Has the Global Cyberwar Already Started?

Mark 2013 down as the year that the global cyberweapons arms race started. Already, there have been five cyberattacks of unprecedented size and scope in just the first six months of the year. Of even greater concern, many of these cyberattacks appear to have emanated from state-sponsored actors coordinating cyberespionage campaigns lasting years, not days or weeks. These cyberweapons – which involve everything from malicious bits of code hidden within PDF documents to viruses that infect the software used to operate the infrastructure of nuclear power plants – represent a growing threat to the national security of the world's leading powers.

In his roundup of the Five Most Dangerous Cyberweapons of 2013, Igor Rozin suggests that the newest cyberweapons are already more sophisticated and lethal than those from just six months ago. If the earliest versions of cyberweapons were pieces of malicious code that infected your computer and caused it to crash, the newest cyberweapons enable users to take over your computer and use it to steal sensitive trade, research, or diplomatic secrets. In one operation known as "MiniDuke," a group of hackers targeted a range of government and non-government institutions across Europe by using malicious PDF documents that exploited Adobe Reader. In another operation known as "Red October,"hackers conducted a global cyberespionage campaign against politicians and diplomats that involved servers, proxy servers and hosting services housed across multiple countries.

What's all the more disconcerting about a potential cyberweapons arms race is that the line between state and non-state actors is no longer clear. As Mandiant discovered earlier this year, it's possible to have shadowy state actors loosely affiliated with a country’s military, as in the case of China’s APT1. What do you do with these Chinese hackers who appear to be systematically tapping into our nation's research organizations, corporations and governmental organizations and then siphoning away trade secrets and sensitive diplomatic communications? Send a few armed drone strikes into the heart of Shanghai to take out the hackers camped out in a single building?

If the previous rounds of cyberattacks were organized by cybercriminals and shadowy cyber-terrorist cabals, then future round of cyberattacks will be organized by the wealthiest nation-states. That means that the single, one-off attacks of disgruntled hackers will be replaced by sustained, multi-year campaigns made possible by billion-dollar budgets and the involvement of a nation's top leaders. The phishing scams of Syrian hackers (which have gone so far as to infiltrate the emails of the White House) and the ongoing cyberespionage schemes of the Chinese Army (which are thought to have tapped into every important organization in New York and Washington) are just the start.

Now that cybersecurity has been ratcheted up in national strategic importance, the generals are getting involved. If before, these generals counted the number of tanks, stealth bombers and nuclear warheads they had at their disposal, they now have a brand new way to measure their relative power: the number of computers capable of delivering lethal payloads.

Already, you can see the impact of a global cyberweapons arms race at the highest diplomatic levels. Russia, growing ever more concerned about the new geopolitical balance of power made possible by the development of the Internet as a delivery mechanism for cyberattacks, just elevated cybersecurity to a major strategic concern. Russia is now partnering with the United States on a bilateral cybersecurity commission, even going so far as to install a Cold War-style telephone “hotline” between the two nations to avert a cyberwar. (This appears to be the suggestion of a Cold War general eager to get back into the game.)

The upshot of the new global concern about cybersecurity is that the Kremlin – just like the White House - is now working on a comprehensive cyber plan to outline exactly when and where it can attack enemy hacker combatants. Both countries are working on new Cyber Commands and appointing new Cyber Czars. From now on, it’s no longer about defense, it’s now all about going on the offensive against cybercombatants.

And that’s where things get dicey. At what point do these cyberattacks represent a military attack against a country? Vincent Manzo of The Atlantic’s Defense One recently analyzed the blurring line between what constitues a cyberattack and a military attack. As more of these high-tech cyberweapons begin to target a nation’s power grid, physical infrastructure, or telecommunications networks, things could get out of control, real fast.

And don’t say that we haven’t been warned. There have already been warnings of a digital “Pearl Harbor” scenario in which an enemy state (or rogue non-state actor) could get its hands on the equivalent of computerized nukes and target the infrastructure, telecom networks or power grids in cities like New York or Washington. At that point, all the conventions of international law likely go out the window, as the U.S. Army Cyber Command grapples with the reality of responding to a threat that it can’t see from an Internet destination that may or may not be real from an enemy that may or may not be a rival nation-state. As Stanley Kubrick would have said, it’s time to stop worrying and love the cyberbomb.

[image: Hacker Waiting for Something With Binary Code / Shutterstock]

​There are two kinds of failure – but only one is honorable

Malcolm Gladwell teaches "Get over yourself and get to work" for Big Think Edge.

Big Think Edge
  • Learn to recognize failure and know the big difference between panicking and choking.
  • At Big Think Edge, Malcolm Gladwell teaches how to check your inner critic and get clear on what failure is.
  • Subscribe to Big Think Edge before we launch on March 30 to get 20% off monthly and annual memberships.
Keep reading Show less

Apple, Amazon, and Uber are moving in on health care. Will it help?

Big tech is making its opening moves into the health care scene, but its focus on tech-savvy millennials may miss the mark.

Apple COO Jeff Williams discusses Apple Watch Series 4 during an event on September 12, 2018, in Cupertino, California. The watch lets users take electrocardiogram readings. (Photo: NOAH BERGER/AFP/Getty Images)
Sponsored by Northwell Health
  • Companies like Apple, Amazon, and Google have been busy investing in health care companies, developing new apps, and hiring health professionals for new business ventures.
  • Their current focus appears to be on tech-savvy millennials, but the bulk of health care expenditures goes to the elderly.
  • Big tech should look to integrating its most promising health care devise, the smartphone, more thoroughly into health care.
Keep reading Show less

Harvard: Men who can do 40 pushups have a 'significantly' lower risk of heart disease

Turns out pushups are more telling than treadmill tests when it comes to cardiovascular health.

Airman 1st Class Justin Baker completes another push-up during the First Sergeants' push-up a-thon June 28, 2011, Eielson Air Force Base, Alaska. Participants were allowed 10 minutes to do as many push-ups as they could during the fundraiser. Airman Baker, a contract specialist assigned to the 354th Contracting Squadron, completed 278 push-ups. (U.S. Air Force photo/Airman 1st Class Janine Thibault)
Surprising Science
  • Men who can perform 40 pushups in one minute are 96 percent less likely to have cardiovascular disease than those who do less than 10.
  • The Harvard study focused on over 1,100 firefighters with a median age of 39.
  • The exact results might not be applicable to men of other age groups or to women, researchers warn.
Keep reading Show less

The colossal problem with universal basic income

Here's why universal basic income will hurt the 99%, and make the 1% even richer.

  • Universal basic income is a band-aid solution that will not solve wealth inequality, says Rushkoff.
  • Funneling money to the 99% perpetuates their roles as consumers, pumping money straight back up to the 1% at the top of the pyramid.
  • Rushkoff suggests universal basic assets instead, so that the people at the bottom of the pyramid can own some means of production and participate in the profits of mega-rich companies.
Keep reading Show less