Understanding Cyber Warfare: Attacks And Implications

What is Cyber Warfare?

Question:

Discuss about the Terms of Engagement for Cyber Warfare.

Cyber warfare can be considered to be network or computer based conflict which mainly involve attacks which are politically motivated by a nation state on another nation. Taking into consideration the attacks the main focus point is to disrupt the activity which can be related to organisation or states- nation with the intention of military purpose, strategic or cyberespionage.  Although the main point which can be stated putting emphasis on the term is that the attack is mainly initiated with the purpose of disrupting a nation state which initiated by another nation state, it can also be used to describe attacks which are done by hacker groups or terrorist in order to furthering the goals which is related to a particular nation [7]. When the attacks are generated by advanced persistent threats (APT) actors it becomes very much difficult to definitively attribute the cyber-attacks which are imposed on nation state, but this types of attacks are generally linked to a specific nation [8].

The report mainly puts direct emphasis on the terms which are related to the cyber warfare. There are many examples which can be stated in context to the topic which are major suspects of the attacks which are related to the cyber warfare taking into consideration recent history. Taking into example a specific case study relating to the topic in order to obtain in-depth knowledge related to the topic is majorly done in this report.

At the beginning of the year 2006 the US air force new mission was announced in which they pledged to “fight in space, air and cyberspace” [7]. The main recognition of the mission was apparently related to some time: warfare will and can migrate into the concept of the cyberspace. The basic constitution of the cyber warfare mainly consists of operation which are related to the military by the concept of virtual means [1]. It consists of nation states using cyberspace as a mean of attack to achieve a result which is same as compared to initiating attacks with the military force. This is majorly done in order to achieve certain type of advantage over a competing nation or the reverse of protecting themselves from the attack which is generated by another nation [9].

Like the concept of the terrorism, the warfare tends to result in property destruction which is sometimes in a massive scale and result in injury and deaths of the individual. Unlike the term terrorism it is supposed to be very much limited to the clashes between the aggregation of the individual (armies). Since the activity of the warfare is mainly conducted between nation state in order to maintain or restore the concept of external order within the nation. It can be stated that the main focus of the cyber warfare is not the injuring or the death of the civilians and destroying the property of the civilians [5].

Examples of Cyber Warfare Attacks

The threats which are related to the cyber-attacks have eventually become much more complex and sophisticated with the invention of the computer worm which tested the size of the internet by Sir Rober Morris [10]. It can be stated that the cyber warfare is currently happening in the cyber space now. The discovery of the Stuxnet which is the first cyber weapon which was invented became a defining moment in the field of cyber warfare [6]. The Stuxnet was mainly invented for the purpose of the mechanical undercover work. But on the other hand the system did not take control, or the deletion part of the data instead the Stuxnets main objectives by then was to physically annihilate a target which was military based [10]. A recent research stated that the Stuxnet had contaminated more than 60000 personal computers around the world but most in Iran. Taking into consideration the delimitative example was mainly to reprogram programmable logic controller (PLCs) to perform the attack which is intended them to do. In spite the factor that the main creator of the stunt was not properly recognized but the intend of the harm it can create could not be justified with the support of different states. Even though there is no supporting evident relating to the creation, but it was mainly supposing that the creation was done by united states and Israel [27].

Another country which was mainly harmed by the issue was Estonia. The main network of Estonia was targeted by the hackers on april 27 in the year 2007 [21]. This attack mainly ruined for a tenure of about few weeks [19]. It was estimated that around 28 exceptional DDOS attacks was initiated with the focus of hitting the internet convection. The internet packets expanded to around 4 million which was initially 20000 in a time period of every second [13]. Estonia authorities immediately blamed Russia for the attack, but on the other hand European commission and the NATO specialist could not find most evidence into this matter. After a long tenure after the attack was initiated Estonia as of very late got the emergency action of NATO course underway and the whole situation was made normal [26].

According to security experts a target which can be termed as complex which mainly targeted the private information of the nations for example Iran and Israel had been revealed which is known as Flame, which had been in operation since the year 2010 [20]. Regardless of the concept that weather the Flame did any harm to the nation, it mainly affected the Iran’s gas and old production on the other hand it affected the energy sector also which was mainly due to the factor of cyber-attacks. A self-replicating virus which was named as Shamoun had infected more than 30000 main devices which were related to the biggest oil producer and caused major interruptions in Saudi Armco [5]. Irate monk was another very famous device or software which was used in the concept of justifying the cyber warfare. The main concept which was applied to it was that it gave the applications which where programming the ingenuity on the personal computers which where embedded the hard drive firmware to gain the execution through the master boot record. This concept was mainly created by a group named Equation who were assumed to be the most advanced and the most sophisticated attack groups in the world [18].

