Connect with us

Technology

Concerns and Limitation of Cyber Warfare

Alexandra Goman

Published

on

cyberwarfare stuxnet

The discovery of Stuxnet, a malware that targeted a nuclear facility, was somewhat revolutionary and groundbreaking. It targeted ICS which monitor and run industrial facilities. Before that, most of malicious programs were developed to steal information or break-in into financial sector to extort money. Stuxnet went beyond went and targeted high-level facilities. It is not hard to imagine what damage it could have inflicted if the worm were not detected. What is more worrisome, the technology is out. It might not be perfect, but it is definitely a start. Regardless of the intentions behind Stuxnet, a cyber bomb has exploded and everyone knows that cyber capabilities indeed can be developed and mastered.

Therefore, if they can be developed, they will probably be. The final goal of Stuxnet was to affect the physical equipment which was run by specific ICS. It was done in order to manipulate computer programs and make it act as an attacker intended it to act. Such a cyberattack had a particular motivation; sabotage of industrial equipment and destruction could have been one of the goals. So, if they were indeed the goals, it might have been an offensive act, conducted by an interested party, presumably, a state for its political objective. Yet, there are certain limitations when it comes to so-called “cyber weapons” (malware that might be employed for military use or intelligence gathering). 

One of the main concerns of cyber offence is that code may spread uncontrollably to other systems. In terms of another physical weapon, it is like a ballistic missile that anytime can go off-course and inflict damage on unintended targets and/or kill civilians. Cyber offensive technology lacks precision, which is so valued in military. For example, in ICS and SCADA systems one may never know what can backfire because of the complexity of the system.  The lack of precision consequently affects military decisions. When launching a weapon, officers should know its precise capabilities; otherwise, it is too risky and is not worth it. 

In case of Stuxnet, the program started replicating itself and infected computers of many countries. For this moment we do not know if it were planned in that way.  However, provided that that target was Natanz facility, it is unlikely. Symantec Corporation started analyzing the case only with external help; it did not come from Natanz. This exacerbates the case if a country decides to launch an offensive cyberattack.

If the military planning cannot prevent cyber technology to go awry or to go out in the public, it brings more disadvantages than advantages.  Moreover, given a possibility of the code being discovered and broke down to pieces to understand what it does, it may potentially benefit an opposing party (and any other interested party along the way). This is unacceptable in military affairs.

Similarly, when the code is launched and it reaches the target, it can be discovered by an opponent. In comparison to nuclear, when a bomb explodes, it brings damage and destruction, but its technology remains in secret. In case of cyber, it may not be the case, as when a malware/virus is discovered, it can be reverse engineered to patch vulnerability. By studying the code, an enemy would find out the technology/tactics used that could be unfavourable in the long-run for the attacker.

Additionally, it should be said that not every malware is meant to spread by itself. In order to control the spread, vulnerability can be patched, meaning updating the software which had that vulnerability. An anti-malware can also be introduced; this will make the computer system immune to that particular vulnerability. Nonetheless, if the malware spreads uncontrollably, there is nothing much that an attacker can do. It is not possible to seize the attack. In this scenario, an attack may only release information about this certain vulnerability so that someone else can fix it. However, a state is highly unlikely to do so, especially if the damage is extensive. It would not only cost the state diplomatic consequences, but also it might severely impact its reputation.

An AI-enabled cyberattack could perhaps fulfill its potential. That means involvement of artificial intelligence. AI systems could make digital programs more precise, controlling the spread. In contrast, it could also lead to a greater collateral damage, if a system decides to target other facilities that may result in human death. Similar concerns are raised in the area of autonomous weapon systems in regard to the need of leaving decision-making to humans and not to technology. AI technology has a potential to make existing cyberattacks more effective and more efficient (Schaerf, 2018).

Aforementioned concern leads to another and affects the end result. When a certain weapon is employed, it is believed to achieve a certain goal, e.g. to destroy a building. With cyber capabilities, there is no such certainty. In the case of Stuxnet, the malware clearly failed to achieve its end goal, which is to disrupt the activities of the industrial facility.

Alternatively, the true costs of cyberattacks may be uncertain and hard to calculate. If that is so, an attacker faces high level of uncertainty, which may also prevent them from a malicious act (particularly, if nation states are involved). However, the costs and the benefits may always be miscalculated, and an attacker hoping for a better gain may lose much more in the end (e.g. consider Pearl Harbour).

