Battles in Cyberspace: How Cyberwar is Getting Serious

Battles in Cyberspace: How Cyberwar is Getting Serious

 

Hollywood loves hackers. The movies are great at turning a guy in a darkened room or a glowing terminal into a heart-pounding action thriller. The reality of hacking is usually less exciting—and more serious. Today’s hackers don’t just steal dollars and identities; they endanger lives by holding hospitals ransom and hacking into power plants.

The growth of the Internet into the Internet of Things, and especially the Industrial Internet of Things, means that the real-world consequences of cyberattacks are serious. As a result, NATO recognized cyberspace as a potential site for war in June, after confirming in 2014 that electronic attacks on a member could trigger a collective response, and the United States plans to increase the authority and responsibility of the US Cyber Command, making its status similar to that of the Army, Navy, and Air Force.

In effect, the US now views cyberspace as a real territory that merits defending the same way that the Pacific Command protects the Asia-Pacific region.

Every War is a Cyber War

The military has always been involved when new territories were opened, whether it’s land, sea, air, or space. The growing dependence on online resources led to the creation of the U.S. Cyber Command in 2010. The command operates out of Fort Meade, the same location as the National Security Agency.

Cyber Command’s responsibilities include securing the Department of Defense’s information technology, supporting combat commanders around the world, and providing the country with the ability to respond to online attacks.

The change in status will separate Cyber Command from the NSA, making it clearer that online defensive and offensive operations are separate from intelligence gathering and monitoring. The increase in emphasis on operations is important, as the admiral in charge of Cyber Command testified last year that “Every conflict in the world today has a cyber dimension.”  

Cyberwar Started Long Before Everyone Was Online

While every conflict today may have a cyber dimension, that doesn’t mean that cyber war started yesterday. There were attempts to gain military advantage through hacking as far back as the late 1990s, when fewer than half of adults ever went online, and the rest didn’t think they were missing anything.

In 1999, the US formed a cyberwar team as part of the Serbian conflict, and Serbian hackers targeted NATO sites. Less than a decade later, in 2007, Estonia was targeted with attacks on government, banking, and communications sites, with many believing Russia was behind the actions. In 2009, the Stuxnet worm significantly damaged Iran’s ability to create enriched uranium. It’s widely believed Stuxnet was a joint project between the United States and Israel.

The US has been the victim in many attacks as well as an attacker. The US military was hacked in 2007. More recently, both the Office of Personnel Management and the Internal Revenue Service were hacked (the IRS being victimized more than once).  All of those attacks have been blamed on China, or at least Chinese hackers. Iran has reportedly attempted to hack both financial and physical infrastructure.

Russia, of course, was implicated in the recent hack of the Democratic National Committee. The increase in electronic voting has also added to concerns about the security of the election process.

The Risks of Cyberwar

So the perils of cyberwar are evident, and growing. Cyber Command isn’t waiting for a change in its status to bump up the cyberwar against ISIS. It’s no longer trying simply to interfere with their propaganda, but broadly attacking their digital capabilities. A defense secretary described it as “dropping cyberbombs.”

One of the big risks with any kind of battle is escalation; that’s why there are norms and treaties that restrict the use of weapons of mass destruction. There are no treaties regarding cyberspace. Edward Snowden—who notoriously revealed many of the NSA’s secrets—has said, “I do agree that when it comes to cyber warfare, we have more to lose than any other nation on earth. The technical sector is the backbone of the American economy, and if we start engaging in these kind of behaviors, in these kind of attacks, we’re setting a standard, we’re creating a new international norm of behavior that says this is what nations do.”

The risk of nuclear material falling into the hands of terrorists has been a major concern since (and even before) 9/11. Now there’s also the risk that the cyberweapons will be turned against us. The risk isn’t just from another insider like Snowden; the NSA itself has been hacked. Like any weapon, once invented, steps need to be taken to keep the secrets safe.

The battle in cyberspace will undoubtedly continue to evolve. The United States isn’t the only country with a cyber command. And the cheap, easy access to hacking tools means it doesn’t take a cyber command with the resources of a country behind it to develop attacks on broad national targets. Download SentinelOne’s white paper, The Democratization of Nation-State Attacks to learn more about how the increased militarization of cyberspace will impact everyone’s cybersecurity.