Wednesday, June 26, 2019

The Next War

ComNavOps reads hundreds of articles, posts, reports, etc. every week.  Sometimes an idea that seemed uninteresting or unimportant at the time becomes relevant at some later date.  Unfortunately, it’s often difficult or impossible to find and credit the original source idea.  Today’s post is one such example.  I read a statement by some unremembered author speculating that the next war might be all digital.  While mildly interesting, I considered it unlikely and gave it little thought.  However, today’s news that the US acknowledged initiating a cyber attack against Iran as partial retaliation for Iran shooting down two US drones, among other acts of war, prompted me to reconsider the concept of an entirely digital war.

I’m afraid that there is a certain ‘appeal’ or ‘acceptability’ to a cyber war as opposed to a kinetic war, since one can inflict great harm on a country without directly killing people.  I say “directly” because an all out cyber war would, undoubtedly, result in deaths due to a country’s loss of electricity, water, transportation, etc. for prolonged periods.  For those who are squeamish to the point of paralysis about offending enemy countries who have nuclear powers, cyber war may offer an alternative form of confrontation that they can stomach and find acceptable.

In the US, we’ve acknowledged that our power grids, water supply distribution systems, water treatment systems, air traffic control systems, hospitals, etc. are extremely vulnerable to cyber attack.  The impact of the loss of even one of these systems for an extended period is unimaginable let alone multiple systems simultaneously.  Even very low level attacks such as against our street traffic lights would result in absolute gridlock and completely paralyze large cities.

One can easily imagine “salvos” of cyber attacks being launched back and forth between countries while the civilians stagger under the impact of the “hits” and attempt to carry on with their lives.  It would be very much like the Battle of Britain, less the actual bombs.

This is already happening, to a not insignificant extent, today.  China, Russia, NKorea, and others launch cyber attacks against our military and industrial networks on a daily basis.  Presumably, we’re doing the same - at least, one hopes so!  That’s war!  We’re already engaged in limited cyber war.  I say ‘limited’ because, thus far, there appears to be a tacit agreement not to harm utilities and services that would impact each other’s civilian populations.

Having established that cyber warfare is already occurring and recognizing the possibility that an all-out cyber war is possible in the future, we can now contemplate some additional questions and ramifications.

  • Could one actually win a cyber war?  Is it possible to inflict enough pain and damage to force the opponent to concede?  Or, would this be a never ending conflict?

  • Would a cyber war inevitably reach a point where the losing country resorts to conventional kinetic warfare to compensate for cyber losses?  In other words, would one country recognize that they are losing and can’t win a cyber war and switch tactics to kinetic warfare?

  • Are there boundaries, analogous to nuclear weapons, that wouldn’t be crossed in a cyber war?  For example, if a country had the ability, via cyber methods, to cause a dam to breach and kill thousands or tens of thousands of people, would that be considered an uncrossable line or would anything go?

  • Would we draft computer operators into the armed forces to fight a cyber war?  Would we nationalize civilian networks (power and water utilities being obvious examples) for defensive efforts?

  • Would shutting down the US Internet be considered a viable element of a cyber defense?  The impact of that would be incalculable!

It seems obvious that all-out cyber warfare could constitute a future war in and of itself and, at the very least, comprise a major portion of a conventional war.  It also seems that the obvious targets of an enemy’s cyber attacks would be civilian infrastructure even more so than military networks which already have at least some degree of protection.  Our power grids, water distribution systems, transportation systems, financial systems (shut down Wall Street and see what kind of chaos results!), and even basic Internet are completely vulnerable and make for easy targets with catastrophic results.

That being the case, why are we not ‘hardening’ our non-military networks (again, power grids and water distribution systems, among others)?  The consequences of cyber war are manifold and serious yet we seem not to be focusing on them.  Our military focus seems to be acquiring shiny new toys rather than protecting our vulnerable infrastructure.  Now, one can debate whether it’s the responsibility of the military to defend our civilian digital infrastructure but, clearly, some department of the government needs to be responsible and if the enemy were dropping shells on our infrastructure it would be the military’s responsibility to defend so a very good case can be made that defending our infrastructure from cyber ‘shells’ is also the military’s responsibility.

Regardless of who takes the lead, we, as a country, need to start cyber-hardening our infrastructure.  This could well be the future of war.

20 comments:

  1. Everyone has a plan until they get punched in the face.

    I used to know an IT guy who's party trick in a pitch was to ask how the people in the room thought hackers could destroy data, and after they had come up with convoluted hacking stories, he would take a hammer out of his briefcase and smash the demo laptop to pieces with it.

