[Security] Cyber war – How much violent it can be

Rather than heralding  a new era of violent conflicts, so far the cyber war has been defined by opposite trend- a computer enabled assault on political violence.

Cyber attacks diminish rather than accentuate political violence by making it easier for groups, individuals or states to engage in  2 kinds of aggressions that do not rise to the level of war – sabotage and espionage.

Weaponized computer code and computer based sabotage operations make it possible to carry out highly targeted attacks on an adversary’s technical system without directly and physically harming human operators and managers. Computer assisted attacks make it possible to steal data without placing operatives in dangerous environment thus reducing level of personal and political risk.
3 incidents that few experts point to as evidence for warfare entering a new era are:

1. A massive pipeline explosion in soviet union in 1982, would count as most violent cyber attack , if it actually happened. According to Reed, a staffer of usa national security council, a cobert US operation used rigged software to engineer a massive explosion in urugway-surget-chelyabinsk pipeline , that connected siberian natural gas field to europe. Reed claimed that CIA managed to insert malacious code into software that controlled the pipelines volve and pump. Rigged valve supposedly resulted in an explosion. But there is hardly any other evidence to support of such attack.

2. Estonia 2007
There was oitrageous protest by russian speaking estonian  when govt decided to move a soviet era memorial of russia  soldiors who participated in ww2 from city’s center to city’s outskirt. Riots were accompanied by cyber assaults of denial of services attacks. Hackers hijacked 85000 computers and used them to overwhelm 58 estonia  websites including country’s largest bank. Estonian authorities pointed their finger at kremline for these sophisticated but no evidence found for such claim.

3. Georgia
In  aug 2008, Georgian army attacked separatists in province of south ossetia. Russia  backed separatists and responded militarirly. It might be first time that an independent cyber attack was launched in cordination with a conventional military operation, unknown attackers had begun  a campaign of cyber sabotaging by defacing prominent georgia  websites including that of country’s national bank and ministry of foreign affairs and launching a denial of service attacks against georgian parliamentary website, its largest commercial bank and news outlets. Such crippling was the attack that georgian authorities were not able to communicate with outside world. But NATO investigators could not find any conclusive evidence of culprits.

4. Stuxnet operation of USA and Israel that made centrifuges of nuclear plants unoperational, though systems were not connected by any network. So attack was carried out by shipping a malacious coded device using a third party who supplied components to the plants.

Cyber attacks are more precise. They can be tailored to attack specific companies or public sector org and used to undermine those group authorities selectively. Stuxnet provides good example of this dynamic.

Cyber attacks can malaciously affect software and business processes without interfering with physical industrial processes, remaining non violent at the same time still causing greater damage than a traditional assault.

A 2012 attack against the computer network of oil company Saudi Aramco illustrate this potential. The attack phusicall harmed neither hardware nor human. Yet by allegedly erasing the hard disk of some 30000 computers, the attackers likely did much more monetary damage to the company.

No comments:

Post a Comment