Imagine that North Korea decided to launch the biggest ever DDoS attack knocking down critical pieces of the internet in hubs like New York City, Los Angeles, Silicon Valley, and Washington D.C. Such a move could be possible as the reclusive nation has a cyberarmy that is “among the best in the world,” to quote Senate testimony from general Vincent Brooks. But would such an attack be an act of war?
Five to ten years ago, cyberwarfare basically meant blowing something up or otherwise damaging property or killing or injuring people. The Stuxnet attack against Iranian nuclear centrifuges and decades of warnings about a potential Cyber Pearl Harbor helped support that impression.
But things are messier now. The term “cyberwarfare” frequently gets tossed around to refer to information breaches, data attacks, and sometimes “fake news.”
“We’ve sort of moved beyond the type of [physically destructive] incident we had in Stuxnet and incidents that are aimed at data or information,” said Oren Falkowitz, CEO and co-founder of Area 1 Security in a separate RSA presentation. “And we still haven’t figured out the first one.”
Note: IoT security is a key item on the agenda at Internet of Things World in Santa Clara this May. Check out the speakers, preview the agenda, claim your free expo pass or book your place at the conference for the world’s biggest IoT event now.
Russia’s interference in the 2016 presidential election has changed the conversation and might have been “the biggest hack in the history of the world,” according to Kenneth Geers, PhD, a senior research scientist at Comodo Group and a NATO Cyber Centre ambassador. Unlike other notable cybersecurity incidents, the hack was multifaceted, including cyberespionage, hacking of U.S. political parties, and information operations in social media. Russians also managed to create a media firestorm by weaponizing dox-ing—leaking sensitive information from Hillary Clinton’s campaign manager John Podesta to Wikileaks. Similar reports of possible Russian interference in elections are beginning to pop up across the world. “It’s not only the United States that is vulnerable. It is every country,” Geers said in a presentation last week at RSA.
Yet cybersecurity researchers had been warning for years that hackers could manipulate elections. “Decades ago, if you weren’t in security research, the specter of cyberattacks influencing an election would have seemed outlandish,” says Zulfikar Ramzan, CTO at RSA. “But today, that can actually happen. That is the challenge we deal with in our industry: On the one hand, we want to predict what is going on, but often researchers are accused of spreading fear uncertainty and doubt,” Ramzan explains. “There is a very fine line between [theorizing about] what might happen and being accused of being too paranoid.”
At present, it seems like there is a real need for healthy paranoia when it comes to preparing for cyberwarfare. In fact, preparing for it may be impossible because aggressive nation-state backed cyber operations are constantly occurring, even in peacetime. “If you are a military commander, you cannot wait for war to start hacking,” says Kenneth Geers of Comodo Group.
The vast and increasing connectivity of the world also makes it difficult to maintain peace. “Nation state hackers are going at it all of the time against financial institutions, electricity grids, leadership communications, and weapon systems.” The challenge is poised to become much more formidable in years to come. “Imagine the powers [of AI] in law enforcement that could see right into your home and right into your body in the near future,” Geers explains. “What kind of things could you do with that power?”
Business leaders are already fretting about the overall cybersecurity risk. A recent BCI study of 79 countries found that 88% of companies are “extremely concerned” or “concerned” at the risks of cyberattacks and their effect on political stability.
For now, the field of cybersecurity is moving so quickly that it is impossible to get a clear sense of what international defense will look like a decade from now. For now, science fiction may provide some answers. Geers concludes: “That is why movies like Ghost in the Shell and Blade Runner are popular again.”