Legal Implications of Cyber Warfare

It is very much important to take into consideration what the nations can do when they are exposed to the cyber-attacks [13].  Cyber space can be stated as a new warfare and it consist of many legal loopholes in accordance to the international regulations which are enforced. Former NASA director Lt. Gen. Keith B. Alexander emphasised to the members relating to the senate of the armed service committee in the year 2010 that the concept of the cyber warfare advancement was seen so quick that the control of the issue was beyond the reach of anyone [24]. He further stated that there was a mismatch between the capabilities which are technical to conduct different orations related to the attack and the laws and the regulations which were put forward by the government. According to many countries the mere concept of the cyber war was not very much different from the conventional factors which are related to the war. Cyber war can be directly stated in this case to be within the scope of the system relating to the international legal  related to war [26].

There are mainly two types of recognizable methods that can be used in the concept of the gander at war under the international law. Both the traditional branches which are related to the war are:

• The jus as bellum – This mainly governs resort to the war
• The jus in bello – This mainly governs the hostility conduct [8]

These methods can be directly being applied to the cyber warfare also. Previous experience showed that the preventing of the actions of violation before the actual event occurs is very much crucial and beneficial that trying to fix matters after the event has actually taken place, this concept is also very much valid in the issue of the cyber warfare. In order to achieve the above stated factors the law of armed forces was mainly created (LOAC) [9]. Generally, the applicability which can be related to the LOAC was to regularly relied on a charactering the subjectivity in contention as a war. In order to trigger the LOAC it was very much important to recognize the conditions that could give arise to the condition of war. After the 1949 Geneva conventions the LOAC is mainly activated by the mere presence of the armed conflicts between the states. Even though the concept is for the armed forces it can also act as a starting point in the issue of the cyber warfare. Using of the arm forces are only justified when the there is a situation of self-defence and in order to maintain direct peace and the security. The measure of self-defence which can be exercised by any nation in order to reinforce the concept of self-defence should be immediately be informed to the security council under any time situation [26]. The right of enforcing any self defence strategy is given mainly to those nations if any only if a situation of threat arise or the use of threats against the integrity of territorial or political independence is faced in case of any armed attack. Taking into consideration cyber-attacks, it cannot be justified with the use of arm and are not termed as armed assaults. A very much common mean of starting point in this case is the mere analysis which is to be considered taking into account the impact it the outcomes of an assault which is digital in nature figuring out it mainly crosses the edge of the concept of the armed attack. Over here it can be stated that in order to include the cyber-attack into the concept of the armed attack the violent consequence of the bomb should be produced [21].

Many nations have been creating the apparatus mainly for the PC work of undercover and the assault which may include sabotage and espionage [7]. The main activity which is related to cyber warfare are mainly military doctrine taking into consideration few countries, on the other hand for few of the countries it is related to national security program. Different country has different means or strategy in order to defend themselves for the threat [30].

1. United states: in the united states the first step was taken by the president in the year 2002. There were mainly four actors involved in the process besides other agencies taking part in it which are USCYBERCOM to plan coordinate, synchronize, integrate and conduct the activities to direct the defence and the operation of the specific department of defence and when directed conduct full spectrum military based cyberspace operation. In this mainly done to enable the sections which are related to the domain, ensure US/Allied freedom which is related to the action in the cyber space and the deny of the same to their adversaries [8].
2. China: according to the report of the national computer network emergency response team coordination centre of china (CNCERT or CNCERT/CC), China has the most noticeable advanced cyber weapon relating to an advanced infrastructure. According to the china government the aspect of the cyber warfare is a very important issue same as when compared with any other forms of war. After the main initiation of the cyber warfare there was a creation of information technology base which was under the general staff department. This was mainly implemented in the year 2010. In the mid of 2014, the first professional “blue army” unit troop was introduced by the PLA. The blue army mainly offender the data and the network when contrasting them with conventional military [28].
3. Russia: taking into consideration the internet, Russia is considered as the most agonized over the risk postured by antagonistic. “The federal security service (FSB) is a federal executive body with the main authority to directly implement the government policy in the national security of the Russian federation”. This body mainly ensures that the information security of the Russia and the exercising the basic functions of the federal security services which is specified in the Russian legislation [4].
4. North Korea: according to report north Korea has more than 5000 hacker forces. In the year 1998 a new unit was initially started that mainly concentrated on the digital warfare. The unit was named as unit 121 and it constantly developed in size and the ability on a point to point basis.

