Connect with us

War and Military

How Weaker Nations Are Taking Cyber Warfare Advantage

Alexandra Goman



Cyber offensive technology (a malware that is employed for military use) gives clear asymmetric advantage which favours weaker states and non-state actors. They may pursue cyber technology in order to gain strength in pursuit of broader goal. This asymmetry is not something new and presents to be an effective tool to level the imbalance of power.

The entry for weaker actors is easier, cheaper, and it does not require much efforts. Presumably, one may need some computers and technical assistance. Offensive capability can also be procured through online criminal market, so that even high-skilled IT personnel may not be required.  Furthermore, attribution problem is not yet solved, so it gives an advantage in staying anonymous, therefore, escaping failure costs.

Asymmetric tactics is pursued by actors that do not have constraints on their own concept of morality and war-fighting. Terrorists or insurgents might not have the same reservations about killing civilians or bringing high level of destruction in the event of a cyberattack than state countries. Similarly, those desperate enough but with a strong will to fight, may employ cyber method regardless of high costs.

Terrorists, for example, target innocents indiscriminately. Their goal is to inflict the threat of terror and violence in order to achieve a strategic goal.  This consequently poses great challenges for deterrence. As weak actors are becoming stronger, others become more vulnerable.

Soldiers wrapped up day two of an integrated cyber exercise between 4th Battalion, 23rd Infantry, 14th Brigade Engineer Battalion, 201st Expeditionary Military Intelligence Brigade, from Joint Base Lewis-McChord, Wash., supported by cyber augmentees from the 780th Military Intelligence Brigade from Fort Meade, Md., Oct. 21. Cyber information collected during the exercise enabled the Soldiers to isolate and capture a simulated high-value target in a mock village. The training integrates infantry ground units with cyber, signal and human intelligence collection capabilities, which gives units on the modern battlefield a broader capacity to search out and isolate their enemies in real time. (Photo by Capt. Meredith Mathis)

Nevertheless, gaining cyber capability is not that easy as it may seem. The case of Stuxnet (a malware that attacked a nuclear facility in Iran) does not seem to prove asymmetric advantage, because the attack was apparently conducted by stronger parties with substantial funding and resources. Detailed intelligence on the target, access to the computer network of an opponent, finding vulnerabilities and then employment of cyber capability (all present in Stuxnet case) further complicate an argument about asymmetry. Moreover, the development of Stuxnet code required some high-skilled expertise that may be difficult and inaccessible by non-state actors or weak states.

Additionally, it would take time and financial support to plan, manage, and monitor the development of the code. Therefore, it would require more personnel than just IT specialists. Moreover, considering the target of Stuxnet, nuclear expertise would be required as well. Similarly, knowledgeable experts in other areas would also come in handy: there should be people skilled in how these infrastructures work to cause actual damage.  So in case of a lone hacker with radical views, the use of cyber appears to be doubtful, as there are cheaper and easier ways to inflict damage.

At the same time, there are risks of failure and they are too faced by weak actors. If such mission was compromised, and/or a code behaved differently than expected and/or backfired, it would only increase the costs without ringing actual benefits. In this sense, stronger states are more prepared to minimize them than weaker ones.

If a cyberattack fails to reach the end result, weaker actors may have spent substantial amount of money in vain and have not reached the desirable effect. This, in turn, reduces the probability of using cyber in the first place. Weak states may want to invest in other ventures, rather than cyber, to be sure that they can reach the desirable end result. So the true costs of such attack have a high level uncertainty for weak actors as well, however they may not be prepared to bear the failure costs and may not have enough resources to mitigate them.

Another advantage of cyber technology is that the nature of cyberspace and cyberattacks favour an attacker. Offense is becoming easier than defense and guarantees anonymity. The Internet was designed to make connections easy and reliable, plus security was not in the original thinking of creators. Thus, an attacker has an upper hand to reach its target, while staying anonymous and inflicting damage through cyber means.

