The 1983 movie WarGames was about a seemingly harmless high school student who was able to hack into a military computer mainframe, which was wired for command and control of America’s nuclear arsenal, for only one reason -- to play some online games.
At the time of its release, it seemed ludicrous that anyone could use a telephone to take control of anything connected to computers, much less ICBM silos (most of the US’s nuclear warheads have since been placed on submarines, making it impossible to gain control through hacking).
Fast-forward 30 years, and that notion is no longer the case, as not only can world governments deliver collateral damage or cause disruption over an Internet connection, but they can do so with little to no cost, and without using conventional weapons.
The US, China, India, UK, Iran, Pakistan, Israel, Russia, and North Korea have all become key players on the cyber battlefield in the 21st century, with more nations engaging in security or nefarious activities every year as they gain modern electronic infrastructures (Internet). It’s fairly safe to say that this relatively new type of warfare is set to go hand-in-hand with conventional methods of combat, so much so that the aforementioned key players are considering cyber-attacks as a formal declaration of war.
Since the beginning of the new millennium, cyber-attacks have increased from a few dozen a year to roughly 110,000 every hour (according to HP regarding IT services for the US Navy). The attacks are targeted at specific branches of the nation’s government, corporations, banks, and power grids residing in those host nations.
Early attacks (all the way back to the 70s involving the Internet’s predecessor ARPANET) consisted of self-replicating ancestor worms designed to choke bandwidth (or outfitted with a payload that would encrypt or delete files) and disrupt an entire network. Over the years, these attacks have evolved into more serious applications that include espionage (using "cracking" techniques, malware, Trojan horses, or spyware) to gain sensitive information, sabotage of power (using sophisticated worms or viruses such as Stuxnet), communications, water, and fuel infrastructures, and DoS/DDoS (Denial of Service) attacks designed to make network resources unavailable to users.
As the attacks have increased, governments around the globe have sanctioned new command structures to handle their respective countries' digital tactics and security, such as the US’s Cyber Command (USCYBERCOM), which is tasked with cyber-operations, managing of cyber-resources, and responsibility for the security of military networks. Other notable commands that engage in similar practices include the Indian CERT (Computer Emergency Response Team), China’s newly formed Blue Army, and England’s MI6.
Over the last few years, more serious cyber attacks, which have done significant damage to both networks and infrastructures, have been reported, leaving world leaders irate and pointing fingers at those they deem responsible. In 2010, the Stuxnet worm was unleashed on the globe (it’s been alleged the original author was a 14-year-old Panama boy who created it as a way to control his school) where it quickly took root in several countries and wreaked havoc on facilities using Siemens industrial software.
It wasn’t long before the majority of the computers that were affected were centralized in Iran, where the worm proceeded to damage specialized power supplies in the centrifuge systems of the Natanz nuclear enrichment facility, thereby slowing the nation’s nuclear efforts. Iran was quick to point the finger at both the US and Israel because of the worm's destructive complexity (it was the first to feature a programmable logic controller rootkit).
While not as extravagant as more technologically-savvy countries, the terrorist organization Al Qaeda was able to hack into allied drone video-feeds (in 2009) in Iraq and Afghanistan using off-the-shelf software, such as SkyGrabber, for as little as $25. Assuredly, upgrades to the UAVs have eliminated that particular threat, but it just goes to show how vulnerable any network can be.
As we enter the new decade, the probability of continued attacks on information infrastructure is sure to increase. The consequences of these acts can, and will, affect each nation’s citizens as governments have the power to inflict serious damage through cyberspace that can ruin economies, destroy infrastructure (power, water, and even agriculture), and levy monetary resources from major banks just by using cheap software and a laptop connected to the Internet.
The question remains: What can be done to curb these attacks, or eliminate them altogether, without reverting back to an era where WiFi, the Internet, cloud services, and satellite communication didn’t exist?