As with many big-budget Hollywood movies such stories are seriously over-the-top fiction. Ridiculous fight scenes with the star miraculously escaping almost every bullet while dispatching the enemy first time. You could be excused for thinking that such a far-fetched story-line could never become reality.
Live Free or Die Hard was about a Fire Sale, a cyber attack against a state’s transportation system and their economy. It was released in 2007 but three years later this part of the film almost became a reality when up-to-date hackers targeted (mainly with viruses) standard computers, think Windows XP, Windows Vista and Windows 7.
For many years Iran has been trying to build nuclear power stations and with this technology comes the capability to built nuclear missiles, the fear of which led to several rounds of futile sanctions and intense diplomacy. Apart from direct (and costly) military action, what other options exist? Could more subtle covert options be employed?
In late 2010 Stuxnet hit the news. Stuxnet was a highly complex computer worm which, unusually, didn’t target standard Windows, Linux, UNIX or Apple operating systems. Its target was very specific, Siemens Industry’s control systems which happen to be mainly sited in power stations ... nuclear power stations. The worm’s aim was to wreak havoc and cause physical damage, delay progress or maybe even cause a meltdown. Stuxnet hit multiple nuclear power stations around the world.
- Iran: 58.85%
- Indonesia: 18.22%
- India: 8.31%
- Azerbaijan: 2.57%
- United States: 1.56%
- Pakistan: 1.28%
- Others: 9.2%
So who was behind Stuxnet? Nobody knows for certain ... perhaps a group of advanced hackers or a foreign government or hackers paid by a government or, less likely, a group of extremist environmental campaigners. Of course no group or government has confirmed or denied Stuxnet was connected to them.
Stuxnet might have been the first case of true cyber warfare but it won’t be the last. Cyber warfare has quite a few advantages over ‘reality’-based warfare. As we’ve seen from recent conflicts in the Middle East, taking on a rogue regime fraught with massive logistical problems, not least the financial and human cost of such operations.
On the other hand, cyber warfare is low on physical casualties and very difficult to trace. To employ a computer programmer to develop a computer worm would be drop in the ocean when compared to, say, a €90 million Eurofighter Typhoon. Programmers could work from home, offices or government buildings making it hard to trace where the development took place or where the attack come from.
Every day we rely more and more on technology: roads, utilities, shopping, press, satellites and the military world-wide now rely on technology for day-to-day operations. For example, people are increasingly using online shopping. A knock-out DDOS (distributed denial-of-service) attack or network penetration could take a retailer offline for hours or even days.
The initial impact would be to deny the customer, some of whom may be vulnerable, the goods and services they expect but a company’s reputation is also at stake and with it a likely decrease in sales. Similar scenarios could be applied to national utilities, particularly vital in winter months. Aggressive countries or domestic/foreign terrorist organisations could cripple an enemy’s infrastructure without even getting up from their desk.
Cyber warfare opens up a whole chain of legal and jurisdiction issues. For example, the ‘civil war’ in Syria has led to intervention by the UN. Likewise, if India and Pakistan were to go to war, other countries or organisations could intervene with diplomacy, sanctions or military force. But with cyber warfare there are no political boundaries so how would countries or organisations intervene?
If India and Pakistan went to war electronically how do you tell who's who or stop it. Cyber tanks and soldiers are invisible ... the rules of engagement would seriously need to be re-written.