Cybersecurity & cyberwar

We’ve attacked yet another nation. How long until somebody hits back?

Summary: We feel big and bold, waging one-sided cyber attacks on other nations.  Without warning. Shredding US and international law, including UN treaties signed and approved by the Senate. We are creating the precedents for this new form of war. Eventually we will become a target, vulnerable because of our extraordinary reliance on high-tech system. Probably we will whine afterwards about the unfairness of others doing to us as we did to them. (First of two posts today. A second on today’s job report will appear soon.)

Cyber Warriors

First there was Stuxnet, attacking Iran’s legal nuclear program (despite claims, we have not shown that they were enriching uranium in violation of their obligations). Now we learn about America’s secret cyberwar against North Korean’s missile program.

“Three years ago, President Barack Obama ordered Pentagon officials to step up their cyber and electronic strikes against North Korea’s missile program in hopes of sabotaging test launches in their opening seconds.

“Soon a large number of the North’s military rockets began to explode, veer off course, disintegrate in midair and plunge into the sea. Advocates of such efforts say they believe that targeted attacks have given American antimissile defenses a new edge and delayed by several years the day when North Korea will be able to threaten American cities with nuclear weapons launched atop intercontinental ballistic missiles.

“But other experts have grown increasingly skeptical of the new approach, arguing that manufacturing errors, disgruntled insiders and sheer incompetence can also send missiles awry. Over the past eight months, they note, the North has managed to successfully launch three medium-range rockets. And Kim Jong-un, the North Korean leader, now claims his country is in “the final stage in preparations” for the inaugural test of his intercontinental missiles — perhaps a bluff, perhaps not.

“An examination of the Pentagon’s disruption effort, based on interviews with officials of the Obama and Trump administrations as well as a review of extensive but obscure public records, found that the United States still does not have the ability to effectively counter the North Korean nuclear and missile programs …

“The approach taken in targeting the North Korean missiles has distinct echoes of the American- and Israeli-led sabotage of Iran’s nuclear program, the most sophisticated known use of a cyberweapon meant to cripple a nuclear threat. But even that use of the ‘Stuxnet’ worm in Iran quickly ran into limits. It was effective for several years, until the Iranians figured it out and recovered. And Iran posed a relatively easy target: an underground nuclear enrichment plant that could be attacked repeatedly. …

“The North, meanwhile, was developing its own exotic arsenal. It tried repeatedly to disrupt American and South Korean military exercises by jamming electronic signals for guided weapons, including missiles. And it demonstrated its cyberpower in the oddest of places — Hollywood. In 2014, it attacked Sony Pictures Entertainment with a strike that destroyed about 70% of the company’s computing systems, surprising experts with its technical savvy.

“Last month, a report on cybervulnerabilities by the Defense Science Board, commissioned by the Pentagon during the Obama administration, warned that North Korea might acquire the ability to cripple the American power grid, and cautioned that it could never be allowed to ‘hold vital U.S. strike systems at risk.’ …

“A decision to go after an adversary’s launch ability can have unintended consequences, experts warn. Once the United States uses cyberweapons against nuclear launch systems — even in a threatening state like North Korea — Russia and China may feel free to do the same, targeting fields of American missiles. Some strategists argue that all nuclear systems should be off limits for cyberattack. Otherwise, if a nuclear power thought it could secretly disable an adversary’s atomic controls, it might be more tempted to take the risk of launching a pre-emptive attack.

“’I understand the urgent threat,’ said Amy Zegart, a Stanford University intelligence and cybersecurity expert, who said she had no independent knowledge of the American effort. ‘But 30 years from now we may decide it was a very, very dangerous thing to do.’”

People who live in these shouldn’t throw stones.

The Glass House.

The Glass House in CT (1949).

Conclusions

This is another chapter in the century-long tradition of Americans regarding our actions as exceptional, held to different standards than the rest of the world. We overthrow governments — even elected ones, but consider it terrible when others do so. We invade and occupy nations (Iraq and Afghanistan) or intervene in their affairs and help reduce them to failed states (Libya). Now we (and our ally Israel) attack other nations. Assassination of Iranian atomic scientists. The Stuxnet cyberattack on Iran and the cyberattacks on North Korea’s missiles.

After WWII America lead a great alliance to build a new world order in which attacks on other nations were illegitimate unless authorized by the word community of nations. Now we have destroyed what we built, in careless pursuit of short-term goals headless of long-term consequences.

Now we have Team Trump. Their senior national defense leaders are mostly generals and executives of defense contractors. His lower level officials are inexperienced, picked for loyalty and ideology (see the mess at the State Department) — much like the people Bush Jr. chose for the Iraq occupation staff, who failed so completely. This crew has control of the most powerful military machinery in human history — belligerent, narrow-minded, disdainful of regime created by the Greatest Generation, governed by hubris.