    A whole host of people used to argue about the "government proof" safety of Crypto, most probably do. Mohammad Bin Salman Al Saud rounded up about a thousand people he believed were skimming, and had people break their fingers and toes until they handed over the passwords to it.

    "One can easily imagine “salvos” of cyber attacks being launched back and forth between countries while the civilians stagger under the impact of the “hits” and attempt to carry on with their lives. It would be very much like the Battle of Britain, less the actual bombs.

    This is already happening, to a not insignificant extent, today."

    Under the radar maybe, but once it starts to affect people, it will go kinetic right away.
    Theres two hours a day of electricity and tens of millions of people in the cities are being fed from soup kitchens, thousands are dieing every day as the hospitals are barely functional.

    Where do you think your Congressman would put their burden of proof?

    Its Iran and they've publicly admitted it
    Its Iran and they've privately admitted it
    Its Iran and we have private proof of it
    Its probably Iran
    It might be Iran
    It definitely isn't Iran but **** it I need to punch someone or I'll be lynched


    Its easy to say in peacetime that you wouldn't blow stuff up over hacking, until congress says to POTUS "stop this or we will impeach you and replace you with someone who will" or voters say to congress, stop this or we will shoot you and elect someone who will.



    "Would shutting down the US Internet be considered a viable element of a cyber defense? The impact of that would be incalculable!"
    Isolate, not disable
    The US internet can be isolated from the world internet by turning off a couple of dozen relay stations.
    https://www.submarinecablemap.com/

    ReplyDelete
    Replies
    1. I am surprised you did not also not the apparently approved leak that the US was significantly upgrading its targeting of Russia's power grid with malware.

      On drafting civilians I believe in response to Russian cyber attacks that is exactly what Estonia does. Sure that have agencies to deal with that kind of thereat but also a network of vetted civilians on call to surge their meat ware capacity with a phone call.

      Without actual physical access I not sure how overwhelming any cyber war could be everyone has the option of cutting the plug. When I worked IT security for biotech it was not that hard to plan a things are bad unplug solution or isolate the servers to over the net threats, what worried me was the execs would would let visitors plug in USB sticks or use their laptops -physical access is the killer . People are sloppy at security and lazy all too many smart devices still are shipped with Username Admin and Password Password for low level open ports. Both my smart TVs were so shipped from their Korean factories. Its hard not think the same goes for smart toasters and smart EKG devices. So there is a big pool of risk but I not sure the doomsday option can really be implemented over the phone more like long term annoyance and a chance at a lucky shot.

      Delete
    2. "Regardless of who takes the lead, we, as a country, need to start cyber-hardening our infrastructure. This could well be the future of war."

      Seeing as the credit agencies can't be bothered to secure personal and card information rigorous - you do realize the cost of real cybersecurity imposed on business will sent a pack of lobbyists the size of locust swarm to the congress yapping a bout cost and difficultly and whaa... at minimum if you get them to agree they will demand to suck off the government tit to do best practices they should be doing anyway. Do you know how many ATM are easily hacked because they still run on windows 95 and the hacks are easily found online. Its simply easier to write that down on insurance and tax losses than fix.

      Delete
    3. I'm not a network expert but the kind of hardening I'm talking about is at a higher level. For example, cutting the US Internet off, physically, from the rest of the world would be a good start and then layering protection on our remaining network.

      We can connect to the rest of the world, then, via a relative few controlled access points with very high security.

      We also need to go after domestic hackers and eliminate them via massive penalties and dedicated task forces. That frees us up to focus on international threats.

      And so on.

      Delete
    4. "Do you know how many ATM are easily hacked because they still run on windows 95 and the hacks are easily found online. "

      Some of the banks can be pretty scary, and I suspect they've gotten sloppier recently. Most of the big corporations I've worked with (think Russell 2000) are pretty serious about security.

      I was at Bell for the run-up to Y2K. Mainly the NT server infrastructure and the NT SNA gateways talking to the mainframe. Very long days for IT people everywhere for the best part of 4 years, which is why the Millennium turned out to be such a non-event.

      I think any large-scale network isolation is going to have to be done at the IXP level. I guess about 50 in the US, 10 in Canada and maybe 25 in the rest of the Americas. If you shut down Intercontinental connections there you would pretty much isolate the rest of the world, but the economic consequences would be really bad.

      Delete
    5. " If you shut down Intercontinental connections there you would pretty much isolate the rest of the world, but the economic consequences would be really bad."

      You get that we're talking about war, right? Just digital, in this case. War is hell. You don't think we can wage a cyber war without consequences that are "really bad", do you?