Today cyber defense is not perfected and has vulnerabilities that can be exploited. Although it has been greatly improved for the last decade, vulnerabilities still remain, especially in the sector of industrial facilities that proved to be slow in adjusting to current cyber threats. For instance there is increased complexity of integrated information systems, hardware devices and component software produced which only increase cyber risks. Moreover, security considerations are left aside because of the demand to design measures in accordance to CIA requirements and other specifications.

Meanwhile, the percentage of industrial computers targeted by cyber perpetrators has grown for more than 7% between July and December 2016 (Kaspersky Lab ICS CERT, 2016). In the first half of 2017, Kaspersky Lab blocked 37.6% attempts on ICS computers. Fortunately, no dedicated malware that affected industrial processes were found (Kaspersky Lab ICS CERT, 2017). Moreover, the Internet remains the main source of infection for computers that are part of industrial infrastructure.

As for anonymity factor, attribution remains a technical problem up to date. In case of Stuxnet, it is believed that it was initiated by the Unites States of America and Israel which both were interested in impairing Iran’s nuclear program. According to Sanger, one of the journalists who intensively covered the topic of Stuxnet as a US cyber weapon[1], Stuxnet has been a part of a highly covert US operation, code-named “Olympic Games”, which had already begun under the Bush administration. In any case, attribution is still lacking and Stuxnet was not attributed, so it is hard to speculate about the particular parties involved.

Asymmetric threat does not seem to be supported by Stuxnet case as there were substantial resources and financial capabilities involved to plan this operation. However, the possibility of employing cyberattacks in the future by non-state actors and weaker states cannot be ruled out as one case study is not sufficient enough to generalize. In case of cyberattacks by non-states, the damage may be limited, but cyber could be still used to compliment other weapons.  In any case, this asymmetric threat does impede final deterrence on the world stage and should be taken in consideration in future security affairs.

After all, Stuxnet – the first use of offensive computer program – might have been an imperfect test-run of cyber means and more advanced are yet to come. One always fails before achieving success; this is what happened to pretty much any other weapon in history. More dangerous attacks may be mounted in the future, but for now these are all speculations.

[1] Sanger, D. (2012). Obama Ordered Wave of Cyberattacks Against Iran. The Ney York Times, [online] Available at: [Accessed on 17.02.2018].

Use your ← → (arrow) keys to browse

Specialist in global security and nuclear disarmament. Excited about international relations, curious about cognitive, psycho- & neuro-linguistics. A complete traveller.

Continue Reading


Concerns and Limitation of Cyber Warfare

Alexandra Goman



cyberwarfare stuxnet

The discovery of Stuxnet, a malware that targeted a nuclear facility, was somewhat revolutionary and groundbreaking. It targeted ICS which monitor and run industrial facilities. Before that, most of malicious programs were developed to steal information or break-in into financial sector to extort money. Stuxnet went beyond went and targeted high-level facilities. It is not hard to imagine what damage it could have inflicted if the worm were not detected. What is more worrisome, the technology is out. It might not be perfect, but it is definitely a start. Regardless of the intentions behind Stuxnet, a cyber bomb has exploded and everyone knows that cyber capabilities indeed can be developed and mastered.

Therefore, if they can be developed, they will probably be. The final goal of Stuxnet was to affect the physical equipment which was run by specific ICS. It was done in order to manipulate computer programs and make it act as an attacker intended it to act. Such a cyberattack had a particular motivation; sabotage of industrial equipment and destruction could have been one of the goals. So, if they were indeed the goals, it might have been an offensive act, conducted by an interested party, presumably, a state for its political objective. Yet, there are certain limitations when it comes to so-called “cyber weapons” (malware that might be employed for military use or intelligence gathering). 

