Guest post: Speedbox – Could a cyber-attack trigger war


With both state and non-state actors becoming more adept at carrying out attacks in the cyber realm, the threat to global security and economy will continue to grow.  This raises the possibility that cyber-attacks could spark an actual conflict outside of the cyber sphere. In just the first six months of this year, the severity of the attacks reached a new high.  

Florida Water – In February, a plant operator noticed how the cursor of his computer started moving across the screen and opened software functions that controlled the water treatment process.  The hacker was able to boost the level of sodium hydroxide pumped into the water by 100 times its normal level before the attack was thwarted.    

Colonial Pipeline – The cyber-attack directly impacted the fuel supply for the East Coast of the United States.  The chaos, fuel shortages and price spikes were a consequence of a leaked password to an old account with access to the VPN used to access the company’s server.  Colonial paid a ransom in Bitcoin although much of that was reportedly recovered.

Microsoft Exchange – A Chinese cyber espionage group uncovered and exploited four newly discovered vulnerabilities in the email software, putting at risk millions of organizations and government agencies across the globe.  Microsoft worked to revert the damages caused by releasing an update to the system and providing mitigation guidance.  The issue caused most email exchanges to be offline or degraded for several days.

Those are just the tip of the iceberg.  Hundreds of lesser known (or now forgotten) attacks have occurred such as Marriot International in 2020 which revealed the personal information of some 5.2 million hotel guests including name, mailing address, email address, phone number, employer, gender and date of birth. 

The use of cyberweapons against military industrial systems was reinforced with destructive effect in 2010 by the most (in)famous computer virus of them all: Stuxnet.    

Stuxnet was a complex, multifaceted malware that disabled uranium-enrichment centrifuges in Iran, slowing down the country’s nuclear program.  Back then, nothing could match Stuxnet for complexity or sheer cunning — the worm was able to spread imperceptibly through USB flash drives, penetrating computers that were not connected to the Internet or a local network. 

Hundreds of thousands of computers were infected yet the worm manifested itself only on computers operated by Siemens programmable controllers and software.  On landing on such a machine, it reprogrammed these controllers.  Then, by setting the rotational speed of the uranium-enrichment centrifuges too high, it physically destroyed them.

Whilst many in the West cheered Stuxnet, it reinforces the question of whether by accident or design a cyber-attack may result in a devastating outcome.  Many speculate that numerous ‘Trojan Horse’ programs lie idle in the computer operating systems of government departments and various utilities around the world waiting to be activated.  An investigation confirmed the malicious script in the Florida Water system had been in place for at least two months before activation, for example.  Could a single cyber-attack initiate a tit-for-tat response leading to a military confrontation?   Stuxnet, for all its brilliance a decade ago, ushered in a new era of cyber-attack and the reaction by the injured or threatened recipient could initiate a dangerous escalation.


Subscribe
Notify of
guest

19 Comments
Inline Feedbacks
View all comments
Muddy
Muddy
September 5, 2021 10:29 am

This is an interesting and very relevant post. Organisations such as the U.S. Center for Security Policy have long emphasized this issue.

The challenge for a state taking supra-cyber action against cyber attacks might sometimes be attribution.

RobK
RobK
September 5, 2021 10:54 am

Could an innocently corrupted digital command cause an accident or be misinterpreted as a hostile act?
Or; unforeseen programming responses to untested inputs? Wasn’t there a trading glitch or two that have impacted Wall Street. It used to be that the defence forces consumed the most computer power . Not sure that still holds true.
Complexity leads to vulnerability.

RobK
RobK
September 5, 2021 10:58 am

A cyber attack could certainly be an act of war.

Shy Ted
Shy Ted
September 5, 2021 11:10 am

The hacker was able to boost the level of sodium hydroxide pumped into the water by 100 times its normal level before the attack was thwarted.

So you’re saying we should drink only beer? To be on the safe side? OK, if you insist.

duncanm
duncanm
September 5, 2021 12:56 pm

Shy Tedsays:
September 5, 2021 at 11:10 am

So you’re saying we should drink only beer? To be on the safe side? OK, if you insist.

but only from small (read tasty) breweries. Automation in the large conglomerates is also a risk.

Bruce of Newcastle
Bruce of Newcastle
September 5, 2021 1:09 pm

Interestingly there seems to be a sort of gentlemen’s agreement that cyberattacks aren’t casus belli for war. I suspect that’s because the threat of nuclear weapons has made initiation of war a very dangerous thing indeed. Most of the major cyber players are also nuclear powers.

There’s certainly reputational damage. China is on the nose for their notorious cyber campaigns. Retribution though tends to be in the soft diplomatic fields such as sanctioning individuals and restricting businesses like Huawei. If China hadn’t gotten so cocky and overconfident Huawei would’ve absolutely owned the internet.

