Cybersecurity experts have suspected for years that security at US plants has already been compromised. Those suspicions have now been confirmed by the White House. Last week, Reuters and the New York Times reported that administration officials have acknowledged that the US energy systems have been hacked by Russia.
Nick Bilogorskiy, cybersecurity expert at Juniper Networks says it’s time for a new Geneva Convention to protect civilians during cyber warfare.
Beginning in 2016, and likely earlier, Moscow hackers began to penetrate US infrastructure, including electric and water plants, nuclear facilities, manufacturing plants, and even aviation systems. The Department of Homeland Security and the FBI said in an alert that a multi-stage intrusion campaign by Russian government cyber actors had targeted plants where they staged malware and gained remote access into industrial networks.
Is It Time for a Worldwide Pact on Cyber Attacks?
The news from the White House comes after cyber experts spent the past four or five years warning that US plants were vulnerable and that they had probably already been hacked with malware that could be activated at will. The revelations have prompted call for Geneva-Convention-like rules to soften the blow on civilians if a hot cyberwar breaks out. "I think the world needs a set of rules similar to the Geneva Convention to establish the standards of law for humanitarian treatment in cyberwar,” Nick Bilogorskiy, cybersecurity strategist at Juniper Networks, told Design News.
Bilogorskiy envisions an agreement that would protect those who are not actively engaged in cyber conflict. “It needs to define the protections of non-combatants in and around the cyberwar zone. Certain technologies or attack scenarios should be restricted, for example DDOS [distributed denial of service] on life-support systems,” said Bilogorskiy. “Another example could be causing civilian plane crashes through custom malware or causing explosions in industrial plants.”
Warfare Is Tilting Toward Cyber Systems
Part of the issue is that civilians share the same computer systems that are used for much of the military and industrial sectors. "In cyberwar, the primary target is information on computer systems. What we need is a new form of the fourth Geneva convention, the one that deals with the treatment of civilians and their protection during wartime,” said Bilogorskiy. “The big challenge here is to understand how to do that in the new reality of non-linear warfare.”
The idea of cyber warfare is not theoretical in a world where the malware already exists within industrial networks and computer attacks have already been documented on electoral systems and in the Ukraine. “The nature of armed conflicts has changed dramatically, towards hybrid warfare with some cyber and information manipulation components,” said Bilogorskiy. “For example, in the Ukraine, Russia has been accused of combining military and nonmilitary means from bribery of opposing public officials to long-range artillery, microwaves, radiation, and non-lethal biological weapons.”
Unimpeded Cyber Systems Are a Critical Human Need
The future battles of the information age are here today. The lone hacker who was showing off to friends has morphed into the nation state that can turn off an enemy city’s power or defame a political opponent. "The computer revolution in military affairs has impacted tactics and weapons. Terrorist and criminal groups now have abilities that used to be reserved by nation states,” said Bilogorskiy. “Cyberattacks have been used in a broader strategy of information warfare. Some examples are denial of service attacks, hacker attacks, espionage malware, dissemination of disinformation and propaganda, social media election manipulation, website or twitter defacements, persecution of cyber-dissidents, and other active measures.”
The problem that needs to be addressed, according to Bilogorskiy, is how to protect those who are not combatants. "Interfering with communication system computers is a part of standard military tactics. But hacking attacks that cause a direct loss of life should be considered war crimes,” said Bilogorskiy. "Internet connectivity is quickly becoming a basic human right and a critical need.”
Rob Spiegel has covered automation and control for 17 years, 15 of them for Design News. Other topics he has covered include supply chain technology, alternative energy, and cyber security. For 10 years, he was owner and publisher of the food magazine Chile Pepper.
As the Internet of Things (IoT) pushes automation to new heights, people will perform fewer and fewer “simple tasks.” Does that mean the demand for highly technical employees will increase as the need for less-technical employees decreases? What will be the immediate and long-term effects on the overall job market? What about our privacy and is the IoT secure? These are loaded questions, but ones that are asked often. Cees Links, wireless pioneer, entrepreneur, and general manager of the Wireless Connectivity business unit in Qorvo, will address these questions, as well as expectations for IoT’s impact on society, in this ESC Boston 2018 keynote presentation, Thursday, April 19, at 1 pm. Use the Code DESIGNNEWS to save 20% when you register for the two-day conference today!