There is a new global war raging and although it takes place in cyberspace there are casualties.
Weapons made of steel are being replaced by software. Delivery systems are made of fiber optics, the payload is weightless software and the launch buttons are located on plastic mice. Oh, and the typical “Cyber Seal” special forces grunt often can’t run a mile downhill without having to puke. But I wouldn’t get in the (cyber-) ring to fight one, if I were you.
Who is fighting? What is being fought over and should you be concerned at all? The short answers are: everybody (even official allies), prosperity and commercial as well as strategic advantages and as to whether you should pay any attention at all – well if privacy, security, growth, prosperity and future outlook for you and your kids matter to you then you should.
This is the first article in a series where we’ll cover all the important angles, embark on a troop inspection tour across the planet, make bets on who will be on the winning team(s) and who wont and finally come to some rather disturbing conclusions.
If you think this is pure science fiction taken straight out of Hollywood then have a look at this (very incomplete) list:
- In 2007 Estonia was hit by a massive attack that brought many critical IT systems down. Including banks, ministry systems, newspapers and other media. FYI: Estonia is member of the EU and NATO. This attack was for a large part influential in the decision of locating the NATO Cooperative Cyber Defense Centre of Excellence (CCDCOE) in Tallinn, the capital of Estonia. It is speculated that Russia was behind the attacks.
- In 2009/10, US and Israeli cyber warfare units successfully launched an attack on Iran’s nuclear facilities with the aim of destroying centrifuges essential to the production of weapons grade plutonium. The software has since spread to Siemens process control computers in many countries – allegedly without causing any harm. The software was discovered by companies selling anti-virus software and baptized “Stuxnet”. Iran has since admitted that their centrifuges did indeed suffer irreparable damage.
- Sony had data on several hundred thousand user accounts stolen over the course of several months in several separate attacks. Experts believe that given the sophistication and multiple-wave strategy, it is unlikely that private hackers could be behind.
- The Wall Street Journal (among many others) report that Nortel Networks Ltd. computer systems had been penetrated back in 2000 and that for almost a decade the intruders enjoyed top management-level access to all the company’s data. Nortel is presently in bankruptcy and persistent allegations place the origins of the attack to be “from somewhere on mainland China”. The Chinese government has denied any implication. Are you thinking in the lines of “motive, means and opportunity”?
- In 2010, Google was the victim of a series of attacks that – according to Google and others – were of such sophistication and operational excellence that only a government would have the resources to make it happen. In this attack as well, most fingers are pointed at China.
Or take this snippet – a quote attributed to an unidentified Chinese general by CIA Operations Manager John Serabian in his testimony before the Joint Economic committee:
We can make the enemy’s command centers not work by changing their data system. We can cause the enemy’s headquarters to make incorrect judgment(s) by sending disinformation. We can dominate the enemy’s banking system and even its entire social order.
… and that was back in 2000.
But perhaps the British have expressed what is at stake with most clarity in the mission statement for their cyberspace warfare – pardon, “security” – unit:
Our vision is for the UK in 2015 to derive huge economic and social value from a vibrant, resilient and secure cyberspace, where our actions, guided by our core values of liberty, fairness, transparency and the rule of law, enhance prosperity, national security and a strong society.
The Germans have gone one step further in being honest about this not being solely a defense and national security issue when, according to official Parliament proceeding records, they announced that they had “achieved operational offensive capabilities in 2008”.
This is not about having the latest anti-virus software fully updated on your system. It is about jobs, bidding wars and contracts. It is about who will enjoy growth and prosperity going forward.
Next installment: The attack on Estonia and its ramifications.