2001: South Korean hackers lob DDoS grenades against the website of Japan's Ministry of Education, responding to the publication of a Japanese textbook glossing over that nation's WWII atrocities. 2007: Widespread DDoS attacks on Estonia, allegedly originating in Russia, game the upper boundary between nuisance and plain old danger. 2009: Stuxnet appears in its earliest form (we think), eventually causing significant damage to Iranian nuclear facilities the next year. 2010: Pakistani hackers deface Indian administrative websites, responding to an alleged attack from the "Indian Cyber Army."Cyber-attack vigilantism via Anonymous hackers is a real and important thing, but there's a huge difference between that and the above events: Anonymous doesn't have an army. Like, a real army with real bullets and the capability to cause widespread loss of life, such that happens in the kind of war that human civilization has been dealing with since human beings first formed into tribes.Cyberwar between nation-states exists on a continuum that involves both full-scale world-ending nuclear war, and low-level diplomacy over tea. There’s a lot in between. Neither groups like Anonymous nor companies like Bank of America have shown the capability of ordering troops onto a battlefield, or defusing tensions diplomatically—making their battles, in a way, closer to the single-mindedness/single-purpose of guerilla warfare or terrorism. (Not to discount Anonymous within the realm of 'real' cyberwar, but more on that later.)The incomplete history above represents more scattered, unclaimed gunshots than anything close to "war." That storm is still building. When and if it finally happens, cyberwar will rearrange the conflict continuum in a way rivaling the creation of the atomic bomb. But the net effect of the threat of nuclear war was a whole lot more certain, simply adding an upper limit to that continuum—and the sort of worldwide substrata terror that human beings will probably never be able to understand in any kind of comprehensive way.Cyberwar, in contrast, represents possibly a blow-off valve, an outlet for tension between nations. It's a virtual battlefield where many of the same things that classic war exists for can be accomplished, from standard-issue outbursts of nationalism/cocking off to small-scale, economically-motivated strategic plays. Maybe with a virtual battlefield in place, we can imagine a time where we just don't need classic war, that the only strategic thing it can't accomplish is killing civilians. (Though we can speculate about whether or not that's a capability yet to be attained and, if it is, whether or not is ceases to be cyberwar. Probably.)But, what does it look like? This full-scale cyberwar between large countries. We don’t really know and so far no one’s taken much of a stab at parsing it. Christopher Bronk, a lecturer at Rice University, published a paper called "Blown To Bits" this month in Strategic Studies Quarterly outlining a possible scenario for an event occurring between the U.S. and China a decade from now. (The reason: China makes an attempt and isolating and exerting control over Singapore, but it could be a lot of things, many of them "caused" by the U.S.)First off, nobody wins and the cyberwar doesn't escalate into full-on war. Ships are sunk and people die, but it turns out to be somewhat secondary (strategically) to the cyberwar. It ends in a stalemate, and with virtually no actual communication between China and the U.S., which likely launch into a new cold war after the paper's events—or, maybe, China and the U.S. just treat the whole thing as a drunken spat and things go on as before, albeit really awkwardly.For the American and Japanese leadership, in particular, there was enormous trouble in employing even rudimentary information technologies effectively during the first days of the war. Personal computers, radio networks, satellite receivers, control systems, and battlefield communication hardware failed, often making it impossible for allied commanders to share intelligence and conduct joint planning. Only a few dedicated, high-end, satellite-based communication channels were able to connect American field commanders in Japan and Hawaii with the Pentagon. But even these links were vulnerable, with the PLAAF's antisatellite missile attacks on 6 September producing enormous damage to US telecom satellite coverage over the Pacific.Although Guam was the sole location of an electromagnetic strike by the Chinese, and an effective one at that, the PRC was reluctant to repeatedly use strategic missiles to short out the information grid of its enemies in the same way for fear of provoking a nuclear response from the Americans. Rather than fry the allies' systems with electromagnetic pulse (EMP) weapons, the Chinese launched attacks via the global fiber network. Often the weapon of choice was sophisticated botnets, in which legions of zombie computers and mobile devices were employed to "gang up" on unclassified government and private systems and bring them to a screeching halt in crushing denial-of-service attacks. This was especially true on Singapore, where all forms of voice and data communication, save its little-used but still operable POTS—plain old telephone service—were disrupted.China also proved to have the capability to listen in on basically any communication among the U.S. forces. What they couldn't directly listen to, they were able to piece together using a remarkable information aggregation strategy involving listening to everything they could and piecing together with amazing accuracy what they couldn't.Bronk also includes in his paper a pretty chilling fake news report:Although no bombs fell on Iwakuni while we were there, the Chinese attack was felt nonetheless. [Lieutenant] Colonel Sutherland [chief operational officer for Marine Aircraft Group 12] had spent most of the morning receiving reports from the men and women who armed, fueled, and fixed the fighter aircraft on the base that their diagnostic equipment, RFID readers, and other digital tools simply were not working. The system that monitored distribution across the base had failed. Several tanker trucks had to be gotten out of mothballs just to begin getting jet fuel flowing. The devices that transferred flight plans from the planning office to the aircraft themselves all failed. Across the base, things that typically functioned for years without a hitch suddenly broke down.