One of the main concerns of cyber offence is that code may spread uncontrollably to other systems. In terms of another physical weapon, it is like a ballistic missile that anytime can go off-course and inflict damage on unintended targets and/or kill civilians. Cyber offensive technology lacks precision, which is so valued in military. For example, in ICS and SCADA systems one may never know what can backfire because of the complexity of the system.  The lack of precision consequently affects military decisions. When launching a weapon, officers should know its precise capabilities; otherwise, it is too risky and is not worth it. 

In case of Stuxnet, the program started replicating itself and infected computers of many countries. For this moment we do not know if it were planned in that way.  However, provided that that target was Natanz facility, it is unlikely. Symantec Corporation started analyzing the case only with external help; it did not come from Natanz. This exacerbates the case if a country decides to launch an offensive cyberattack.

If the military planning cannot prevent cyber technology to go awry or to go out in the public, it brings more disadvantages than advantages.  Moreover, given a possibility of the code being discovered and broke down to pieces to understand what it does, it may potentially benefit an opposing party (and any other interested party along the way). This is unacceptable in military affairs.

Similarly, when the code is launched and it reaches the target, it can be discovered by an opponent. In comparison to nuclear, when a bomb explodes, it brings damage and destruction, but its technology remains in secret. In case of cyber, it may not be the case, as when a malware/virus is discovered, it can be reverse engineered to patch vulnerability. By studying the code, an enemy would find out the technology/tactics used that could be unfavourable in the long-run for the attacker.

Additionally, it should be said that not every malware is meant to spread by itself. In order to control the spread, vulnerability can be patched, meaning updating the software which had that vulnerability. An anti-malware can also be introduced; this will make the computer system immune to that particular vulnerability. Nonetheless, if the malware spreads uncontrollably, there is nothing much that an attacker can do. It is not possible to seize the attack. In this scenario, an attack may only release information about this certain vulnerability so that someone else can fix it. However, a state is highly unlikely to do so, especially if the damage is extensive. It would not only cost the state diplomatic consequences, but also it might severely impact its reputation.

An AI-enabled cyberattack could perhaps fulfill its potential. That means involvement of artificial intelligence. AI systems could make digital programs more precise, controlling the spread. In contrast, it could also lead to a greater collateral damage, if a system decides to target other facilities that may result in human death. Similar concerns are raised in the area of autonomous weapon systems in regard to the need of leaving decision-making to humans and not to technology. AI technology has a potential to make existing cyberattacks more effective and more efficient (Schaerf, 2018).

Aforementioned concern leads to another and affects the end result. When a certain weapon is employed, it is believed to achieve a certain goal, e.g. to destroy a building. With cyber capabilities, there is no such certainty. In the case of Stuxnet, the malware clearly failed to achieve its end goal, which is to disrupt the activities of the industrial facility.

Alternatively, the true costs of cyberattacks may be uncertain and hard to calculate. If that is so, an attacker faces high level of uncertainty, which may also prevent them from a malicious act (particularly, if nation states are involved). However, the costs and the benefits may always be miscalculated, and an attacker hoping for a better gain may lose much more in the end (e.g. consider Pearl Harbour).

Another concern refers to the code becoming available to the public. If it happens, it can be copied, re-used and/or improved. Similar concerns in regards to proliferation and further collateral damage emerged when Stuxnet code became available online.  An attacker may launch a cyberattack, and if it is discovered, another hacker can reverse engineer the code and use it against another object. Moreover, the code can be copied, improved and specialized to meet the needs of another party. Technology is becoming more complex, and by discovering a malware developed by others, it also takes less time to produce a similar program and/or develop something stronger. (For instance, after Stuxnet, more advanced malwares were discovered – Duqu and Flame).

Furthermore, there are other difficulties with the employment of cyber offensive technology. In order to maximize its result, it should be supported by intelligence. In case of Stuxnet, an offender needed to pinpoint the location of the facility and the potential equipment involved. It has to find zero-days vulnerabilities that are extremely rare and hard to find[1]. Cyber vulnerability is all about data integrity. It should be reliable and accurate. Its security is essential in order to run an industrial infrastructure.