We face high odds of serious mistakes by Trump and company during the next five years, perhaps with catastrophic results.  Our representatives in Congress, comfortable in their role as foreign policy critics, are unlikely to either restrain or advise Team Trump. We are along for the ride. I see no way to influence the course of events. We elected Trump and Congress, and must take the consequences.

For More Information

If you liked this post, like us on Facebook and follow us on Twitter. See all posts about Cyber-espionage and Cyber-war, and especially these by cyber-expert Marcus Ranum…

  1. Cyberwar: a Whole New Quagmire.  Part 1: The Pentagon Cyberstrategy.
  2. “Do as I say, not as I do” shall be the whole of the law.
  3. About Stuxnet‏, the next generation of warfare?
  4. You must Be >this< Tall To Play Cyberwar (has DoD grown enough yet?).
  5. Parsing Cyberwar – Part 1: The Battlefield.
  6. Parsing Cyberwar – Part 2: The Logistical Train.
  7. Parsing Cyberwar – Part 3: Synergies and Interference.
  8. Parsing Cyberwar – Part 4: The Best Defense is a Good Defense.
  9. Cyberwar, the Power of Nightmares.
  10. Also, this by Chet Richards: Advice from Sun Tzu and John Boyd on winning at cyberwar.

A books about the first cyberattack.

Kim Zetter’s Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon, describing the new era of war and preparing you for the next attack. See a review here. From the publisher…

“In January 2010, inspectors with the International Atomic Energy Agency noticed that centrifuges at an Iranian uranium enrichment plant were failing at an unprecedented rate. The cause was a complete mystery — apparently as much to the technicians replacing the centrifuges as to the inspectors observing them.

“Then, five months later, a seemingly unrelated event occurred: A computer security firm in Belarus was called in to troubleshoot some computers in Iran that were crashing and rebooting repeatedly. At first, the firm’s programmers believed the malicious code on the machines was a simple, routine piece of malware. But as they and other experts around the world investigated, they discovered a mysterious virus of unparalleled complexity.

“They had, they soon learned, stumbled upon the world’s first digital weapon. For Stuxnet, as it came to be known, was unlike any other virus or worm built before: Rather than simply hijacking targeted computers or stealing information from them, it escaped the digital realm to wreak actual, physical destruction on a nuclear facility.

“In these pages, Wired journalist Kim Zetter draws on her extensive sources and expertise to tell the story behind Stuxnet’s planning, execution, and discovery, covering its genesis in the corridors of Bush’s White House and its unleashing on systems in Iran — and telling the spectacular, unlikely tale of the security geeks who managed to unravel a sabotage campaign years in the making.

“But Countdown to Zero Day ranges far beyond Stuxnet itself. Here, Zetter shows us how digital warfare developed in the US. She takes us inside today’s flourishing zero-day “grey markets,” in which intelligence agencies and militaries pay huge sums for the malicious code they need to carry out infiltrations and attacks. She reveals just how vulnerable many of our own critical systems are to Stuxnet-like strikes, from nation-state adversaries and anonymous hackers alike — and shows us just what might happen should our infrastructure be targeted by such an attack.

“Propelled by Zetter’s unique knowledge and access, and filled with eye-opening explanations of the technologies involved, Countdown to Zero Day is a comprehensive and prescient portrait of a world at the edge of a new kind of war.”

Advertisements

4 replies »

  1. Good post. You mentioned something about “our Reprentatives in Congress…”. I did not know we had Representatives. Are you certain we do? Do you really think a bunch of letters and phone calls to DC will have an effect of changing this long history of Foreign Policy? The last time the mad actions of the entrenched interests and technocrats was rebuffed and partially redirected was a very long time ago. It took vivid news reports on TV, Cronkite and ordinary people assembling peacefully in major American cities.
    Citizens are aware of the faux nature of these Cyber attacks, a few, anyway. Most simply do not care or rather don’t care enough. Our life goes on and as you posit…..one day! The chickens will be returning to roost. Until then.

    Like

    • Breton,

      “I did not know we had Representatives. Are you certain we do?”

      Yes. We vote them into office every two years.

      “Do you really think a bunch of letters and phone calls to DC will have an effect of changing this long history of Foreign Policy?”

      Poor baby. Previous generations of Americans had to struggle to create and maintain American democracy, often fighting and dying. We have to get off our couches and organize. Why doesn’t Nature’s God deliver the government our awesomeness deserves, preferable gift-wrapped?

      Like

Leave a comment & share your thoughts...

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s