Who are the cyber military powers today?
Cyber military defenses are being developed by most of the developed countries in the world. However, for a country to be a military power, they must develop both offensive and defensive powers. The fine balance between the two makes those countries powerful as well as peaceful at the same time. However, this is not the case in most of the world powers. USA, UK, Russia, China, Iran, Israel, etc., can be identified as the most powerful cyber military powers in the world.
What are their doctrines? Offensive, defensive, balance?
In most of the countries, the doctrine of cyber military power exploitation is a balance between offensive and defensive. But countries like China, said to possess the largest cyber military force in the world, can be considered to have a more offensive doctrine. In contrast, countries like the UK can be considered to have a more defensive approach of protection from cyber military acts against the country or their assets. A more balanced approach can be seen in countries like the USA, where both offensive and defensive strength is high, while there is a large portion of the defense budget being allocated for cyber related power. Russia, on the other hand, can be considered as a highly offensive country in cyber military warfare. Espionage and cyber attacks are some of the most common attack techniques used in cold wars, out of which most are led by Russian groups of hackers.
What are the military objectives in warfare? Intelligence, fake news campaigns, sabotage. The author can illustrate with examples.
In any form of war, key military objectives would be to get an advantage over the enemy. Even though this was a tedious task in the early days, now it is much easier with the proper cyber tools and techniques combined with the right skills. For this purpose, most countries train their military persons in cyber related activities, as well as recruit highly skilled hackers and developers to increase the strength of cyber military power of the country. Once a country possesses such assets, they can be used for espionage. Espionage is not just physical anymore; with only a digital presence in the right place at the right place, you can extract some of the most sensitive information of a country or an organization or even an individual.
Further, the correct use of tools in gaining unauthorized access can be exploited in many advantageous ways. It is then possible to extract important information. Also, with the correct access, critical systems of the enemy can be brought down in the window of a few minutes in a DOS or DDOS attack, especially with the use of the right bots and also probably with the AI based tools in their advanced form now.
How do countries prepare and protect themselves from cyber warfare?
Most countries allocate a huge budget to defense, which includes defense from cybercrimes and advanced cyber-attacks from countries or possibly terrorists. Usually, most developed countries possess very advanced technology, researched, developed and said to be classified, only to be used for defense purposes when national security threats arise. World military defenses related to cyber warfare are said to be much more advanced than the technologies used for general cyber-crime prevention. Further, governments fortify their critical systems with the best security features available to prevent exploitations by third parties.
What are their responses to attacks?
When it comes to responding to attacks, almost all the countries admittedly or indirectly seem to get payback in some way or another. Most of these attacks therefore cause cold wars between countries that go on for many years. For example, the grudge between USA and Russia, that dates to many decades, is now very much intensified due to the use of cyber warfare techniques by both countries against each other.
Humans have fought wars for as long as there have been governments and monarchies, with all sides involved aiming to gain an advantage in the continuously shifting global game of power. Due to this, numerous wars also continue to break out worldwide. This power game is constantly adapting to new situations and making progress as a direct result of developments in technological innovation. The world is getting ready for future warfare every day, with a lot of resources every nation spends on defense-related technological advancements. The public's awareness of the developing reality of cyberspace as a battleground has heightened due to the focus that the media has placed on cyberwarfare. The majority of world governments are attempting to respond to the cyber threat, and the governments, as well as the general public, understand the necessity. President Obama designated the United States' digital infrastructure as a strategic national asset and established Cybercom, a Pentagon division whose mission is to "conduct full spectrum operations." Documents that were stolen from the National Security Agency in the United States reveal that those in charge of national security are working toward establishing offensive cyber capabilities. Officials in the United Kingdom's government have expressed concern that the country is not adequately prepared for cyber warfare and have announced new investments to improve the country's defenses, such as the National Cyber Security Programme.
Cyber espionage: The People's Republic of China can be considered one of the most powerful nations currently engaged in global cyber espionage operations. Usually, cyberwarfare is rarer than the use of cyber espionage. Cyber espionage is a hidden threat to the cyber security of the world.
Cybercrime: Different resources are available for the public to avoid and handle cybercrimes. But it is evident from the reported cases that more help is needed to adequately address the vast issue of the increase in cybercrimes. Cyberwarfare is a matter that the military should handle, and public law enforcement handles general cyber-crimes. Due to this gap, there is less communication between these two entities, causing a gap in the availability of resources for law enforcement. Hence, more funding is allocated for military purposes, and available resources by the military must be higher.
Attack methodology and techniques
The employment of physical weapons, as opposed to computer programs, is the primary distinction between kinetic (in the real world) and non-kinetic (in the virtual world) methods of conducting warfare. Therefore, we will go through the stages and define several of the tools that are utilized. Because the tools will be discussed in greater depth in subsequent chapters, the purpose of this section is to obtain a fundamental comprehension of them. The most critical steps are collecting and constructively using intelligence. These processes involve a wide range of activities, from launching machine-to-machine attacks to using social engineering techniques.
Each of these stages or steps consists of several subsidiary steps that must be completed before the stage or phase can be considered complete. In many instances, hackers will modify and automate these subsidiary steps to make them conform to their preferred working methodology. Therefore, there are differences in using these steps, which are unique in each case.
It is required to identify a target as the very first step of the process. Once a system is identified as the goal, the target may be the system itself or sometimes an operator with access to the system. For an attack to be initiated, the attacker has to have information on the IP address of the target device or else the URL (Uniform Resource Locator). When a person is chosen as the target, a phone number can be enough to gain access to a system.