The cyber warfare attack can be mainly divided into two parts according to the sectors which the attack tends to target [9] The sectors are:

State sponsored attacks: Taking into account the perpetrators, they have never admitted the responsibility but it can be stated that there is clear evidence that nations state actors have been very much behind many cyber incidents. One such attack is the attack which was on the German parliament in the year 2015, it caused widespread disruption by mainly infecting about 20000 computers which were mainly used by the German support staff, politician and the civil servants [14]. The attack mainly involved transmitting of the sensitive data back to the hackers and which finally required millions of euros in order to clean up the cost. The Russian hacktivist with the assumed links to the state of Russia were very much responsible for launching an attack that nearly shutdown many of the websites and the online Estonian parliament and the with it the government even. This hack followed the Estonian government to take decision to relocate a statue commemorating the Soviet Union in the second world war. The Russian hackers were also blamed for the orchestrating which was very much familiar to the cyber discretion during the Russian Georgian conflict in the year 2008. In the year 2015, the Chinese stated hackers where involved in hacking who were accused of breaching the US office of the personnel management’s website to merely steal the information on about 22 million former and current government employees. On the other hand, it was proved that the Chinese hackers stole the information related to the design of the military craft. This incident related to barrack Obama calling the framework on the cyber arm control “analogous” to nuclear arm treaties. This can be considered to the first step the world had taken towards the establishment of such a framework. The overall impact of the attack was that it caused catastrophic security breaches which resulted in stolen information, majorly probed the infrastructure of the countries in the western, provided economic advantage to China, on the other hand political advantage to Russia, fuelled the north Korean and the Iranian the need of the revenge due to the initiation of the attack and finally fed the espionage machine of nation that majorly spy [25].

Attack on the private sectors: According to statement released as per the recent survey it can be stated that the sector of the cyber-attack victim can also be pointed towards the private sector. The Yahoo hack in the year 2016 was mainly sponsored hackers of the state was mainly blamed by the company itself but on the other hand US ISP didn’t announce the state which is to be blamed for the issue [28]. The hackers of the North Korean government were very much responsible for the hacking issue which was done on Sony pictures in the year 2014. This attack on the Sony pictures was mainly initiated after the launch of the movie which was related to the leader of north Korea Kim Jong-Un. The north Korean hackers where found to be to using different methods of hacking by the FBI. The means that were mainly followed included encryption algorithm, code and data, methods which could deleted the data and compromise in the section of the malware activity [6]. In this hacking scenario the state hackers mainly used the internet protocol (IP) address which are from the country itself. Taking into consideration the value of the cyber-attacks which are uncaptured by different countries it can be stated that the government of the country should sign on a common treaty on and when the cyber weapons which are related to the cyber warfare can be used. This would directly reduce the amount of cyber-attack which are generated by any country on another country in order to benefit from them [10]. The law which is related to the armed conflict (LOAC) extends to the cyberspace, on the other hand there is a confusion regarding the applicability of the application and its connects that can be used in order to reduce the overall affect that it has on reducing the cyber warfare concept. One of the first nuclear arm control agreement which is named the limited test ban treaty which is in the year 1963 did not emerge until 18 years after the Hiroshima and it was approximately five years before the nuclear proliferation treaty which was in the year 1968. This issue nether solved the problem which is related to the cyber warfare but on the other hand created problem with the it. The cyber arm control on the other hand could be equally be as slow and piecemeal even if their development is merely achieved [9].

The cyber warfare attack basically can be considered as an attack which is generated on the basis of the computer network. Taking precautions related to the computer security aspect in order to deal with the different hacking t=strategy which is incorporated in different ways. Some of the major preventions aspects that can be taken into consideration are stated below.

Educate employees: human error can be considered to be a high proportion when relating to the data breaches that occur in any organisation or government. Encouraging the culture where the people are inspired and thought about the basic concepts of the internet should be the main approach [10]

Two factor authentication: many of the attack which are related to the cyber warfare mainly include the details and the harassing of the employee of company or the organisation with the use of malware and steal the data [7].

Data encryption: encrypting the data in a secured manner can directly help in securing of the data of the sure of the organisation. on the other hand, it can be used to protect the data from security breaches and saving them from being hacked by the hackers [4].

Shared intelligence: swapping of the experience of the threats and the methods in order to neutralise them and the vendors which are related to the security and the industry peers can directly assist in both cure and the prevention concept. This would directly help in securing the data as well as prevention of the access to data that are very much important from the point of any organisation [7].