Another concern refers to the code becoming available to the public. If it happens, it can be copied, re-used and/or improved. Similar concerns in regards to proliferation and further collateral damage emerged when Stuxnet code became available online.  An attacker may launch a cyberattack, and if it is discovered, another hacker can reverse engineer the code and use it against another object. Moreover, the code can be copied, improved and specialized to meet the needs of another party. Technology is becoming more complex, and by discovering a malware developed by others, it also takes less time to produce a similar program and/or develop something stronger. (For instance, after Stuxnet, more advanced malwares were discovered – Duqu and Flame).

Furthermore, there are other difficulties with the employment of cyber offensive technology. In order to maximize its result, it should be supported by intelligence. In case of Stuxnet, an offender needed to pinpoint the location of the facility and the potential equipment involved. It has to find zero-days vulnerabilities that are extremely rare and hard to find[1]. Cyber vulnerability is all about data integrity. It should be reliable and accurate. Its security is essential in order to run an industrial infrastructure.

After pinpointing vulnerability, security specialists need to write a specific code, which is capable of bridging through an air-gapped system. In case of Stuxnet, all of abovementioned operations required a certain level of intelligence support and financial capability. These complex tasks involved into development were exactly the reason why Stuxnet was thought to be sponsored and/or initiated by a nation state. If intelligence is lacking, it may not bring a desirable effect. Moreover, if cyber offense is thought to be used in retaliation, malicious programs should be ready to use (as on “high-alert”) in the event of necessity.

Regardless of some advantages of cyber offence (like low costs, anonymity etc), this technology appears to be unlikely for a separate use by military. There is a high level of uncertainty and this stops the army of using technology in offence. Truth is when you have other highly precise weapons, it does not make sense to settle for some unreliable technology that may or may not bring you a wanted result. Yet, other types of cyberattacks like DDoS attacks can give some clear advantages during military operations and give an attacker some good cards in case of a conflict. When such attacks used together with military ground operations, they are much more likely to bring a desired result.


[1] For better understanding, out of twelve million pieces of malware that computer security companies find each year, less than a dozen uses a zero-day exploit.

Use your ← → (arrow) keys to browse

Specialist in global security and nuclear disarmament. Excited about international relations, curious about cognitive, psycho- & neuro-linguistics. A complete traveller.

Continue Reading
Comments

Technology

Are You Aware Of Your Children’s Online Activity?

Published

on

child privacy mother

There’s a big, wide, scary, often strange world out there, and it’s the task of any individual to grow into an adult and begin to contend with it. However, most responsible parents understand that showing the raw facts of life, or being introduced to bad influences is simply not suitable for a young child. They must learn slowly, with care, and appropriately to the degree we’re able to foster that environment. Parents cater to this by controlling what friends their children make, or what hours they may be allowed to spend time with them.

However, a growing cause for concern is the fact that many parents fail to keep their children safe online. The internet may as well be its own world, and it reflects our reality, both the good and the bad, the trustworthy and the terrible. This means that as a parent, it’s important to stay aware of your child’s online activity. If you can do that, you can better control the content they see, what they’re allowed to access, and the influences they are moved by.

Use Worthwhile Content Filters

It’s important to use the best content filters and parental controls you can. Some offer you access to limit internet time, while others help you block certain websites or content from being seen. With the best cyberbullying safety services, you can also ensure that your children are equipped to handle the unfortunate likelihood of encountering abuse online. The more you can engage in good habits now, and regulate their usage, the less likely they are to come to harm within the wild west that is the online world.

Understand The Trends

Understand the trends that occur and know how to deal with them. For instance, you might block access to certain apps or sites, but your child’s friend’s parents may not have the same philosophy. If you know the trends through paying attention to what they’re saying, you will be able to assess if they’re healthy or not. For instance, TikTok is now seen as a negative influence on many young children due to how poorly they moderate their content, and how limited content filters are in place. When you make decisions to help them stay secure, you are in effect limiting the vulnerable pathways in which they could become less safe.

Stay Alert

It’s important to say, but stay alert. If you notice your child is finding it hard to engage with social media, or they follow a risky YouTuber, you are within your right to restrict access or to observe more closely. It’s a tough job, but ultimately you cannot completely banish your child from the internet for the entirety of their childhood. It’s best to help them build healthy habits now and also know how to stay safe online than to pretend it doesn’t exist. To that end, you’ll be making the right choices.

With this advice, we hope you can better stay aware of your children’s online activity, and manage it as appropriately.

Prev postNext post
Use your ← → (arrow) keys to browse

Continue Reading

Technology

How does Technology Affect the Working Environment?

