CYBER WAR

Introduction

?

???????????The emergence (1990s) of risk scenarios related to individual incidents of information systems being breached by independent individuals or groups (Hackers), was linked to the penetration of digital technologies into government, military, corporate and personal infrastructures and activities.

???????????Over time the risk of the possible consequences was upgraded turning simple scenarios into horror scenarios as simple network penetration attacks evolved into normal war (cyber war) mutating the field of Cyberspace into a field of "battle" for organized groups (anonymous, etc.), criminal/terrorist organizations or states.

???????????What are the possible consequences in the event that hackers (with or without government support) attack through Cyberspace? ????????????????? -Cut off electricity, gas and water supply to entire regions and cities? ??????? -Paralyze the banking system (Web Banking, ATM operation, etc) in a country? ??-Shut down airports, ports, hospitals, oil refineries and factories? ?? -Gain access to control systems for conventional or even weapons of mass destruction (nuclear, chemical substances)?

???????????The above scenarios are taking shape in our day, moving beyond simple vandalism, criminal profiteering and even espionage to include the kind of physical disruption and destruction that was once only possible through military attacks and terrorist sabotage, while creating a new reality of a war which is being waged continuously (24-7-365) in the field of cyberspace escaping the stage of science fiction and the exercises of war games.

???????????For a country, the potential effects of operations in Cyberspace (Cyberattacks) are serious, with a huge range starting from disrupting the daily life of its citizens to undermining its sovereignty.

?History of Cyberwarfare

????????????Historically, the term "cyber war" was mentioned for the first time in Thomas Rid's book, "The Rise of the Machines" [1} while it was presented for the first time (1987) in an article at Omni magazine describing future wars with giant robots, autonomous flying vehicles weapons and systems.

???????????The original idea of a robotic cyber war similar to the famous Schwarzenegger film “Terminator”, due to its impracticality, was quickly abandoned and replaced by the idea[2] of using hackers in the context of military operations not only for reconnaissance and spying on enemy systems, but also for attacking and disrupting the digital systems the adversary uses for command and control.

???????????The above perspective quickly adapted to the reality that wants hackers not to limit their attacks only to military computers[3] , but to be able to attack the digital and automated systems of the adversary's critical infrastructure, with potentially devastating consequences for civilians.

???????????Probably this form and definition of cyber-war has in mind President Bill Clinton in 2001 when in his speech[4] he warned about the criticality of cyber-attacks on digital systems.

???????????Clarke and Knake[5] use the term "cyberwarfare" to describe those "...actions by a nation-state to penetrate the computers or networks of another nation with the intent to cause harm or disruption...". This definition roughly includes the same things that we have identified as "acts of war", with the difference that in this case they are carried out by digital means, having the ability to cross the borders of the virtual world ( cyberspace) and have real consequences in the physical world.

?Threats

?In an anarchic system like Cyberspace, the perpetrators who engage in illegal activities are mainly grouped based on the purpose for which they operate, as below (increasing threat level):

? Individual Hackers-Crackers.

? Activists-Hackers.

? Domestic perpetrators without intent.

? Hackers-Crackers groups.

? Perpetrators of industrial espionage.

? Organized crime.

? Physical and environmental attacks.

? Terrorist organizations.

? Internal actors and External collaborators/consultants with intent.

? Countries.

?

Purpose of Cyber Operations

?Cyberspace operations are conducted to achieve some specific purpose:

?Exploitation: The main objective is to intercept information from the target or information sources connected to it.

?Deception: The perpetrator allows the target to continue to operate, but falsifies the information it collects, analyzes, or produces, effectively targeting the adversary's decision-making system.

?Destruction: The attacker disables the target by destroying it or the support systems necessary for its operation. In this case, the primary target is not the adversary's information systems, but its critical infrastructure.

?Disruption or neutralization: The attacker does not destroy the target but disables it or renders it unreliable for a period of time, denying legitimate users from its service or access to information sources.

?Methods of Accessing the Target System

?A prerequisite for the occurrence of a Cyber-attack is the restoration of electronic contact of the perpetrator with the system – a goal which requires:

????Interconnection (directly or indirectly) of the system with the cyberspace-internet.

????Physical access to the system in the case of no connection to the cyberspace-internet.

????Indirect access to the target system through the build or crash recovery chain or the system spares chain.

?Means of Cyber attacks (Cyber weapons)

?There are several means also known as Cyber weapons that an entity (country, organization, etc.) could use to carry out Cyber Attacks:

?????Computer: Basic tool-means (weapon) of cyber-attacks, which in principle is used as a means of production of cyber-weapons (software) as well as a vehicle-platform of the attack.

?????Software: Malicious programs (viruses, Trojan horses, digital worms, spyware, etc.) intended to compromise the confidentiality, integrity or availability of an information system.

?????Physical weapons: Actions/weapons that are used in the physical space with the aim of disrupting the operations/services of the target information infrastructure, these can be:

? §??Weapons of manifestation of conventional physical attack.