      You also understand, I hope, that the consequences of NOT shutting down international Internet connections could be far worse? National power grids disabled, water distribution systems disabled, water treatment systems disabled, financial systems devastated, and so on.

      You get all this, right?

      Delete
    6. There is absolutely no reason to shut down Internet connections to the rest of the world as I went to some lengths to demonstrate how that will NOT mitigate the threat.

      While this may well be war now, so far its quite limited in scope.

      Hardening needs to happen at the target end. There is no way to effectively harden getting from point A to point B on the Internet. Too many different entities on the same network. So if I'm running a municipal water treatment and supply network, or a municipal waste water treatment network, I'm going to have to harden the entrance to my network from the Internet, as well as any of the radio connections within it. Those SCADA radio connections are NOT generally encrypted and are very definitely a vulnerability.

      I provided the third party contracted wide area networking including SCADA systems for the District Municipality of Muskoka for about 10 years. It covered about 5 towns with something around 250,000 people, and you definitely could have done a really good man-in-the-middle attack if you were so minded. We did use encryption, but it was relatively light weight and suited to the times we were in. What helped us a lot was the fact that our network was completely private. There was only one Internet connection point for the entire District.

      That has now changed, and the private network runs over the Internet. It doesn't take much imagination to figure out the potential risk is now hundreds of times higher.

      Delete
    7. You might find this interesting. Its a few years old, but it gives a really good overview of the issues involved with SCADA and Industrial Control Systems.

      Securing Communications for SCADA and Critical Industrial Systems
      https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=2ahUKEwjVtfOr94njAhUCEHwKHelHC5EQFjAAegQIBBAC&url=https%3A%2F%2Fselinc.com%2Fapi%2Fdownload%2F107723%2F&usg=AOvVaw2Q8EoCImcxxFmcZ4wrU-tx

      Delete
    8. " I went to some lengths to demonstrate how that will NOT mitigate the threat."

      That's fine. I'm not a network expert by any means. If there are better ways to go about it, I'm all for it. The point is we need to be treating all our digital activities as if they're under attack because if they aren't now, they will be when war starts.

      Delete
    9. Agreed. And it is by no means just the Chinese. Russians, North Koreans and other bad actors abound.

      A lot of the threat comes from commercial opportunities.

      Remember WannaCry from 2017? You had to pay $300 per computer to get your files unlocked. It caused absolute havoc.

      Stuxnet was an Israeli/US attack primarily on Iran. Good reading on Wiki.

      https://en.wikipedia.org/wiki/Stuxnet

      The Equation Group is a subset of the NSA.

      Delete
  2. "We can connect to the rest of the world, then, via a relative few controlled access points with very high security."

    You already connect to the rest of the world through a relatively small number of very secure connections. Trying getting into a modern IXP. Military grade security and they're really serious about it.

    The problem is that we are dealing with millions of lines of code in the devices that themselves run the Internet. Cisco, to pick one example, regularly has problems with zero-day exploits some of which are really hard to patch.

    Shutting off Internet connectivity to the rest of the world is arguably more damaging than halting all shipping and passenger flights in and out of the US.

    "We also need to go after domestic hackers and eliminate them via massive penalties and dedicated task forces. That frees us up to focus on international threats."

    You're going to have to come up with a better definition of "hacker" first. I don't think some 12 year old script kiddie deserves life for hacking into his dad's laptop or cell phone.

    As Kath rightly points out, physical access is everything. Snowden had an ideological bug up his butt about the NSA spying on Americans and others. And he had physical access.

    There are arguably thousands of spys and fellow travelers on US soil. All of them would have access to the US Internet from the INSIDE of the network, so cutting off global links is somewhat of an exercise in futility.

    ReplyDelete
    Replies
    1. " If you shut down Intercontinental connections there you would pretty much isolate the rest of the world, but the economic consequences would be really bad."

      And this is another aspect of war. We need to immediately deport every Chinese citizen, for example. We're at war with China, right now, and we need to admit it and start fighting back and getting rid of every Chinese citizen in the US is a good start. When China demonstrates its peaceful intent by stopping all cyber warfare against us then we can think about accepting their citizens again. We need to greatly tighten up our immigration policy. And so on.

      Delete
  3. "And this is another aspect of war. We need to immediately deport every Chinese citizen"

    I see no particular basis for that level of extremism.

    "for example. We're at war with China, right now, and we need to admit it and start fighting back and getting rid of every Chinese citizen in the US is a good start. "

    No we are not at war we are back in world of great power rivalry and at best the nascent start of a cold war. Certainly nothing to expel Chinese residents, would you intern all first generation citizens as well?

