Connect with us

War and Military

Attribution and the problem of retaliation in cyberspace

Alexandra Goman

Published

on

If a country is hit with a computer program and there is destruction/death involved, there is usually retaliation, a counter attack and an appropriate response. An opposing side is given a chance to respond to the enemy by means it deems necessary, especially if there is a lot of damage involved. In terms of conventional weapons it is clear who attached the target, yet cyberspace is another niche with its challenges.

Attribution in cyberspace has been a question for a long time. Although terrorist attacks attribution is somewhat difficult, cyberspace introduces a more complicated process. Anonymity is a challenge as perpetrators may easily hide their identities.  Moreover, an attack can be launched from a number of computers, operated by different people and placed in different places across the world. According to Clarck and Landau, challenge  lies in several dimensions: 1) identify a computer from which the attack was launched; 2) identify a person, who had been operating the computer at the time of the attack; 3) identify a main actor, who gave an order and/or an actor behind the attack (2010).

According to the technology consultant at the security company Sophos[1], perpetrators in cyber may use compromised computers that belong to unsuspecting innocent people to break in someone’s computer. A hack may be coming from China, but it may be under control of someone who is situated in another country. This was the case with the DDoS cyberattacks that happened in Estonia 2007 (it involved more than 80, 000 hijacked computers from around 178 countries). Moreover, even if an attacker is supposedly found, it is easy to blame it on a third party, saying that a computer has been hacked. This, consequently, gives rise to a plausible deniability.

Although technology is being developed in order to analyze and solve the problem of attribution, it is still a challenge because of the basic design of the Internet. In theory, nonetheless, it is possible to solve the problem. According to Feaver, in the future the language of computer networks will be replaced by the Internet Protocol version 6 (IPv6), which will raise the amount of computer addresses from four billion to an infinite number. That means that everything and everyone could be associated with a unique number. IPv6 may additionally support Internet Protocol Security for authentication of the Internet traffic (Ibid.).

However, at this point of time technological analysis should always be accompanied by intelligence and information analysis. This helps to identify attackers, understand more about capabilities and intentions, and whether the attack was sanctioned by the government. Strategic and political considerations will be essential too.

A damaging cyberattack may easily lead to escalation of the situation, which is another implication for a balance in international relations. In case of Stuxnet, a malware that affected a nuclear facility in Iran, if it achieved its believed goal to disrupt a nuclear infrastructure, it could have brought a high-level of destruction with many people dead. In this case, Iran would have probably retaliated with kinetic means, rather when relying on unreliable cyberattacks (unless they had the technology). However, as attribution was still lacking, it is not clear whether they would opt for this option.

Thus, attribution poses certain problems when it comes to the question of retaliation. When it is not clear who attacked, it is hard to prosecute or retaliate in response. Attribution also created additional challenges in decision-making, considering the speed of a cyberattack. Even if attribution is positive, it is still hard to understand what procedures are to be followed. If there are no casualties and no physical destruction, it is easier to opt for sanctions rather than a military retaliation. Moreover, if attribution is later established to be incorrect, there may be serious consequences.

On another note, the use of cyberattacks may have further complications, if the countries involved are nuclear. In case of major destructive consequences after a cyberattack, a country would be left with a choice whether to retaliate in kind or to employ conventional weapons, especially if they do not have a cyber capability.

What happens when an attacker is not identified but consequences are drastic? More importantly, if it is “believed” to be identified (yet without certainty), will a country retaliate? These questions are still yet to be answered, as there has been no precedent on such a scale. What is clear, cyberattacks present additional challenges in global security that should be undoubtedly addressed.

[1] Cluley, G. (2011). China denies hacking high-tech weapon maker. Naked security by Sophos, [online] Available at: https://nakedsecurity.sophos.com/2011/09/20/china-denies-hacking-high-tech-weapon-make/ [Accessed on 3.02.2018].

Use your ← → (arrow) keys to browse

Specialist in global security and nuclear disarmament. Excited about international relations, curious about cognitive, psycho- & neuro-linguistics. A complete traveller.