Published

on

Technology-in-2019

Throughout history, machines and technology have changed the way that we work across nearly every industry. From the industrial era, all the way through to the modern age, it would seem that technology has improved working conditions significantly. The impact that it has had is immense. Some of the main changes can be found below.

Speed and Efficiency

Workers in this day and age are far more productive than they have ever been. The impact that technology has had on work, both in communication and manufacturing has increased the rate of production and the speed at which business can occur. Tech in the workplace has also helped workers to become far more efficient. What once took hours can now take minutes. Messages can be sent to clients across the world and proposals and payments can also be transferred instantly. Support for workers can also be found online.  For example, personal injury claim legal help can be obtained online and you can file a claim within minutes.

Working Together as One

Team coordination really has never been easier. When you look at online communication tools and technology you will soon see that people can now work together much more closely. Collaboration is also much simpler to achieve. Even when colleagues are not able to be in the same workplace physically, teams can hold meetings through video technology. They are also able to work on the same documents through file-sharing platforms such as Google Drive and this is fantastic to say the least.

Technology and Office Culture

Everyone knows that tech in the workplace is changing. Beer is available on tap in some workplaces and others are offering video games as a means for their team to relax at the end of a hard day. Open offices are also a trend. The mere idea of creating a better company culture can now be used to lure workers who are in-demand and this doesn’t look to be going away anytime soon. Technology in the workplace has also made it much more possible to work remotely. Companies need to create incentives to try and keep their workers happy and to also keep them drawn into the office.

Live where You Work

One of the biggest impacts of tech in the workplace is the workplace itself. Most jobs require you to clock in and work on-site but there really are so many open positions for those who telecommunicate, and people can now work from home more than ever before. Of course, with so many changes being made it’s not hard to see that so much is being done to try and help support this movement and some companies have even put in the effort to try and make sure that they give their teams the chance to work from home permanently. Only time will tell what the future holds, but right now it looks like tech has had a huge impact on the workplace and the effects are going to be felt for years to come.

Use your ← → (arrow) keys to browse

Continue Reading

Business

Quotes To Get Your Boss To Take Cyber Security Seriously

Published

on

cyber security

There is no denying that data security is something that all businesses need to take seriously today. Unfortunately, there are many companies out there who are failing to do so. This is because they have the “it won’t happen to me attitude.” However, many companies have closed after a data breach. Therefore, to save the future of your business and your job, try to convince your boss with these quotes…

We are going to start with a quote from the founder and CEO of Blue Lava, Inc, Demitrios ‘Laz’ Lazarikos, who talks about implementing a modern program on cyber risk. From privileged access management services to network segregation, we need to stay ahead of the times with our strategy.

“A modern cybersecurity program must have Board and Executive level visibility, funding, and support. The modern cybersecurity program also includes reporting on multiple topics: understanding how threats impact revenues and the company brand, sales enablement, brand protection, IP protection, and understanding cyber risk.”

If your boss thinks he or she is above the law, William Malik, VP and Research Area Director for Information Security at Gartner has a great quote on the matter…

“A business will have good security if its corporate culture is correct. That depends on one thing: tone at the top. There will be no grassroots effort to overwhelm corporate neglect.”

Chairman of the Ponemon Institute, Dr. Larry Ponemon, has spoken about insider attacks. Insider attacks – whether malicious or accidental – are the most common. However, they’re not being taken as seriously as they should…

“We discovered in our research that insider threats are not viewed as seriously as external threats, like a cyberattack. But when companies had an insider threat, in general, they were much more costly than external incidents. This was largely because the insider that is smart has the skills to hide the crime, for months, for years, sometimes forever.”

While some business owners do implement cyber security controls, there seems to be a lack of thought behind the strategy that is implemented, and this is what Dr. Chris Pierson, CEO at Binary Sun Cyber Risk Advisors has said on the matter…

“What we should actually be doing is thinking about what are our key controls that will mitigate the risks. How do we have those funneled and controlled through the team that we have, how do we work through that in a well-formatted, formulated process and pay attention to those controls we have chosen? Not a continual, add more, add more, add more.”

One of the biggest problems with data security is that a lot of business owners believe it is nothing more than an IT issue. Steven Chabinsky, Global Chair of Data, Privacy & Cybersecurity at White & Case LLP, has put this into perspective…

“Thinking of cybersecurity solely as an IT issue is like believing that a company’s entire workforce, from the CEO down, is just one big HR issue.”

So there you have it: some of the most compelling quotes out there regarding cyber security today. We hope these will help you to convince your boss that it’s critical!

Use your ← → (arrow) keys to browse

Continue Reading

Trending