    " When China demonstrates its peaceful intent by stopping all cyber warfare against us then we can think about accepting their citizens again"

    Seeing as we just announced cyber warfare initiatives against both Russia and China and I am certain the NSA is spying or hacking China... Hacking would seem the par for the course. The Great game did not see Russia or the UK expel each other's citizens except for actual identified spies.

    We need rather to deal more with security and be cautious as we have been moving to be of Chinese state owned or influenced corporations. But it would reckless for example to loose the brain drain of Chinese graduate students who never go back.

    ReplyDelete
    Replies
    1. "I see no particular basis for that level of extremism."

      You see no reason to deport enemy combatants???? Every Chinese citizen is a source of information for China. Chinese students are learning our most advanced academics and techniques and taking them back to China to be used against us. Refusal to recognize this is just folly.

      "No we are not at war we are back in world of great power rivalry"

      We absolutely are at war with China (or, rather, they're at war with us). You need to come up to speed on Chinese philosophy and approach to war. They consider EVERY means at their disposal, kinetic or not, to be a facet of war.

      For example, they are not seeking to settle into a fair and equitable trade and financial arrangement. They are engaged in trade and financial war.

      China takes the long view. Just because you don't wish to acknowledge that we are at war doesn't mean we aren't. I imagine you would have been right at home with Chamberlain dealing with friendly, non-warring Hitler!

      " expel each other's citizens except for actual identified spies."

      As I stated, EVERY Chinese citizen is a spy or technology transfer leech. They ARE identified spies.

      Delete
    2. You're behind the curve on this. US firms and universities use Chinese grad students as free "slave" labor. And all the inventions those people make belong to the company or institution they work for.

      China will overtake the US one day, four times the population and a great work ethic. As someone pointed out recently, China and India both were the greatest civilizations in the world before the industrial revolution. Its not a question of them "developing", it a question of "re-developing". And they are both moving pretty quickly now.

      Delete
    3. "all the inventions those people make belong to the company or institution they work for."

      Unfortunately, China does not recognize intellectual property rights. Any information learned or invention produced by a Chinese citizen while in the US becomes the 'property' of China, if they're interested in it. I'm not sure there's even a word for 'patent' in Chinese since they don't recognize the concept!

      Delete
    4. "Unfortunately, China does not recognize intellectual property rights. Any information learned or invention produced by a Chinese citizen while in the US becomes the 'property' of China, if they're interested in it. I'm not sure there's even a word for 'patent' in Chinese since they don't recognize the concept!"

      That's kinda true and kinda not true at the same time. One of the conditions of doing business in China was releasing all the relevant IP to the Chinese partner. That much is absolutely true.

      There is absolutely no doubt that the Chinese government conducts a serious spying campaign targeting intellectual property among other things. But everybody spies. The NSA and the broader 5 eyes group are master of spying, particularly if you happen to be a citizen of one of the 5 eyes countries. But I digress...

      But the flip side is the US is refusing to recognize Chinese patents too. Huawei is one of the most prolific generators of patents in the world.

      Marco Rubio has introducted legislation to stop Huawei requiring Verizon to pay to license Huawei patented technology.

      This is a SPECTACULARLY dumb move as China is likely to give the middle finger to any US company license. Currently they pay huge billions of dollar in license fees every year. Pharma and technology companies should be particularly worried.

      https://www.reuters.com/article/us-huawei-tech-usa-senate/senator-rubio-targets-huawei-over-patents-idUSKCN1TI2T3

      and

      https://www.phonearena.com/news/Huawei-billion-patent-licensing-Verizon_id116803

      So yes, the Chinese do understand patents very well, and are now developing critical technology that the US needs so the shoe is now on both feet equally.

      Delete
  4. Well IMHO it's been proven throughout ever war in history that war starts out with almost the same tactics as the last one then they adjust tactics as the war is prosecuted simple case in point even Desert Storm the tactics resembled Germanies Blitzkrieg and the Civil War started put with massed volley fire from formations then evolved to a trench type warfare in the end which came to fruition in WWI the French lost WWII partly due to the use of tactics that dated back to the 1st world war and it goes on and on

    ReplyDelete
  5. The Cybersecurity and Infrastructure Agency - Cybersecurity Division, which is part of Homeland Security, is tasked with hardening civilian agencies and critical industries networks, as well as responding to cyber incidents. It's been around since at least 2003, although the department just recently changed its name as part of congressional act last year to elevate the importance of physical and cyber infrastructure protection.

    ReplyDelete
    Replies
    1. So what is it actually doing? I haven't heard of anything. Admittedly, not an area I follow closely.

      Delete

Comments will be moderated for posts older than 7 days in order to reduce spam.