Continue Reading
Comments

Technology

Concerns and Limitation of Cyber Warfare

Alexandra Goman

Published

on

cyberwarfare stuxnet

The discovery of Stuxnet, a malware that targeted a nuclear facility, was somewhat revolutionary and groundbreaking. It targeted ICS which monitor and run industrial facilities. Before that, most of malicious programs were developed to steal information or break-in into financial sector to extort money. Stuxnet went beyond went and targeted high-level facilities. It is not hard to imagine what damage it could have inflicted if the worm were not detected. What is more worrisome, the technology is out. It might not be perfect, but it is definitely a start. Regardless of the intentions behind Stuxnet, a cyber bomb has exploded and everyone knows that cyber capabilities indeed can be developed and mastered.

Therefore, if they can be developed, they will probably be. The final goal of Stuxnet was to affect the physical equipment which was run by specific ICS. It was done in order to manipulate computer programs and make it act as an attacker intended it to act. Such a cyberattack had a particular motivation; sabotage of industrial equipment and destruction could have been one of the goals. So, if they were indeed the goals, it might have been an offensive act, conducted by an interested party, presumably, a state for its political objective. Yet, there are certain limitations when it comes to so-called “cyber weapons” (malware that might be employed for military use or intelligence gathering). 

One of the main concerns of cyber offence is that code may spread uncontrollably to other systems. In terms of another physical weapon, it is like a ballistic missile that anytime can go off-course and inflict damage on unintended targets and/or kill civilians. Cyber offensive technology lacks precision, which is so valued in military. For example, in ICS and SCADA systems one may never know what can backfire because of the complexity of the system.  The lack of precision consequently affects military decisions. When launching a weapon, officers should know its precise capabilities; otherwise, it is too risky and is not worth it. 

In case of Stuxnet, the program started replicating itself and infected computers of many countries. For this moment we do not know if it were planned in that way.  However, provided that that target was Natanz facility, it is unlikely. Symantec Corporation started analyzing the case only with external help; it did not come from Natanz. This exacerbates the case if a country decides to launch an offensive cyberattack.

If the military planning cannot prevent cyber technology to go awry or to go out in the public, it brings more disadvantages than advantages.  Moreover, given a possibility of the code being discovered and broke down to pieces to understand what it does, it may potentially benefit an opposing party (and any other interested party along the way). This is unacceptable in military affairs.

Similarly, when the code is launched and it reaches the target, it can be discovered by an opponent. In comparison to nuclear, when a bomb explodes, it brings damage and destruction, but its technology remains in secret. In case of cyber, it may not be the case, as when a malware/virus is discovered, it can be reverse engineered to patch vulnerability. By studying the code, an enemy would find out the technology/tactics used that could be unfavourable in the long-run for the attacker.

Additionally, it should be said that not every malware is meant to spread by itself. In order to control the spread, vulnerability can be patched, meaning updating the software which had that vulnerability. An anti-malware can also be introduced; this will make the computer system immune to that particular vulnerability. Nonetheless, if the malware spreads uncontrollably, there is nothing much that an attacker can do. It is not possible to seize the attack. In this scenario, an attack may only release information about this certain vulnerability so that someone else can fix it. However, a state is highly unlikely to do so, especially if the damage is extensive. It would not only cost the state diplomatic consequences, but also it might severely impact its reputation.

An AI-enabled cyberattack could perhaps fulfill its potential. That means involvement of artificial intelligence. AI systems could make digital programs more precise, controlling the spread. In contrast, it could also lead to a greater collateral damage, if a system decides to target other facilities that may result in human death. Similar concerns are raised in the area of autonomous weapon systems in regard to the need of leaving decision-making to humans and not to technology. AI technology has a potential to make existing cyberattacks more effective and more efficient (Schaerf, 2018).

Aforementioned concern leads to another and affects the end result. When a certain weapon is employed, it is believed to achieve a certain goal, e.g. to destroy a building. With cyber capabilities, there is no such certainty. In the case of Stuxnet, the malware clearly failed to achieve its end goal, which is to disrupt the activities of the industrial facility.

Alternatively, the true costs of cyberattacks may be uncertain and hard to calculate. If that is so, an attacker faces high level of uncertainty, which may also prevent them from a malicious act (particularly, if nation states are involved). However, the costs and the benefits may always be miscalculated, and an attacker hoping for a better gain may lose much more in the end (e.g. consider Pearl Harbour).