"Everybody's coming to me with a problem that I've never seen in my 18 years with the Corps," Sutherland was overheard to say at one point. "Nothing's working!" The frustration on the base was enormous. While Iwakuni's Marines and Sailors struggled to get their jets airworthy, reports filtered in, largely via radio, of the attack on the carrier Carl Vinson in the Straits of Malacca. Fearful of air raids on Japan, the pilots and mechanics put in a tremendous effort to get their planes in the sky, but that would not happen until late in the afternoon. With the loss of electronic tools, clearing each fighter for takeoff became a drawn-out manual process in which nothing seemed trustworthy at first glance.The U.S. doesn't turn the tables so much as mobilize massively, recruiting basically every mathematician and computer science grad student in can get its hands on, before enlisting hackers to stem wireless device cross-pollution and deep sleeper malicious code segments. Anonymous could yet become national heroes. The depth of the casualties sets in:During that period, many lives would be lost due to technologies failing to function as they were intended throughout the theater of operations and beyond. Although widespread attacks on the US national critical infrastructure were few—including an incident where most of the electronic medical records of the Veterans Administration simply became irrecoverably corrupted—the PLA did not shut out the lights from Tacoma to Tampa. (The electrical grid on Singapore was crashed on the first day of attacks and stayed that way until after cessation of hostilities.)In concluding, Bronk envisions a bifurcation of warfare styles along economic and ideological lines: while terrorism prefers “crash and bang” physical warfare, cyberwarfare might be preferable to countries likely to be punished with sanctions and censure. War may become increasingly invisible—and continuous.We have not yet seen how the digital information dimension will impact conflict. While a decade ago we hoped to lift the fog of war with interneted computing, it now seems likely that new space has been created for contested perception. The digital tools for command and control have been met by countermeasure and so on. Most likely, cyber conflict will be an "always on" engagement, even if international policy is enacted to forbid it. Sweating and bleeding will blur in this realm of conflict, as it may reside across a span of intensities from low to high. The only certainty in cyber conflict is that conflict there will not unfold in the ways we may expect.So, cyberwar becomes less a point on the continuum than it does a thing that spans it from tea to, uh, toast. It’s the forever war, maybe a “cool war” between every nation until the end of time. What a spectacular outlet for nation-state paranoia, at least. And probably much more. We don’t really know now. The U.S. only recently began ramping up its cyberarmy recruitment, and something as comparatively simple as Stuxnet is still baffling to us in the year 2011.Before there were bullets, there was spears. And so on—and on and on and on.Reach this writer at michaelb@motherboard.tv.
Advertisement
Advertisement
Advertisement
The Ingredients for U.S.-China Cyberwarfare
- The paper imagines that by 2020, China will amass a digital warfare command totaling 60,000 people, an enormous build-up the paper credits to China's lingering anxiety over the U.S.' technological dominance over Iraq in the first Gulf War. 15,000 of those "troops" comprise an elite national hacker lab working in a suburban Bejing office park.
- China's secret weapon turns out to be a theorized and vague piece of computer code that has the capability of disappearing and reappearing and not only adapting to but using its host code against that host in nearly unlimited malicious ways. It sounds a bit like the HIV of computer code and is extremely scary. It puts Stuxnet to shame, absolutely crippling the U.S. military back to pre-WWII command and control technology.
Advertisement
Advertisement
Advertisement
