E-Warfare: The Modern Cyber Threat

26 January 2011 (Last Updated January 26th, 2011 18:30)

The Stuxnet worm is the most high-profile recent example of the sophistication of modern cyber attacks. Chris Lo surveys the electronic landscape, revealing how the world's militaries are protecting themselves from this insidious threat.

E-Warfare: The Modern Cyber Threat

The world is shifting ever further away from the "conventional" warfare seen during the tank battles and infantry engagements of the Second World War. While troops on the ground and armoured vehicles are still in demand in modern combat zones, the military procurement of the Western world is increasingly focused on high technology such as advanced UAVs and remotely controlled bomb disposal units.

On today's digitised battlefield, where network infrastructure plays as big a role as traditional weaponry, the most dangerous weapon could be the humble PC. The threat of cyber terrorism, or indeed cyber warfare, is an intangible concept, covering everything from a precocious teenager hacking into restricted databases up to sophisticated viruses capable of crippling national infrastructure on a huge scale. As a result, the military world is being forced to formulate new strategies to respond to this growing threat.

Recognising the risk

In response to the risk of cyber attacks, several countries are leading the way by incorporating online security into their defence strategies. In Germany, a €7.1bn project called Herkules is well under way, with the intention of upgrading the security of the country's military IT systems. It is currently one of Europe's largest public-private partnership programmes.  

In the UK's recent Strategic Defence and Security Review (SDSR), the UK government highlighted "cyber crime" as a Tier One risk, denoting the highest possible security threat, along with international terrorism, global pandemics and international military crises.

"In response to the risk of cyber attacks, several countries are leading the way by incorporating online security into their defence strategies."

To put this into perspective, cyber attacks have been rated a higher risk to the UK's security than WMD attacks, satellite disruption or internal civil instability, all of which are ranked as Tier Two threats. As a result, the UK government has set aside around £650m over the next four years to bolster the country's security against attacks emanating from cyberspace.

In an interview broadcast on BBC Radio 4, Malcolm Rifkind, the chairman of the UK's Intelligence and Security Committee, described the high priority being assigned to attacks of this nature. "What we're talking about is terrorists being able to actually use cyber methods, for example, to interrupt the National Grid to prevent proper instructions going to power stations, which are under computer control.

"I was in the United States a few months ago and a very senior intelligence figure said to me that cyber attacks, he feared, were going to be the United States' next Pearl Harbor. That's the kind of severity that could happen if we don't get it right," he said.

The US is also taking the cyber threat seriously. In May 2010, the US government set up US Cyber Command with a remit to, "direct the operations and defence of specified Department of Defence information networks and…conduct full-spectrum military cyberspace operations in order to enable actions in all domains [and] ensure US / Allied freedom of action in cyberspace and deny the same to our adversaries."

What is interesting about the mission statement of US Cyber Command, which reportedly reached full operational capability in October last year, is that it specifically widens its sphere of activity to cover offensive cyber actions against the country's enemies as well as defensive security operations.

The Stuxnet worm

2010 was also a landmark year in that the most significant danger to emerge from cyberspace received widespread media and governmental attention. The Stuxnet worm was discovered in July last year, a powerful virus intended to disrupt industrial infrastructure.

"The Stuxnet worm was discovered in July last year, a powerful virus intended to disrupt industrial infrastructure."

The frightening implications of such a programme were revealed in November 2010 when Iran announced that its controversial nuclear programme had been set back by a Stuxnet infection that shut down centrifuges and wreaked havoc on computer systems at the country's uranium enrichment plant in Natanz.

The Stuxnet attack is significant for reasons other than its ability to disrupt and damage physical infrastructure in a way never seen before. Many computer experts, including those at security firms like Kaspersky and Symantec, have stated that the development of such a sophisticated programme would have required the kind of resources only available to a nation state.

Speculation is now rampant that Israel could have been responsible for developing the worm, with the objective of delaying Iran's nuclear development programme, which it considers to be a primary military threat. It has even been suggested that the US may have collaborated with the country on the programme.

Scott Borg, of think thank the US Cyber Consequences Unit, noted in an interview with The Economist that a cyber attack against Iran would potentially make more sense than a conventional assault, as it could knock out essential infrastructure with fewer risks and almost total deniability. He described Stuxnet as "Israel's obvious weapon of choice". As such, Stuxnet could be the first engagement in a new era of state-funded cyber warfare.

Cyber attacks: a growth industry

Although Stuxnet is certainly the most high profile example of cyber assaults, there have been a host of other instances in recent years. In December 2009, it was widely reported that Islamist insurgents in Iraq, using simple software, had hacked into advanced CIA Predator drones used to carry out operations across the world.

"Islamist insurgents in Iraq, using simple software, hacked into advanced CIA Predator drones."

While the hack did not allow the insurgents to gain control of the $20m drones or their deadly weapons systems, they were able to watch live video feeds from the Predators' camera systems to access vital intelligence. This security breach raises questions about the suitability of the US military's defences against even the crudest cyber attacks, as well as the grim possibility of Predators being actively controlled by insurgents in the future to carry out attacks on foreign soldiers or even Western civilian targets. Whatever the future holds, it's clear that military forces should not underestimate the ingenuity and adaptability of their adversaries, however poorly funded.

An aspect of cyber crime that was recently uncovered is the proliferation of mercenary programmers without any military or ideological objectives, who offer malicious botnets to paying customers. As the sophistication of such software increases, these attacks are becoming more dangerous. A botnet rental group known as the Iranian Cyber Army was reportedly responsible for an attack on social networking site Twitter in 2009.

Cyber threats may seem inconsequential in comparison to terrorist attacks and insurgencies, but governments are coming to understand that these attacks are a growing trend, and they are only going to get more serious as the technology behind them evolves. Even for countries that have taken a progressive stance on this issue, the challenge for militaries will be to shift mindsets from focussing on physical threats to virtual ones.

Former strategist for the UK Ministry of Defence and NATO Ashley Truluck summed up the challenge facing the world's security forces in an interview with Strategic Defence Intelligence: "Senior military personnel have built up entire careers in tanks and guns and aeroplanes, and need to undertake a culture shift from kinetic to cyber."