Another concern refers to the code becoming available to the public. If it happens, it can be copied, re-used and/or improved. Similar concerns in regards to proliferation and further collateral damage emerged when Stuxnet code became available online.  An attacker may launch a cyberattack, and if it is discovered, another hacker can reverse engineer the code and use it against another object. Moreover, the code can be copied, improved and specialized to meet the needs of another party. Technology is becoming more complex, and by discovering a malware developed by others, it also takes less time to produce a similar program and/or develop something stronger. (For instance, after Stuxnet, more advanced malwares were discovered – Duqu and Flame).

Furthermore, there are other difficulties with the employment of cyber offensive technology. In order to maximize its result, it should be supported by intelligence. In case of Stuxnet, an offender needed to pinpoint the location of the facility and the potential equipment involved. It has to find zero-days vulnerabilities that are extremely rare and hard to find[1]. Cyber vulnerability is all about data integrity. It should be reliable and accurate. Its security is essential in order to run an industrial infrastructure.

After pinpointing vulnerability, security specialists need to write a specific code, which is capable of bridging through an air-gapped system. In case of Stuxnet, all of abovementioned operations required a certain level of intelligence support and financial capability. These complex tasks involved into development were exactly the reason why Stuxnet was thought to be sponsored and/or initiated by a nation state. If intelligence is lacking, it may not bring a desirable effect. Moreover, if cyber offense is thought to be used in retaliation, malicious programs should be ready to use (as on “high-alert”) in the event of necessity.

Regardless of some advantages of cyber offence (like low costs, anonymity etc), this technology appears to be unlikely for a separate use by military. There is a high level of uncertainty and this stops the army of using technology in offence. Truth is when you have other highly precise weapons, it does not make sense to settle for some unreliable technology that may or may not bring you a wanted result. Yet, other types of cyberattacks like DDoS attacks can give some clear advantages during military operations and give an attacker some good cards in case of a conflict. When such attacks used together with military ground operations, they are much more likely to bring a desired result.


[1] For better understanding, out of twelve million pieces of malware that computer security companies find each year, less than a dozen uses a zero-day exploit.

Prev postNext post
Use your ← → (arrow) keys to browse

Continue Reading

War and Military

Swedish subs: a relic of the past?

Published

on

As part of the program to replace its four Walrus-class submarines, the Dutch government is examining offers submitted by four European companies. It will announce by the end of the year which two competitors have been selected for the next negotiation stage.

Last June, Swedish Saab Kockums and Dutch partner Damen unveiled an initial design of submarine as part of their proposal to replace the Dutch Royal Navy’s fleet. During the European naval show in October, they further revealed technical details about their offer. Despite these announcements, Saab Kockums appears far from being able to draft more than drawings as it lacks the technology and manpower required to build submarines.

Kockums, a Swedish shipyard now known as Saab Kockums, made international headlines back in the 1990s when it closed a major deal with the Australian Navy to design their submarines fleet. Since then, the company seems to have become an empty shell.

In 2005, to strengthen its market position, Kockums joined its German competitor TKMS. Their partnership soon deteriorated as Kockums failed to attract new clients and retain old ones. The A26-class Kockums was developing did not sell well on the international market. Designed in the early 1990s, this sub class was considered outdated and too pricy. In 2013, after 20 years of cooperation, Kockums lost a contract with Singapore. Although TKMS eventually managed to win that contract thanks to another subsidiary, it led to increased tensions between the two companies.

In 2014, Russia’s realpolitik and the Ukrainian crisis led the Swedish government to reconsider its naval capabilities. The government realized the capacity to build submarines was of strategic importance, calling for Swedish companies to maintain an adequate level of competency. The Parliament decided to renew its subs fleet and promote local skills by ordering two updated ersatz of the A26-class to Kockums. However, the Swedish government failed to agree on the price with TKMS, ending the negotiation. At the height of the crisis, Swedish military authorities stormed Kockums’ laboratory in Sweden to retrieve technology that, according to them, belonged to the army. After that incident, deemed unusual by military experts, TKMS entered talks with Saab to sell Kockums. The sale was eventually closed later that year.

Over the past decades, U-boots have evolved from a fighting device to a diplomatic, sovereignty and intelligence tool. It is now used to locate enemies, deploy elite troops, collect data and send political messages. They require cutting-edge technology and constant research and development. Of all naval solutions, designing subs poses the greatest technical challenges and hence require special skillsets. Not keeping up with the fast-changing evolutions can quickly become the death knell of subs’ designers. Though Kockums prove to be a competitive submarine maker in the 1990s, not constructing subs over the last two decades means they have lost their technical and technological expertise. The price at which the company was sold is quite revealing. First thought to be worth 1 billion kronor, Kockums was sold for 340 million kronor (US$ 50,4 million).

