Mark 2013 down as the year that the global cyberweapons arms race started. Already, there have been five cyberattacks of unprecedented size and scope in just the first six months of the year. Of even greater concern, many of these cyberattacks appear to have emanated from state-sponsored actors coordinating cyberespionage campaigns lasting years, not days or weeks. These cyberweapons – which involve everything from malicious bits of code hidden within PDF documents to viruses that infect the software used to operate the infrastructure of nuclear power plants – represent a growing threat to the national security of the world's leading powers.
In his roundup of the Five Most Dangerous Cyberweapons of 2013, Igor Rozin suggests that the newest cyberweapons are already more sophisticated and lethal than those from just six months ago. If the earliest versions of cyberweapons were pieces of malicious code that infected your computer and caused it to crash, the newest cyberweapons enable users to take over your computer and use it to steal sensitive trade, research, or diplomatic secrets. In one operation known as "MiniDuke," a group of hackers targeted a range of government and non-government institutions across Europe by using malicious PDF documents that exploited Adobe Reader. In another operation known as "Red October,"hackers conducted a global cyberespionage campaign against politicians and diplomats that involved servers, proxy servers and hosting services housed across multiple countries.
What's all the more disconcerting about a potential cyberweapons arms race is that the line between state and non-state actors is no longer clear. As Mandiant discovered earlier this year, it's possible to have shadowy state actors loosely affiliated with a country’s military, as in the case of China’s APT1. What do you do with these Chinese hackers who appear to be systematically tapping into our nation's research organizations, corporations and governmental organizations and then siphoning away trade secrets and sensitive diplomatic communications? Send a few armed drone strikes into the heart of Shanghai to take out the hackers camped out in a single building?
If the previous rounds of cyberattacks were organized by cybercriminals and shadowy cyber-terrorist cabals, then future round of cyberattacks will be organized by the wealthiest nation-states. That means that the single, one-off attacks of disgruntled hackers will be replaced by sustained, multi-year campaigns made possible by billion-dollar budgets and the involvement of a nation's top leaders. The phishing scams of Syrian hackers (which have gone so far as to infiltrate the emails of the White House) and the ongoing cyberespionage schemes of the Chinese Army (which are thought to have tapped into every important organization in New York and Washington) are just the start.
Now that cybersecurity has been ratcheted up in national strategic importance, the generals are getting involved. If before, these generals counted the number of tanks, stealth bombers and nuclear warheads they had at their disposal, they now have a brand new way to measure their relative power: the number of computers capable of delivering lethal payloads.
Already, you can see the impact of a global cyberweapons arms race at the highest diplomatic levels. Russia, growing ever more concerned about the new geopolitical balance of power made possible by the development of the Internet as a delivery mechanism for cyberattacks, just elevated cybersecurity to a major strategic concern. Russia is now partnering with the United States on a bilateral cybersecurity commission, even going so far as to install a Cold War-style telephone “hotline” between the two nations to avert a cyberwar. (This appears to be the suggestion of a Cold War general eager to get back into the game.)
The upshot of the new global concern about cybersecurity is that the Kremlin – just like the White House - is now working on a comprehensive cyber plan to outline exactly when and where it can attack enemy hacker combatants. Both countries are working on new Cyber Commands and appointing new Cyber Czars. From now on, it’s no longer about defense, it’s now all about going on the offensive against cybercombatants.
And that’s where things get dicey. At what point do these cyberattacks represent a military attack against a country? Vincent Manzo of The Atlantic’s Defense One recently analyzed the blurring line between what constitues a cyberattack and a military attack. As more of these high-tech cyberweapons begin to target a nation’s power grid, physical infrastructure, or telecommunications networks, things could get out of control, real fast.
And don’t say that we haven’t been warned. There have already been warnings of a digital “Pearl Harbor” scenario in which an enemy state (or rogue non-state actor) could get its hands on the equivalent of computerized nukes and target the infrastructure, telecom networks or power grids in cities like New York or Washington. At that point, all the conventions of international law likely go out the window, as the U.S. Army Cyber Command grapples with the reality of responding to a threat that it can’t see from an Internet destination that may or may not be real from an enemy that may or may not be a rival nation-state. As Stanley Kubrick would have said, it’s time to stop worrying and love the cyberbomb.
[image: Hacker Waiting for Something With Binary Code / Shutterstock]