War in the Fifth Domain
In the months running up to the 2016 election, the Democratic National Committee was hacked. Documents were leaked, fake news propagated across social media — the hackers, in short, launched a systematic attack on American democracy.
Whether or not that’s war, however, is a matter for debate. In the simplest sense, an act of cyber warfare is defined as an attack by one nation on the digital infrastructure of another.
These threats are what Samuel Woolley, research director of the Digital Intelligence Lab at Institute for the Future, calls “computational propaganda,” which he defines as the spread of disinformation and politically motivated attacks designed using “algorithms, automation, and human curation,” and launched via the internet, particularly social media. In a statement to Futurism, Woolley added that these attacks are “assailing foundational parts of democracy: the press, open civic discourse, the right to privacy, and free elections.”
Attacks like the ones preceding the 2016 election may be a harbinger of what’s to come: We are living in the dawn of an age of digital warfare — more pernicious and less visible than conventional battles, with skirmishes that don’t culminate in confrontations like Pearl Harbor or 9/11.
Our definitions of warfare — its justifications, its tactics — are transforming. Already, there’s a blurry line between threats to a nation’s networks and those that occur on its soil. As Adrienne LaFrance writes in The Atlantic: an act of cyber warfare must be considered an act of war.
A War of 0s and 1s
A little over a decade ago, the United States Cyber Command began developing what would become the world’s first digital weapon: a malicious computer worm known as Stuxnet. It was intended to be used against the government of Iran to stymie its nuclear program, as The New York Times reported. In the true spirit of covert operations and military secrecy, the U.S. government has never publicly taken credit for Stuxnet, nor has the government of Israel, with whom the U.S. reportedly teamed up to unleash it.
Stuxnet’s power is based on its ability to capitalize on software vulnerabilities in the form of a “zero day exploit.” The virus infects a system silently, without requiring the user to do anything, like unwittingly download a malicious file, in order for the worm to take effect. And it didn’t just run rampant through Iran’s nuclear system — the worm spread through Windows systems all over the world. That happened in part because, in order to enter into the system in Iran, the attackers infected computers outside the network (but that were believed to be connected to it) so that they would act as “carriers” of the virus.
As its virulence blossomed, however, analysts began to realize that Stuxnet had become the proverbial first shot in a cyber war.
Like war that takes place in the physical world, cyber warfare targets and exploits vulnerabilities. Nation-states invest a great many resources to gather intelligence about the activities of other nations. They identify a nation's’ most influential people in government and in general society, which may come in useful when trying to sway public opinion for or against a number of sociopolitical issues.
Gathering nitty-gritty details of another country’s economic insecurities, its health woes, and even its media habits is standard fare in the intelligence game; figuring out where it would “hurt the most” if a country were to launch an attack is probably about efficiency as much as it is efficacy.
Historically, gathering intel was left to spies who risked life and limb to physically infiltrate a building (an agency, an embassy), pilfer documents, files, or hard drives, and escape. The more covert these missions, and the less they could alarm the owners of these targets, the better. Then, it was up to analysts, or sometimes codebreakers, to make sense of the information so that military leaders and strategists could refine their plan of attack to ensure maximum impact.
The internet has made acquiring that kind of information near-instantaneous. If a hacker knows where to look for the databases, can break through digital security measures to access them, and can make sense of the data these systems contain, he or she can acquire years’ worth of intel in just a few hours, or even minutes. The enemy state could start using the sensitive information before anyone realizes that something’s amiss. That kind of efficiency makes James Bond look like a slob.
In 2011, then-Defense Secretary Leon Panetta described the imminent threat of a “cyber Pearl Harbor” in which an enemy state could hack into digital systems to shut down power grids or even go a step beyond and “gain control of critical switches and derail passenger trains, or trains loaded with lethal chemicals.” In 2014, TIME Magazine reported that there were 61,000 cybersecurity breaches in the U.S that year; the then-Director of National Intelligence ranked cybercrime as the number one security threat to the United States that year, according to TIME.
Computer viruses, denial of service (DDS) attacks, even physically damaging a power grid — the strategies for war in the fifth domain are still evolving. Hacking crimes have become fairly common occurrences for banks, hospitals, retailers, and college campuses. But if these epicenters of a functioning society are crippled by even the most “routine” cybercrimes, you can only imagine the devastation that would follow an attack with the resources of an enemy state’s entire military behind it.
Nations are still keeping their cards close to their chest, so no one is really certain which countries are capable of attacks of the largest magnitude. China is a global powerhouse of technology and innovation, so it’s safe to assume its government has the means to launch a large-scale cyber attack. North Korea, too, could have the technology — and, as its relationship with other countries becomes increasingly adversarial, more motivation to refine it. After recent political fallout between North Korea and China, Russia reportedly stepped in to provide North Korea with internet — a move that could signal a powerful alliance is brewing. Russia is the biggest threat as far as the United States is concerned; the country has proven itself to be both a capable and engaged digital assailant.
The Russian influence had a clear impact on the 2016 election, but this type of warfare is still new. There is no Geneva Convention, no treaty, that guides how any nation should interpret these attacks, or react to them. To get that kind of rule, global leaders would need to look at the ramifications for the general population and determine how cyberwar affects citizens.
