America’s most famous investor, Warren Buffett, characterized cyber-attacks as a bigger threat to humanity than nuclear weapons, calling them “the No. 1 problem with mankind”. He must be extremely right, at least, becausethe last couple of decades have seen a colossal change in terms of theinfluence that computers have on the battle field, to an extent that defence pundits claim it to be a dawn of a new era in warfare. The use of computers andinformation in defence has manifested into various force multipliers such asInformation Operations, C4I2SR Systems, Network Centric Warfare, to the extentthat commentators are terming this information age as a Revolution in MilitaryAffairs (RMA). These advances have not only revolutionized the way in whichwars are fought, but have also initiated a new battle for the control of a newdimension in the current contemporary world: The Cyber Space.
The similarities between cyber and nuclear weapons, characterized by Buffet, are painfully apparent: These attacks are capable of imposing catastrophic consequences on critical national assets, with quick delivery times unimpeded by geographic boundaries. The global landscape has become increasingly digitized, and this increased cyber-connectivity is changing the nature of the threats the world faces, posing serious implications for national and global security. Today, cyber-war is not a low grade tactical warfare, used primarily for a force enhancement effect. There has been a gradual paradigm shift inmilitary thinking and strategies, from the strategic aspect to the tactical aspect ofcyber warfare laying more emphasis on cyber-attacks and counter measures. The formation of a notion that cyber warfare or information warfare is apotent force multiplier is no longer in doubt. Many more nations are establishing Cyber-Squads in their Militaries.
The
well-known ancient Chinese Strategist, Sun Tzu, had said: “One hundred victories
in one hundred battles is not the most skillful. Seizing the enemy without
fighting is the most skillful.” It looks as though, cyber-warfare has come to
realize this strategic notion. The Prussian strategist, Von Clausewitz,
complements Sun Tzu, when he says that, “War is thus an act of force to compel
our enemy to do our will”. In essence, Clausewitz elucidated the fact that the
end of the war is to compel the enemy to do your will and Sun Tzu argued that
the best form of warfare is the one, in which the enemy is seized without a
fight. Cyber warfare derives the
essence of both of these great military theorists, as it is a warfare, which is
capable of compelling the enemy to your will, by inducing strategic paralysis
to achieve desired ends and this seizing of enemy is done almost without any
application of physical force.
Beyond using the cyberspace for war purposes, another devastation to global security and stability lies in the various forms, in which the cyberspace is used indiscriminately against facilities and other innocent persons. One of such situations is Ransomeware.Ransomware attacks sourced to the WannaDecryptor (Wannacrypt) virus have been identified in over 70 countries across Europe and Asia, as well as in the United States. Over 36,000 Wannacrypt cases have been detected worldwide. The ransomware exploits a vulnerability in Microsoft systems. This was discovered, initially, by the U.S. National Security Agency, reportedly around 2013. This hacking tool was lifted in the summer of 2016 by a previously obscure group calling itself the “Shadow Brokers.”Ransomware is an increasingly common cyber threat. It initially targeted smartphones but over the last several years has struck larger IT systems. An NBC report estimated that in 2016 U.S. police departments, hospitals and libraries paid out $200 million in ransom.
Another is the use of cyber-attack, intentionally targeting some of the most sensitive facilities in the world. Stuxnet, a malicious computer worm that targets industrial computer systems, first publicly identified in 2010, was responsible for causing substantial damage to Iran’s nuclear program. Although neither country admitted responsibility, the worm is frequently described as a jointly built American-Israeli cyber-weapon. Stuxnet switched off safety devices, sabotaging centrifuges by making them spin out of control and destroy themselves. In 2007, the Idaho National Laboratory conducted the Aurora experiment to demonstrate how a cyber-attack could destroy physical components of the electric grid. The experiment used a computer program that rapidly opened and closed a diesel generator’s circuit breakers out of phase from the rest of the grid, causing them to explode. As mentioned above, the Wannacrypt attack appears to use an exploit initially developed by the U.S. government but released into the wild by the Shadow Brokers as part of a large cache of cyber tools they allegedly obtained from the U.S. National Security Agency. The group attempted to sell the tools for one million Bitcoins. According to the New York Times, since May 2017, hackers have been penetrating the computer networks of companies that operate nuclear power stations and other energy facilities, as well as manufacturing plants in the U.S. and other countries. Among the companies impacted was the Wolf Creek Nuclear Operating Corporation, which runs a nuclear power plant near Burlington, Kan. And this is very serious, indeed, for global stability. Banks in Russia, Japan, the US, and Europe have fallen victim to a massive, sophisticated malware hack, allowing the perpetrators to steal hundreds of millions of dollars since 2013. According to a Kaspersky Labs report published last year by the New York Times, more than 100 banks in 30 nations have been affected by the breach, with upwards of $300 million stolen in the process. Ghana is reported to have lost US$ 97 million to cyber-fraud between 2016 and 2018. That is according to the Director of the Cyber-Space Department of the Criminal Investigation Department (CID), Dr. Herbert Gustav Yankson.
Cyber-warfare requires the same determination and ingenuity that resolved the global nuclear threat. It is believed that, the U.S. is well-positioned to lead an effort toward an enforceable treaty that establishes norms on the use of cyber-weapons. Russia is known to have proposed a UN-led treaty, that would be binding on all countries. The snag lies in the problem of non-state actors and the facelessness of perpetrators. It also lies in the eagerness by the powerful nations, as well as less powerful ones, like North Korea, to weaponise the cyber-space, at least, for geo-strategic reasons. Powerful nations continue to test their abilities to use and deploy new kinds of weapons, and conflict seems inevitable, if not already a reality.
Until the world takes on that challenge, (the challenge of outlawing cyber-warfare), the world will be unsure as to which cyber act will generate what response, and so the world watches aloof as malicious cyber acts expand and escalate. It is likely to end in a crisis that will fail to demonstrate and define acceptable limits and unacceptable actions. In 1962, a limit was found when the Cuban Missile Crisis led us to the edge of a nuclear disaster. We accepted a principle of Mutually Assured Destruction (MAD) and Détente started. The cyber issue is different.
By V. Antwi-Danso