MatrixTransform
September 5, 2021 1:46 pm

Without naming a brand there is some extremely powerful automation equipment out there.

One we are very familiar with gets deployed literally everywhere.

Lock your routers and switches down to mac address and physical port, we can still tunnel across campuses if there’s a corporate network .

Well, we could in legacy versions.

Anyway, we can still provision other devices from any device.

Trivial to write an object in code and drop it somewhere to be compiled in-situ by the destination engine.

So it isn’t just industrial plants, it’s distributed throughout near every tall building you can see.

Working “from home” we reach all the way into your “essential” services.

So be nice to me.

MatrixTransform
September 5, 2021 1:51 pm

There’s even a search engine on the webz that will go fetch internet exposed hardware of the type I mention above.

Won’t refer to that search engine by name.

For a decade or more these systems were often deployed with default credentials.

Which means, I can log in with ‘platform’ credentials

Which means … I ‘could’ do almost anything.

Old bloke
Old bloke
September 5, 2021 2:16 pm

Most of the problems from cyber attacks stem from corporations using the public Internet as their network backbone rather than leasing private lines. Many large corporations, banks for example, still use private networks to keep their networks safe, though private networks are more expensive to maintain.

Arky
September 5, 2021 2:17 pm

Fucking stupid idea: hooking all the infrastructure required for a modern society to survive to electronic controls and the internet.
It’s almost as if we want to die.
It’s not as if there was no other possibly way to do it.
You don’t HAVE to hook the water control systems up to the internet.
Seriously, when they build this stuff doesn’t anyone go “Do we really need to have the servomotors that dump the bleach in the water accessible over the internet? You know, the internet with the Nigerian scammers and the Russian mail order brides and the Mafia and the Chinese hackers”?

Arky
September 5, 2021 2:21 pm

I always watched those movies in the 90s where the hacker guy does all this amazing stuff accessing infrastructure or bank vaults or freeway cameras and went “Come on, that’s not believable, they wouldn’t have that thing hooked to the internet. Why”? Apparently the engineers watched the same movies and went “Wow! We can hook everything up to the internet”.

MatrixTransform
September 5, 2021 2:31 pm

Apparently the engineers watched the same movies and went “Wow! We can hook everything up to the internet

correct

Zatara
Zatara
September 5, 2021 4:21 pm

Which is exactly why I have, at not slight expense, drilled two bores on my property and installed solar powered pumps and tanks on both. The only automatic controls are limit switches and such. None are internet connected in any way.

If they are going to poison my water they better pack a lunch.

RobK
RobK
September 5, 2021 4:26 pm

“ Interestingly there seems to be a sort of gentlemen’s agreement that cyberattacks aren’t casus belli for war”
In my view it’s because at the moment they are just posturing, perhaps seeding. There are no gentlemen in war.

Zatara
Zatara
September 5, 2021 4:26 pm

Lest anyone think I’m a cut it all off from society survivalist type, nope. I still pay for public water for instance and use it to flush our toilets, because it also lets me dump my sewerage into their system for them to handle – which seems appropriate.

Meanwhile, I have a fully operational septic system installed for when they decide to change the rules.

Zatara
Zatara
September 5, 2021 4:30 pm

As to the war caused by a cyber attack, who would notice or even believe it if announced by govts or their poodle press at this point?

Stealing elections electronically is a cyber-attack. How did the sheep respond to that?

RobK
RobK
September 5, 2021 4:35 pm

If you could disable one in ten cars on the road at a given time(better still, cause them to rear end the car ahead), a city would be grid locked for a long time. Throw in some substations and water supply, sewer etc disabled and you have panic and pandemonium .

RobK
RobK
September 5, 2021 5:11 pm

“ Meanwhile, I have a fully operational septic system installed for when they decide to change the rules.”
I have a manual posthole borer that goes to about 4’, 6” diameter . Instant long drop but also handy for scraps etc for which it is used now.

RobK
RobK
September 5, 2021 5:43 pm

OB,
“ Many large corporations, banks for example, still use private networks to keep their networks safe, ”
“Safer” would be a better word.
In the end, security has a human element. Unless I’m mistaken, the stuxnet job was a secure private network except for USB access by authorised personnel.

  1. Good rant from the Rev: Glastonbury baby, left wing hypocrite rant https://www.youtube.com/watch?v=vqkzRfCK9oM

  2. I gave it up aged 80 after a not very long or difficult trip on an Icelandic pony. They have…

  3. Appalling to see my old Alma Mater brought down to such a low. Mark Scott was a disastrous apoointment.

19
0
Oh, you think that, do you? Care to put it on record?x
()
x