I've been reading about (and have written about) cyber war over the last months.
STUXNET is perhaps the most widely known about cyber weapon targeted at Iranian nuclear centrifuges. Basically this is a virus that was specifically created to attack the PC-based Siemens controllers attached to the actual centrifuge. It was supposedly jointly developed by Israel and the US for the express purpose of stopping the Iranian nuclear program.
The virus basically caused the machines to run in a way that would destroy them while reporting on via the PC controller that everything was working normally.
The end result? Physically damaged and useless machines.
Now let's compare this to what you might call traditional war. In this case someone (the US or Israel for example) develops some sort of explosive weapon that can destroy the centrifuges.
In this case there may be a lot of collateral damage - civilians killed (though are they civilians if they are building nuclear weapons?), buildings destroyed, infrastructure damaged, etc.
So cyber weapons do damage, just less than conventional weapons. And while STUXNET was not targeted at human life its certainly plausible that it could infect something that would in the end physically harm a human.
So it seems that cyber war isn't really all that different than "traditional war" - its just a "more focused" attack with less collateral damage. Kind of like the neutron bomb of the cold war - a device designed to emit a massive amount of radiation to kill rather than simply destroying physical structures.
Yet cyber war seems to be portrayed in press quite matter-of-factly.
I suppose this is in part because the same name, cyber war, is often used to describe the battle between law enforcement and hackers for passwords and private information.
But this is not really war - its more of a cat-and-mouse game between those in corporate IT who are defending data and those on the outside who wish to access it.
Typically no one is "hurt" physically - only their private information and finances are taken or exploited.
But let's think about what will happen with cyber war over time.
Today its focused on strategic infrastructure - Iranian nuclear centrifuges. Or, I suppose, on pentagon or CIA computers.
Things that are of some vital (or supposed vital) nation interest.
But I don't imagine that foreign cyber warriors will stop there - why should they?
Instead I imagine that some evil foreign agent will write the most popular iPhone game ever. Except that it will be a Trojan weapon that, on command, will burn up or "brick" the iPhone via some mischievous misuse of the Apple programming standards.
There are probably at least 230 million iPhones in the world. This represents easily $10 billion USD for each fifty dollars of iPhone value. Multiply that by a $100 USD internet/cellphone bill and you see that the destruction of massive amounts of iPhones could represent a trillion USD in damages.
And iPhones are just one example of thousand of daily use devices connected to the internet.
There are of course servers, home PC's, routers, wifi's, home entertainment devices of all sorts.
And there are commercial computers of other sorts in trains, planes, and automobiles.
There are financial institutions rife with computer devices that virtually define our culture.
Of course, at least from the perspective of the Middle-East where there is no where near the dependency on an installed base of computers, its a one sided effort. We cannot attack their installed base of cellphones because they have far fewer.
What does this all mean?
I think that we here in the US are "hanging out" very, very far in the sense of our technological susceptibility to cyber attack. Western Europe is probably in the same boat as well.
And all our advanced infrastructure is basically "open" to anyone with a PC and a clever mind.
So a trillion dollar "bricking" of all iPhones would be about the same "cost" to US society as a direct nuclear strike on New York City.
In the past to accomplish a direct nuclear stricke (or even in the case of Iran today) billions of dollars of development for missiles, guidance, computers, nuclear production was required over many, many years. As in the case of Pakistan or India, relatively recent members of the nuclear "club" this was an effort and investment by the entire society within a country.
A cyber attack on financial institutions or cellphones, on the other hand, could be accomplished by a single determined person using nothing more than a decent PC and an internet connection.
In the US our cyber infrastructure has become some convoluted and fraught with "holes" (see this article as an example) that it seems this sort of attack is inevitable.
Stepping back it seems that there is an interesting antithesis here.
In the US at least, we love to "share" on Facebook and through endless cellphone and other apps - pictures, email, life in general.
We foolishly believe that the rest of world is of the same mindset.
I think that yes, they do want to share, but more than likely share something evil in the form of a virus or other problem in order to harm us.
Yet we dance around singing Kumbia in hopes of "world peace" in complete ignorance of this potential for destruction.
As if our very nature for "sharing" is the window through which we will allow the destruction of our way of life...