The Dutch Navy is internationally recognized for the role its subs played in reducing piracy in the Gulf of Aden. It is part of the few countries able to furtively navigate oceans. The construction of its new submarine fleet is scheduled to start in 2021 and be operational by 2027. Saab Kockums is offering its updated A26-class and it might not be able to meet the deadlines. The A26-class has never been built before and, even if its design has been updated, the scope of the technical adjustments needed for this class to function smoothly is not yet known. With the technology used in naval solutions rapidly evolving, it might as well be less time-consuming to develop an entirely new class rather than update an ancient model.

Moreover, there are doubts about Saab Kockums’ capacity to continue its activities in a few years from now. The company already inked several deals with the Swedish Navy. However, to be able to keep up with the investments needed in research and development, Saab Kockums must succeed on export markets. If it fails to secure multiple deals abroad, it will eventually go bankrupt. With such scenario, betting on them might not be the smartest move.

The future does not look bright for Saab Kockums. Though signing with the Dutch Navy could temporarily be good news for them, without sustainable investments in research it will go down like a lead zeppelin!

Use your ← → (arrow) keys to browse

Continue Reading

War and Military

Is Damen’s MCM vessels offer a smokescreen for Belgium?

Published

on

U.S. Navy Photo by Mass Communication Specialist Seaman Alyssa Weeks

Belgium and the Netherlands will award a 2-billion-euro contract for 12 new mine countermeasure vessels (CMC) by the end of the month. Three companies, including Dutch Damen, have been shortlisted. Although the Dutch authorities would certainly appreciate to see one of their industrial flagships win the contract, it might not be that beneficial for Belgium.

Belgian defense minister Sander Loones assisted by cabinet chief Peter Devogelaere, National Armaments Director Rudy Debaene and head of Naval forces Wim Robberecht, are currently examining projects to replace minehunter vessels both in Belgium and the Netherlands. Three consortiums have been shortlisted after they submitted their bids last October: Damen & Imtech, Belgium Naval & Robotics and Sea Naval Solutions. In addition to the study of the technical and technological capabilities for each design, the Belgian authorities will evaluate the economic spinoff for the country. Indeed, during a parliamentary commission on planned military purchases, experts including Rudy Debaene, highlighted that one of the main criteria considered when analyzing offers was the economic benefits on the local economy.

Three bids with different economic offers

While Belgium Naval & Robotics and Sea Naval Solutions are proposing technological partnerships with Belgian companies, Damen & Imtech are offering industrial cooperation. Identifying which offer will boost the local economy more is the hardest part for a government. It requires scrutiny of every detail and decisions reaching beyond short-term results. A closer look at Damen’s proposal shows that even if it promises to create “decades of work” – which could be handy ahead of legislative elections – it is in fact a smokescreen.

A proposal with a limited industrial and economic impact

Damen has offered to establish an industrial valley from the Zeebrugee to the Oostende regions. However, since Belgium does not have the facilities to build minehunter vessels and Damen has its shipyard in Romania, Damen will leave Belgian subcontractors with only the crumbs. In other words, Damen’s proposal relies on existing capacities that do not require investment or training. As a result, it will hardly create jobs. Moreover, Damen plans to implement its activities exclusively in Flanders leaving half of the country on the sidelines.

No transfer of technology

Damen is focusing on sharing building capacities with Belgium so it can strategically retain for itself the most profitable aspect of designing military materials: working on technology. Being able to design deep-sea vessels which could carry heavy weapons was essential in the past century. Today, artificial intelligence is the future of warfare and countries are racing to stay ahead of their peers. In the long run, investing in research and development adds greater value than knowing how to assemble metal sheets.

Damen is among the three finalists despite its wobbly offer. It is leaving Brussels at the margin of innovation, jeopardizing years of research and development, ultimately hampering job creation and economic development. Rather than simply selecting the lowest bidder the government has a responsibility to choose the consortium that will yield the greatest economic results locally.

Use your ← → (arrow) keys to browse

Continue Reading

Trending