After pinpointing vulnerability, security specialists need to write a specific code, which is capable of bridging through an air-gapped system. In case of Stuxnet, all of abovementioned operations required a certain level of intelligence support and financial capability. These complex tasks involved into development were exactly the reason why Stuxnet was thought to be sponsored and/or initiated by a nation state. If intelligence is lacking, it may not bring a desirable effect. Moreover, if cyber offense is thought to be used in retaliation, malicious programs should be ready to use (as on “high-alert”) in the event of necessity.

Regardless of some advantages of cyber offence (like low costs, anonymity etc), this technology appears to be unlikely for a separate use by military. There is a high level of uncertainty and this stops the army of using technology in offence. Truth is when you have other highly precise weapons, it does not make sense to settle for some unreliable technology that may or may not bring you a wanted result. Yet, other types of cyberattacks like DDoS attacks can give some clear advantages during military operations and give an attacker some good cards in case of a conflict. When such attacks used together with military ground operations, they are much more likely to bring a desired result.

[1] For better understanding, out of twelve million pieces of malware that computer security companies find each year, less than a dozen uses a zero-day exploit.

Prev postNext post
Use your ← → (arrow) keys to browse

Continue Reading

War and Military

Swedish subs: a relic of the past?



As part of the program to replace its four Walrus-class submarines, the Dutch government is examining offers submitted by four European companies. It will announce by the end of the year which two competitors have been selected for the next negotiation stage.

Last June, Swedish Saab Kockums and Dutch partner Damen unveiled an initial design of submarine as part of their proposal to replace the Dutch Royal Navy’s fleet. During the European naval show in October, they further revealed technical details about their offer. Despite these announcements, Saab Kockums appears far from being able to draft more than drawings as it lacks the technology and manpower required to build submarines.

Kockums, a Swedish shipyard now known as Saab Kockums, made international headlines back in the 1990s when it closed a major deal with the Australian Navy to design their submarines fleet. Since then, the company seems to have become an empty shell.

In 2005, to strengthen its market position, Kockums joined its German competitor TKMS. Their partnership soon deteriorated as Kockums failed to attract new clients and retain old ones. The A26-class Kockums was developing did not sell well on the international market. Designed in the early 1990s, this sub class was considered outdated and too pricy. In 2013, after 20 years of cooperation, Kockums lost a contract with Singapore. Although TKMS eventually managed to win that contract thanks to another subsidiary, it led to increased tensions between the two companies.

In 2014, Russia’s realpolitik and the Ukrainian crisis led the Swedish government to reconsider its naval capabilities. The government realized the capacity to build submarines was of strategic importance, calling for Swedish companies to maintain an adequate level of competency. The Parliament decided to renew its subs fleet and promote local skills by ordering two updated ersatz of the A26-class to Kockums. However, the Swedish government failed to agree on the price with TKMS, ending the negotiation. At the height of the crisis, Swedish military authorities stormed Kockums’ laboratory in Sweden to retrieve technology that, according to them, belonged to the army. After that incident, deemed unusual by military experts, TKMS entered talks with Saab to sell Kockums. The sale was eventually closed later that year.

Over the past decades, U-boots have evolved from a fighting device to a diplomatic, sovereignty and intelligence tool. It is now used to locate enemies, deploy elite troops, collect data and send political messages. They require cutting-edge technology and constant research and development. Of all naval solutions, designing subs poses the greatest technical challenges and hence require special skillsets. Not keeping up with the fast-changing evolutions can quickly become the death knell of subs’ designers. Though Kockums prove to be a competitive submarine maker in the 1990s, not constructing subs over the last two decades means they have lost their technical and technological expertise. The price at which the company was sold is quite revealing. First thought to be worth 1 billion kronor, Kockums was sold for 340 million kronor (US$ 50,4 million).