§??Physical electronic/digital attack manifestation weapons.

? ????Psychological Weapons: Psychological operations as well as Influence operations are an integral part of Information operations and Cyberspace operations assist them whenever required mainly by helping to conduct them in the Cyberspace field. However, there are cases in which Cyberspace operations use the procedures of psychological companies mainly for purposes of collecting information of their interest (phishing).

?Cyber Operations Tactics

?The basic tactics that can be used during operations in Cyberspace are the following:

?Destruction of the target system: By digitally or physically destroying the target system, the attacker manages to stop the services provided by the specific system.

?Falsification/Transformation of Data: Aims at the malicious conversion, i.e. falsification of the data/information that is entered, found in, or exported to an information system, with the result that legitimate users (people or machines) make important decisions based on maliciously altered information.

?Denial-of-Service (DoS): Its purpose is the partial or total deprivation - both in terms of quality and duration - of legal users from the services offered to them by an information system.

?Espionage: The adversary, by making use of information capabilities, covertly and without legalization gains access to large amounts of digital and communication data. With the appearance of social networks and the development of communication via the internet, it has also extended to the spying/monitoring of the users themselves.

?Propaganda (Propaganda): The internet, as a basic means of information, can very easily become a means of propaganda, with the use of appropriate information techniques, since the protection afforded to the user by anonymity facilitates this activity.

?Incidents

?The modern perspective of cyberspace operations combined with the increasing dependence of states on their information infrastructure requires the adoption of action models that integrate such operations into the entire military power strategy of states.

?Examples of first steps in this direction are:

?First Chechen War (1994)

Chechen separatists used the internet as a propaganda tool.

?Second Chechen War (1999-2000)

Russian officials have been accused of hacking into Chechen websites, escalating the conflict in cyberspace.

?Kosovo War (1999)

The internet infrastructures of NATO, USA and Britain were subjected to cyber attacks.

?Estonia (2007) - Web War I (WWI)

Coordinated Cyber-attacks on the entire country’s digital infrastructure resulting in the dissolution of its information infrastructure for a long period of time without being accompanied by corresponding pressure from conventional military operations.

?Georgia (2008)

The first real hybrid war in which conventional military forces (Russian armed forces) and information and cyber?operations forces were combined, resulting in complex intelligence operations.

?Stuxnet Affair (2010)

Tailored cyberattack via malware targeting Iran's nuclear program.

?What isn’t Cyberwar

?It is not espionage, as interception of information (Cyber Espionage) is only one part of it.

It is not cybercrime as it is not oriented towards financial gain, regardless of whether states often use, due to organization and knowledge, criminal groups for their operations.

It is not considered Information Warfare, although lately there is a tendency to fully integrate cyber operations into Information operations.

?Cyber peace

?The rise of the destructive potential of cyberwar, raises the question of how to avoid an endless, widespread digital conflict.

As a first step we could assume that increased cyber security or cyber defense would be a solution, however the attack always has the advantage especially when it is supported by state structures and targets critical infrastructure of the adversary.

Additional solutions would be:

Deterrence which can be manifested either by diplomatic, economic or even military means.

Treaties and Agreements that can establish rules and frameworks for cooperation, limiting cyber attacks and the proliferation of cyber weapons.

?Epilogue

?The field of Cyberspace, due to its particularities but also due to the increasing dependence of state infrastructures on it, is already and will continue to be a field of wide confrontation between states to other traditional battlefields (Land, Sea, Air, Space).

Cyberwar and Cyberspace operations as a choice to capture the power of a state and therefore according to the saying of Carl von Clausewitz as a means of continuing the policy with the aim of imposing the will of one state on another can under certain conditions be a strategic choice, a solution necessity or a power multiplier.

Clausewitz, with his insight and analytical thinking, saw that "every age has its own kind of war, its own limitations and its own particular prejudices." Our age, the age of computing and information, is no exception, it has its own war, the Cyber War which is part of the wider information war.

[1] https://ridt.co/machines/

[2] CyberWar is Coming (John Arquilla and David Ronfeldt)

??https://www.rand.org/pubs/reprints/RP223.html

[3] An Exploration of Cyberspace Security R&D Investment Strategies for DARPA (Robert H. Anderson, Anthony?

?C. Hearn)

?https://www.rand.org/pubs/monograph_reports/MR797.html

[4] “…today, our critical systems, from power generation, control and distribution structures to air traffic control, are linked and operated by computers…”, and that someone “…can sit at a computer, infiltrate another computer by paralyzing a company, a city or a government...'.

https://www.govinfo.gov/content/pkg/PPP-2000-book1/html/PPP-2000-book1-doc-pg13-2.htm

[5] Richard Clarke: National Security Advisor to Presidents Bush, Clinton and Bush. Book "Cyber War-The next threat to National Security and what to do about it"

Robert Knake: Cyber Security Advisor to President Obama.