Cyber Security and Emerging Threats Ryan Atkinson

Cyber Weapons and the Future of Warfare

The Canadian Armed Forces (CAF) will deploy to Latvia this year to lead a NATO battle group of roughly 1,000 soldiers, including 450 CAF troops. The operation in Latvia is part of a much larger NATO deployment across Eastern and Central Europe to deter further Russian belligerence. Canadian “cyber warriors” will accompany the mission to defend military computer networks and information from Russian cyber-attacks. This comes with the recent formation of the Joint Forces Cyber Component, commanded by Brig.-Gen. Paul Rutherford, who argues for  training troops on the vulnerabilities of cyber warfare, as “Russia is quite adept in the cyber and information warfare domains.” These efforts demonstrate an important transition in military and defence strategy towards maintaining capabilities to defend and react against the use of cyber weaponry.

 

Recent cyber assaults against the German-led battle group in Lithuania demonstrate the threats that cyber capabilities will defend against. On February 14, emails were sent to the Lithuanian parliament and various local media outlets, falsely accusing German soldiers of raping an underage Lithuanian girl. These disinformation efforts work to harm public opinion towards the German operation. Further Russian cyber-attacks are anticipated, as Lt. Col. Richard Perreault claims, “when you see how quickly it happened with the Germans, that shows us what to expect […] we fully expect such actions by the Russians.” In 2007, Russian cyber-attacks targeted Estonia’s parliament, banks, and media. In 2015, Ukraine’s National power company, Ukrenergo, was targeted by cyber-attacks which Ukrainian security services blamed on Russia.

 

The discovery of Stuxnet in 2010 demonstrated to the world the powerful capabilities of cyber weapons. The malicious worm caused considerable damage to Iran’s nuclear program, targeting an enrichment plant in Natanz destroying over 1,000 centrifuges used to separate nuclear materials. The worm located programmable logic controllers (PLCs) which automate electromechanical processes like those operating the centrifuges. It was programmed with four zero-days, which are undiscovered computer software vulnerabilities that can be exploited to gain access to computers and networks. The attack forced the centrifuge rotation speeds to change, increasing to very high speeds or slowing down to extremely slow speeds, “with the intention of inducing excessive vibrations or distortions that would destroy the centrifuge.” Pre-recorded footage of normal plant functioning hid these processes to prevent detection.

 

David Sanger and Mark Mazzetti reported the Natanz operation, code-named “Olympic Games,” was part of a larger operation code-named “Nitro Zeus.” This larger operation targeted Iran’s air defence, communication systems, and power grid, and was meant to give former President Barack Obama options short of war, in case the nuclear deal went sour and Iran lashed out against the United States. The authors argue that just as nuclear weapons influenced security strategy of the 1950s towards protecting Europe and containing the Soviet Union, so too will cyber weapons become “a standard element of the arsenal for what are now called ‘hybrid conflicts’.” Stuxnet was the first example of a purely digital attack causing physical damage to infrastructure. A second example occurred in 2014 when hackers attacked a steel mill in Germany, disrupting controls preventing a blast furnace from properly shutting down.

 

Another Stuxnet-like worm reportedly targeted North Korea’s nuclear program around the time of the Natanz attack, though it failed to penetrate or damage facilities. Stuxnet demonstrates the use of cyber weapons to counter the proliferation of nuclear weapons in rival States. Although this damaged Iran’s nuclear program, in the long run, it will cause more aggressive attempts towards attaining both nuclear weapons and cyber capabilities. Iran began operating its own Cyber Defence Command in November 2010, and has since become “one of the most active players in the international cyber arena.” Additionally, it is plausible that the failure to damage North Korea’s nuclear program has resulted in more aggressive nuclear testing. Since Stuxnet was discovered, North Korea has conducted nuclear weapons tests in February 2013, January 2016, and September 2016.

 

Martin Libicki, professor at Pardee RAND Graduate School, argues several essential components are required for cyber deterrence against hostile actors looking to conduct offensive cyber operations. Attribution determines specific causes of an attack, working towards thresholds for determining which hostile actions justify what reprisals. Credibility must be attained by demonstrating to hostile actors that crossing the set threshold will result in punishment, which requires the capabilities to conduct such reprisals. An example of a threshold criterion used to determine whether reprisals were justified following the Sony Entertainment and Democratic National Committee (DNC) hacks, was whether U.S. critical infrastructure was damaged. Sony attempted to make this argument but was denied. The U.S. election system was deemed to be critical infrastructure, and it was determined that the DNC hack crossed this threshold and justified the according reprisals.

 

Professor Libicki concludes that the U.S. “should develop its threshold by working towards a regime of norms, creating a consensus on the difference between acceptable government actions and those that are unacceptable and actionable.” The international community needs to strive towards developing this regime of norms to codify laws governing the use of cyber weapons. This effort needs to be organized by the United Nations to develop an international movement to prevent the proliferation of cyber weapons. The goal will be to create a cyber weapons arms treaty to prevent a cyber arms race. The Treaty on the Non-Proliferation of Nuclear Weapons could provide a model, though this requires acknowledging the clear differences between nuclear weapons and cyber capabilities. Some have called Stuxnet the “Trinity moment” of cyberwarfare, referring to the code-name of the first nuclear weapons test by the U.S. Army in July 1945. Both events mark the most sophisticated weaponry of the time and demonstrate new horrific potentials previously unimaginable.

 

Photo: Cyber hack (2017) by PeteLinforth via Pixabay. Public Domain.


Disclaimer: Any views or opinions expressed in articles are solely those of the authors and do not necessarily represent the views of the NATO Association of Canada.

Ryan Atkinson
Ryan Atkinson is Program Editor for Cyber Security and Information Warfare at the NATO Association of Canada. Ryan completed a Master of Arts in Political Science from the University of Toronto, where his Major Research Project focused on Russia’s utilization of information and cyber strategies during military operations in the war in Ukraine. He worked as a Research Assistant for a professor at the University of Toronto focusing on the local nature of Canadian electoral politics. He graduated with an Honours Bachelor of Arts in Political Science and Philosophy from the University of Toronto. Ryan conducted research for Political Science faculty that analyzed recruitment methods used by Canadian political parties. Ryan’s research interests include: Cyber Threat Intelligence, Information Security, Financial Vulnerability Management, Disinformation, Information Warfare, and NATO’s Role in Global Affairs.