With cyber attacks being more and more prevalent in businesses around the world, national security agencies and military forces are turning their attention to cyber warfare.
The USA has allegedly engaged in cyber warfare against Iran in the wake of the attacks in the Gulf of Oman. At the time of writing this, Iran denies being hit by a cyber-attack, although they admit the US is trying to engage in hostile action against their systems. This wouldn’t be the first time – the US is widely believed to have been responsible for developing the Stuxnet virus which targeted Iranian nuclear facilities as far back as 2007, considerably slowing their progress.
Covert attacks like this are only going to become more common, utilised by both hacker groups and state military forces.
Cyber warfare is the next frontier of war, where one state uses viruses and hacking to cripple an enemy state’s computer systems, removing their ability to access information and communications systems.
In many cases, computers aren’t the final target of a cyber strike – the systems they control are. If you knock out the computers linked to a hospital or airport, they effectively cease to function.
It’s important to understand that cyber warfare is different from cyber espionage, which almost all governments engage in to some extent. For an attack to be classified as cyber warfare, it must lead to significant damage to vital systems, causing disruption of even loss of life. This matters because under current international law, countries are only allow to use force in retaliation against aggressive acts.
Cyber attacks are so powerful because so much of our world is now controlled by data. An attack can impact systems around an entire country, knocking out emergency services for days, disrupting the economy, and weakening military responsiveness. Cyber-attacks can also be launched instantly, without any evidence, making them hard to predict or counter.
A well-placed cyber-attack could knock out a city’s traffic light systems, alter stock prices, or even manipulate the data in medical records. Needless to say, if they were to target civilian infrastructure, cyber-attacks could be more damaging than a traditional missile strike.
Cyber warfare has already been used to compromise various countries’ computer systems, including the UK, and misinformation campaigns have been widely used over the internet to influence elections in the UK and USA.
Russia and China are two of the most prepared nations in terms of cyber warfare capabilities. This is worrying to other nations around the world, triggering a kind of cyber arms race, with more than 30 countries trying to develop more advanced capabilities while simultaneously upgrading their defences.
There is currently a lack of clear international rules governing the use of cyber weapons. A group of scholars has spent years applying international law to cyber warfare, resulting in the Tallinn Manual, a textbook prepared by the group and backed by the NATO-affiliated Cooperative Cyber Defence Centre of Excellence (CCDCoE) based in the Estonian capital of Tallinn, from which the manual takes its name.
The first version of the manual looks at the kind of cyber-attacks which would constitute warfare, and thus warrant significant retaliation. The second edition has built a legal framework from which to combat cyber-attacks, aimed to help governments and intelligence agencies.
Due to the inherently murky and secretive world of hackers, it can be difficult to tell if an individual or group has had state support in any of their attacks.
Currently, all cyber-attacks are planned and co-ordinated by people. In the future, it’s likely they’ll be devised and carried out by artificial intelligence. AI systems will be able to analyse and break into secure systems faster than any human, and could cause disruption on a significantly wider scale than previously possible.
Blockchain is going to be one of the best ways to defend against cyber-attacks. It can protect data from intruders, and keep systems secure.
It’s likely that cyber-attacks will become more common over the coming years, and we will probably see a full-scale cyber warfare level event in the next decade.