At present, there is no guiding principle for deciding when (or even if) to act on a perceived act of cyberwarfare. A limbo that is further complicated by the fact that, if those in power have benefitted from, or even orchestrated, the attack itself, then what incentive do they have to retaliate?
If cyber war is still something of a Wild West, it’s clearly citizens who will become the casualties. Our culture, economy, education, healthcare, livelihoods, and communication are inextricably tethered to the internet. If an enemy state wanted a more “traditional” attack (a terrorist bombing or the release of a chemical agent, perhaps) to have maximum impact, why not preface it with a ransomware attack that freezes people out of their bank accounts, shut down hospitals and isolate emergency responders, and assure that citizens didn’t have a way to communicate with their family members in a period of inescapable chaos?
As cybersecurity expert and author Alexander Klimburg explained to Vox, a full-scale cyber attack would result in damage “equivalent to a solar flare in terms of damaging infrastructure.” In short, it would be devastating.
A New Military Strategy
In summer 2016, a group called the Shadow Brokers began leaking highly classified information about the arsenal of cyberweaponry at the National Security Agency (NSA), including cyber weapons actively in development. The agency still doesn’t know whether the leak came from someone within the NSA, or if a foreign faction infiltrated Tailored Access Operations (the NSA’s designated unit for cyber warfare intelligence-gathering).
In any case, the breach of a unit that should have been among the government’s most impervious was unprecedented in American history. Aghast at the gravity of such a breach, Microsoft President Brad Smith compared the situation “to Tomahawk missiles being stolen from the military,” and penned a scathing blog post calling out the U.S. government for its failure to keep the information safe.
The last time such a leak shook the NSA, it was in 2013, when Edward Snowden released classified information about the agency’s surveillance practices. But as experts have pointed out, the information the Shadow Brokers stole is far more damaging. If Snowden released what was effectively battle plans, then the Shadow Brokers released the weapons themselves, as the New York Times analogized,
Earlier this year, a ransomware attack known as “WannaCry” began traversing the web, striking organizations from universities in China to hospitals in England. A similar attack hit IDT Corporation, a telecommunications company based in Newark, New Jersey, in April, when it was spotted by the company’s global chief operations officer, Golan Ben-Oni. As Ben-Oni told the New York Times, he knew at once that this kind of ransomware attack was different than others attempted against his company — it didn’t just steal information from the databases it infiltrated, but rather it stole the credentials required to access those databases. This kind of attack means that hackers could not only take that information undetected, but they could also continuously monitor who accesses that information.
WannaCry and the IDT attack both relied upon the cyber weapons stolen and released by the Shadow Brokers, effectively using them against the government that developed them. WannaCry featured EternalBlue, which used unpatched Microsoft servers to spread malware (North Korea used it to spread the ransomware to 200,000 global servers in just 24 hours). The attack on IDT also used EternalBlue, but added to it another weapon called DoublePulsar, which penetrates systems without tripping their security measures. These weapons had been designed to be damaging and silent. They spread rapidly and unchecked, going undetected by antivirus software all over the world.
The weapons were powerful and relentless, just as the NSA intended. Of course, what the NSA had not intended was that the U.S. would wind up at their mercy. As Ben-Oni lamented to the New York Times, “You can’t catch it, and it’s happening right under our noses.”
“The world isn’t ready for this,” he said.
The Best Defense
The average global citizen may feel disenfranchised by their government’s apparent lack of preparedness, but defending against the carnage of cyber warfare really begins with us: starting with a long overdue reality check concerning our relationship with the internet. Even if the federal agencies aren’t as digitally secure as some critics might like, the average citizen can still protect herself.
“The first and most important point is to be aware that this is a real threat, that this potentially could happen,” cybersecurity expert Dr. Eric Cole told Futurism. Cole added that, for lay people, the best defense is knowing where your information is being stored electronically and making local backups of anything critical. Even services like cloud storage, which are often touted as being safer, wouldn’t be immune to targeted attacks that destroy the supportive infrastructure — or the power grids that keep that framework up and running.
“We often love going and giving out tons of information and doing everything electronic,” Cole told Futurism, “but you might want to ask yourself: Do I really want to provide this information?”
Some experts, however, argue that your run-of-the-mill cyber attack against American businesses and citizens should not be considered an act of war. The term "war" comes with certain trappings — governments get involved, resources are diverted, and the whole situation escalates overall, Thomas Rid, professor and author, recently told The Boston Globe. That kind of intensity might, in fact, be counterproductive for small-scale attacks, ones where local authorities might be the ones best equipped to neutralize a threat.
As humans evolve, so too do the methods with which we seek to destroy each other. The advent of the internet allows for a new kind of warfare — a much quieter one. One that is fought remotely, in real time, that’s decentralized and anonymized. One in which robots and drones take the heat and do our bidding, or where artificial intelligence tells us when it’s time to go to war.
Cyber warfare isn’t unlike nuclear weapons — countries develop them in secret and, should they be deployed, it would be citizens that suffer more than their leaders. “Mutually assured destruction” would be a near guarantee. Treaties mandating transparency have worked to keep nuclear weapons in their stockpiles and away from deployment. Perhaps the same could work for digital warfare?
We may be able to foretell what scientific and technological developments are on the horizon, but we can only guess at what humanity will do with them.
Humans made airplanes. These allowed them to fly above the clouds...and they used it to drop bombs on each other.