view counter

CybersecurityIf two countries waged cyber war on each another, here’s what to expect

By Bill Buchanan

Published 9 August 2016

Imagine you woke up to discover a massive cyberattack on your country. All government data has been destroyed, taking out healthcare records, birth certificates, social care records and so much more. The transport system isn’t working, traffic lights are blank, immigration is in chaos, and all tax records have disappeared. When countries declare war on one another in future, this sort of disaster might be the opportunity the enemy is looking for. Given the current level of international tension and the potential damage from a major cyberattack, this is an area that all countries need to take very seriously. Better to do it now rather than waiting until one country pays the price. For better and worse, the world has never been so connected.

Imagine you woke up to discover a massive cyberattack on your country. All government data has been destroyed, taking out healthcare records, birth certificates, social care records and so much more. The transport system isn’t working, traffic lights are blank, immigration is in chaos, and all tax records have disappeared. The Internet has been reduced to an error message and daily life as you know it has halted.

This might sound fanciful but don’t be so sure. When countries declare war on one another in future, this sort of disaster might be the opportunity the enemy is looking for. The Internet has brought us many great things but it has made us more vulnerable. Protecting against such futuristic violence is one of the key challenges of the twenty-first century.

Strategists know that the most fragile part of Internet infrastructure is the energy supply. The starting point in serious cyber warfare may well be to trip the power stations which power the data centers involved with the core routing elements of the network.

Back-up generators and uninterruptible power supplies might offer protection, but they don’t always work and can potentially be hacked. In any case, backup power is usually designed to shut off after a few hours. That is enough time to correct a normal fault, but cyberattacks might require backup for days or even weeks.

William Cohen, the former U.S secretary of defense, recently predicted such a major outage would cause large-scale economic damage and civil unrest throughout a country. In a war situation, this could be enough to bring about defeat. Janet Napolitano, a former secretary at the Department of Homeland Security, believes the American system is not well enough protected to avoid this.

Denial of service
An attack on the national grid could involve what is called a distributed denial of service (DDoS) attack. These use multiple computers to flood a system with information from many sources at the same time. This could make it easier for hackers to neutralize the backup power and tripping the system.

DDoS attacks are also a major threat in their own right. They could overload the main network gateways of a country and cause major outages. Such attacks are commonplace against the private sector, particularly finance companies. Akamai Technologies, which controls 30 percent of Internet traffic, recently said these are the most worrying kind of attack and becoming ever more sophisticated.