STUXNET is perhaps the most widely known about cyber weapon targeted at Iranian nuclear centrifuges. Basically this is a virus that was specifically created to attack the PC-based Siemens controllers attached to the actual centrifuge. It was supposedly jointly developed by Israel and the US for the express purpose of stopping the Iranian nuclear program.
The virus basically caused the machines to run in a way that would destroy them while reporting on via the PC controller that everything was working normally.
The end result? Physically damaged and useless machines.
Now let's compare this to what you might call traditional war. In this case someone (the US or Israel for example) develops some sort of explosive weapon that can destroy the centrifuges.
In this case there may be a lot of collateral damage - civilians killed (though are they civilians if they are building nuclear weapons?), buildings destroyed, infrastructure damaged, etc.
So cyber weapons do damage, just less than conventional weapons. And while STUXNET was not targeted at human life its certainly plausible that it could infect something that would in the end physically harm a human.
So it seems that cyber war isn't really all that different than "traditional war" - its just a "more focused" attack with less collateral damage. Kind of like the neutron bomb of the cold war - a device designed to emit a massive amount of radiation to kill rather than simply destroying physical structures.
Yet cyber war seems to be portrayed in press quite matter-of-factly.
I suppose this is in part because the same name, cyber war, is often used to describe the battle between law enforcement and hackers for passwords and private information.
But this is not really war - its more of a cat-and-mouse game between those in corporate IT who are defending data and those on the outside who wish to access it.
Typically no one is "hurt" physically - only their private information and finances are taken or exploited.
But let's think about what will happen with cyber war over time.
Today its focused on strategic infrastructure - Iranian nuclear centrifuges. Or, I suppose, on pentagon or CIA computers.
Things that are of some vital (or supposed vital) nation interest.
But I don't imagine that foreign cyber warriors will stop there - why should they?
Instead I imagine that some evil foreign agent will write the most popular iPhone game ever. Except that it will be a Trojan weapon that, on command, will burn up or "brick" the iPhone via some mischievous misuse of the Apple programming standards.
There are probably at least 230 million iPhones in the world. This represents easily $10 billion USD for each fifty dollars of iPhone value. Multiply that by a $100 USD internet/cellphone bill and you see that the destruction of massive amounts of iPhones could represent a trillion USD in damages.
And iPhones are just one example of thousand of daily use devices connected to the internet.
There are of course servers, home PC's, routers, wifi's, home entertainment devices of all sorts.
And there are commercial computers of other sorts in trains, planes, and automobiles.
There are financial institutions rife with computer devices that virtually define our culture.
Of course, at least from the perspective of the Middle-East where there is no where near the dependency on an installed base of computers, its a one sided effort. We cannot attack their installed base of cellphones because they have far fewer.
What does this all mean?
I think that we here in the US are "hanging out" very, very far in the sense of our technological susceptibility to cyber attack. Western Europe is probably in the same boat as well.
And all our advanced infrastructure is basically "open" to anyone with a PC and a clever mind.
So a trillion dollar "bricking" of all iPhones would be about the same "cost" to US society as a direct nuclear strike on New York City.
In the past to accomplish a direct nuclear stricke (or even in the case of Iran today) billions of dollars of development for missiles, guidance, computers, nuclear production was required over many, many years. As in the case of Pakistan or India, relatively recent members of the nuclear "club" this was an effort and investment by the entire society within a country.
A cyber attack on financial institutions or cellphones, on the other hand, could be accomplished by a single determined person using nothing more than a decent PC and an internet connection.
In the US our cyber infrastructure has become some convoluted and fraught with "holes" (see this article as an example) that it seems this sort of attack is inevitable.
Stepping back it seems that there is an interesting antithesis here.
In the US at least, we love to "share" on Facebook and through endless cellphone and other apps - pictures, email, life in general.
We foolishly believe that the rest of world is of the same mindset.
I think that yes, they do want to share, but more than likely share something evil in the form of a virus or other problem in order to harm us.
Yet we dance around singing Kumbia in hopes of "world peace" in complete ignorance of this potential for destruction.
As if our very nature for "sharing" is the window through which we will allow the destruction of our way of life...
No comments:
Post a Comment