The Dutch Navy is internationally recognized for the role its subs played in reducing piracy in the Gulf of Aden. It is part of the few countries able to furtively navigate oceans. The construction of its new submarine fleet is scheduled to start in 2021 and be operational by 2027. Saab Kockums is offering its updated A26-class and it might not be able to meet the deadlines. The A26-class has never been built before and, even if its design has been updated, the scope of the technical adjustments needed for this class to function smoothly is not yet known. With the technology used in naval solutions rapidly evolving, it might as well be less time-consuming to develop an entirely new class rather than update an ancient model.

Moreover, there are doubts about Saab Kockums’ capacity to continue its activities in a few years from now. The company already inked several deals with the Swedish Navy. However, to be able to keep up with the investments needed in research and development, Saab Kockums must succeed on export markets. If it fails to secure multiple deals abroad, it will eventually go bankrupt. With such scenario, betting on them might not be the smartest move.

The future does not look bright for Saab Kockums. Though signing with the Dutch Navy could temporarily be good news for them, without sustainable investments in research it will go down like a lead zeppelin!

Use your ← → (arrow) keys to browse

Continue Reading

War and Military

Is Damen’s MCM vessels offer a smokescreen for Belgium?



U.S. Navy Photo by Mass Communication Specialist Seaman Alyssa Weeks

Belgium and the Netherlands will award a 2-billion-euro contract for 12 new mine countermeasure vessels (CMC) by the end of the month. Three companies, including Dutch Damen, have been shortlisted. Although the Dutch authorities would certainly appreciate to see one of their industrial flagships win the contract, it might not be that beneficial for Belgium.

Belgian defense minister Sander Loones assisted by cabinet chief Peter Devogelaere, National Armaments Director Rudy Debaene and head of Naval forces Wim Robberecht, are currently examining projects to replace minehunter vessels both in Belgium and the Netherlands. Three consortiums have been shortlisted after they submitted their bids last October: Damen & Imtech, Belgium Naval & Robotics and Sea Naval Solutions. In addition to the study of the technical and technological capabilities for each design, the Belgian authorities will evaluate the economic spinoff for the country. Indeed, during a parliamentary commission on planned military purchases, experts including Rudy Debaene, highlighted that one of the main criteria considered when analyzing offers was the economic benefits on the local economy.

Three bids with different economic offers

While Belgium Naval & Robotics and Sea Naval Solutions are proposing technological partnerships with Belgian companies, Damen & Imtech are offering industrial cooperation. Identifying which offer will boost the local economy more is the hardest part for a government. It requires scrutiny of every detail and decisions reaching beyond short-term results. A closer look at Damen’s proposal shows that even if it promises to create “decades of work” – which could be handy ahead of legislative elections – it is in fact a smokescreen.

A proposal with a limited industrial and economic impact

Damen has offered to establish an industrial valley from the Zeebrugee to the Oostende regions. However, since Belgium does not have the facilities to build minehunter vessels and Damen has its shipyard in Romania, Damen will leave Belgian subcontractors with only the crumbs. In other words, Damen’s proposal relies on existing capacities that do not require investment or training. As a result, it will hardly create jobs. Moreover, Damen plans to implement its activities exclusively in Flanders leaving half of the country on the sidelines.

No transfer of technology

Damen is focusing on sharing building capacities with Belgium so it can strategically retain for itself the most profitable aspect of designing military materials: working on technology. Being able to design deep-sea vessels which could carry heavy weapons was essential in the past century. Today, artificial intelligence is the future of warfare and countries are racing to stay ahead of their peers. In the long run, investing in research and development adds greater value than knowing how to assemble metal sheets.

Damen is among the three finalists despite its wobbly offer. It is leaving Brussels at the margin of innovation, jeopardizing years of research and development, ultimately hampering job creation and economic development. Rather than simply selecting the lowest bidder the government has a responsibility to choose the consortium that will yield the greatest economic results locally.

Use your ← → (arrow) keys to browse

Continue Reading