There are tools that search the IP addresses or phone numbers, such as ARIN, or American Registry for Internet Numbers, or sometimes a web search would be enough based on the security level of data of the selected target. Therefore, it is clear that a simple social engineering attack only requires a user's business card.
After the target has been determined, the recon mission will begin to search for the target's vulnerabilities. The assault may be directed at the operating system itself, or it could be directed at one of the apps that it hosts. A scanner is applied to the system to identify and catalog as many vulnerabilities as possible. Nmap, Nessus, eEye Retina, and Saintscanner are some of the most well-known scanners available today. There are attack framework tools that can scan an application and then have the exploitation tools necessary to execute an attack matching the vulnerabilities that are detected built into the application.
Attackers (the types of threats)
One of the primary forces behind cyberwarfare is the advanced persistent threat (APT). APT is one of the most common forms of cyber espionage happening in the current world, resulting in spying and information leaks through virtual realms.
The Nigerian Royalty Phishing Scam is one of the most widespread scams in the world. In this case study, it was revealed that this scam is done in several well-planned steps. This is a phishing email scam intended to steal the identity of the victims as well as the bank account details. Scammers were prevalent in the world, even before the digital world became so widespread. Therefore, scams like this have been well-planned and well-executed over the years by professional scammers. In this selected scam, they would claim that Nigerian nationals have money that needs moving into the US, so they will transfer that money to your accounts. To carry out the transfer, they will require access to the victim's bank account.
In another case study, a scam related to counterfeit medical products was identified. Another infamous cybercrime-related organization is the Russian Mob, which recruits and trains highly skilled individuals to carry out advanced cyber-crimes. They would carry out crimes, such as identity thefts, and develop armies of bots used in cyber attacks. There are people and organizations who obtain their services from around the world, making them some of the wealthiest criminals in the world.
Most of these criminals are extremely difficult to track as they are in multiple countries, hosting in other countries, and launching the attack on entirely different countries. Therefore, even after being apprehended, it is difficult for them to be prosecuted.
Critical Infrastructure Protection: The threat that cyberattacks pose to a country's essential infrastructure is a surging concern in the world. The following types of attacks should be considered for particularly vulnerable systems, including those involving transportation, finance, telecommunications, and energy.
Insider threats are one of the most common types of attacks. It is effortless for a skilled hacker to penetrate an organization and pretend to be an employee, or at least a temporary agent, of the company. Social engineering is one of the easiest techniques of cyber-attacks. Therefore, insider threats should be identified by organizations to avoid the creation of insider threats as well. SCADA-based anonymous access to secured networks is another key type of attack, where it is extremely difficult to apprehend the criminal. The use of fraud hardware is another common technique, where access control hardware, such as key cards and input devices, are counterfeited to assist the attacks. These are also well-planned attacks rather than random attacks.
Another prevalent thing that leads to cyber-attacks is the use of employee malpractice. Organizations impose security guidelines to secure their data. Some employees abuse these policies, leading to the creation of loopholes in the security protocols of organizations.
Future Threats:
The evaluation of potential future dangers is an essential component of determining the order of importance for implementing additional cyber security precautions, not to mention the expansion of the capabilities of a military cyber command.
The European Commission predicts:
In a recent report, the European Commission made the following forecast: there is a 10% to 20% probability that major breakdowns will occur in telecom networks within the next ten years, with a potential cost to the global economy of approximately €193 billion ($250 billion). If these breakdowns do occur, there will be an economic impact of around €193 billion ($250 billion).
Preparedness and prevention
Using a European Forum encourages information sharing and cooperation between member states, as well as the exchange of successful public policy practices. Establishing a European Public-Private Partnership for Resilience is a step that will facilitate the exchange of information and knowledge between private companies and public administrations.
Detection and response: Providing assistance toward the establishment of a European information-sharing and warning system would support further prevention of cybercrimes and cyber warfare.
Mitigation and recovery: Increasing inter-state collaboration through developing national and international contingency plans and holding regular exercises for responding to and recovering from significant incidents affecting network security is a priority.
International cooperation: Initiating a discussion across Europe with the goal of establishing EU priorities for the sustainability of the Internet, with the hope of eventually providing principles and guidelines to be advocated internationally.
References
- Robinson, M., Jones, K., and Janicke, H. (2015). Cyber warfare: Issues and challenges. Computers & Security, [online] 49, pp.70–94. doi: 10.1016/j.cose.2014.11.007.
- Farwell, J.P. and Rohozinski, R. (2011). Stuxnet and the Future of Cyber War. Survival, 53(1), pp.23–40. doi:10.1080/00396338.2011.555586.
- Carr, J. (2009). Inside Cyber Warfare. 'O'Reilly Media, Inc.'
- Winterfeld, S. and Andress, J. (2013). The basics of cyber warfare: understanding the fundamentals of cyber warfare in theory and practice. Amsterdam; Boston: Syngress/Elsevier.
- Feakin, T. and Australian Strategic Policy Institute (2013). Enter the cyber dragon: understanding Chinese intelligence agencies' cyber capabilities. Canberra: Australian Strategic Policy Institute Limited.
About the Author:
Lochana Koralage is an experienced Systems Engineer currently working in the cybersecurity domain. The author holds an Honors Degree in Computing, and a master's degree, specializing in Cyber Security.