks on Ukraine included the now infamous NotPetya ransomware malware strain. This cyberattack targeted at Ukraine’s business sector spread to organizations across the world in a matter of hours, damaging computer systems at multinational companies operating across the globe. Ground zero for this attack was a software vendor based in the Ukraine that developed the country’s most popular accounting package. By infecting the organization’s update server, the attackers were able to deploy their malware to thousands of computers across the country. However, this infection was not limited to Ukrainian organizations.  Multinationals with operations in Ukraine, such as Maersk, were also infected, sparking a worldwide cyber pandemic. NotPetya’s rapid spread across the globe illustrated the role the Internet plays in modern commerce and communication. With $10 Billion being the final cost of this attack, it demonstrates the devastating effect cyberwar can have on the global economy.

Cyber Attacks Take Center Stage in Asymmetric Warfare Strategies

Since 2017, nation-states continue to use cyber weapons to attack their opponents. For example, in 2019, the US retaliated to Iran’s downing of a drone with a cyberattack. In 2020, Bahrain fell victim to a series of cyberattacks following the assassination of one of Iran’s top generals by the US. Other than the cyber strike on Iran by the US in 2019, no other country has ever claimed responsibility for a cyberattack. Although there are strong suspicions on who the perpetrators may be, nation-states either deny the allegations outright or defer the blame to criminal hacking groups.

Collateral Damage and the Risk to Online Services

As the world’s reliance on technology increases, cyber warfare will most likely keep evolving. Nation-states will continue developing their cyber offensive and defensive capabilities. As we live through this era of a cyber arms race, organizations and individuals alike must take the necessary precautions to ensure they do not become collateral damage. As the NotPetya cyberattack showed, a devastating weapon with rapid propagation capabilities, has the potential to wreak havoc and destruction to every online system on the planet.