Conclusion

It can be concluded from the above report that the concept of the cyber warfare in the near future would be more complex and sophisticated and can be a very vital role. The precaution measures that should be enforced by different nations are taken into deep consideration in the report. In the year 2015 the president of the united states of America signed an executive order in a way to authorize the treasury department to the financial sanction with regards to anyone using the concept of the cyber-attack. The term cyber-attack can create a significant threat to the national security of any country, policy which are related to the foreign or the economic health or the financial stability. Despite the fact that there is apparently many confusions regarding the international legal actions which are related to the cyber security aspect. Either in the level of individual person or in the state level hackers should be put on trails due to the law which is super imposed in the prospective of the cyber warfare. It is very much critical for the different states as well as the countries to take into consideration that the cyber warfare could be playing a two-way role in some of the cases.  Taking advantage of the concepts of the internet and benefiting them can be very much illegal from the point of view of the government who is enforcing such type of activity.

Jackson, Stephen. "NATO Article 5 and Cyber Warfare: NATO's Ambiguous and Outdated Procedure for Determining When Cyber Aggression Qualifies as an Armed Attack." The CIP Report (2016).

Thompson, Marcus. "The ADF and cyber warfare." Australian Defence Forc

Bao, Tiffany, et al. "How Shall We Play a Game?: A Game-theoretical Model for Cyber-warfare Games." Computer Security Foundations Symposium (CSF), 2017 IEEE 30th. IEEE, 2017.

Demchak, Chris C., and Cyber Warfare Strategy. "Key Trends across a Maturing Cyberspace affecting US and China Future Influences in a Rising deeply Cybered, Conflictual, and Post-Western World." (2017).

Bills, Amanda. "Cyber Warfare and Jus in Bello-The Regulation of Cyber'Attacks' under International Humanitarian Law." (2017).

Bar-Tal, Daniel. Intractable conflicts. Cambridge University Press, 2016.

Leccisotti, Flavia Zappa, Raoul Chiesa, and Daniele De Nicolo. "Analysis of possible future global scenarios in the field of cyber warfare: National cyber defense and cyber attack capabilities." Handbook of research on civil society and national security in the era of cyber warfare. IGI Global, 2016. 181-204.

Thompson, Marcus. "Military aspects of cyber warfare." United Service 67.3 (2016): 27.

Connell, Michael, and Sarah Vogler. Russia's Approach to Cyber Warfare. Center for Naval Analyses

Galliott, Jai. "Cyber warfare, asymmetry, and responsibility: Considerations for defence theorem." Handbook of research on civil society and national security in the era of cyber warfare. IGI Global, 2016. 1-21.

Mazanec, Brian, Angelos Stavrou, and Christopher Whyte. Understanding Cyber-warfare: Politics, Policy and Strategy. Routledge, 2018.

Almeida, Virgilio AF, Danilo Doneda, and Jacqueline de Souza Abreu. "Cyberwarfare and Digital Governance." IEEE Internet Computing 21.2 (2017): 68-71.

Ween, Anthony, et al. "Framing cyber warfare: an analyst’s perspective." The Journal of Defense Modeling and Simulation (2016): 1548512917725620.

Jones, Sam. "Cyber warfare: Iran opens a new front." Financial Times 26 (2016).

Lanzendorfer, Quinn E., Scott C. Spangler, and Gary J. DeLorenzo. "INFORMATION WARFARE: THE CHALLENGE OF RELATING INTENT WITH TECHNOLOGY IN CYBERAl-Rodhan, Nayef. "Tomorrow's arsenal." (2016): 1538-1538.

Cook, Allan, et al. "SCIPS: Using Experiential Learning to Raise Cyber Situational Awareness in Industrial Control System." International Journal of Cyber Warfare and Terrorism (IJCWT) 7.2 (2017): 1-15.

Vaughan, Ashley. In search of common ground on cyber warfare. Diss. Utica College, 2016.

Tutty, Malcolm G., Susana V. McKee, and Elena Sitnikova. "Towards joint fires superiority in kinetic weapons, non-kinetic electronic and cyber warfare operations." 2016 Systems engineering test and evaluation conference: SETE 2016. Engineers Australia, 2016.

Laudicina, P. "2017 Will Be the Year of Cyber Warfare." Forbes. com (2016).

Kalpokiene, Julija. "Book Review: James A Green (ed.), Cyber Warfare: A Multidisciplinary Analysis." Political Studies Review (2016): 1478929916653044.

Friis, Karsten, and Jens Ringsmose, eds. Conflict in Cyber Space: Theoretical, Strategic and Legal Pespectives. Routledge, 2016

Roberts, Margaret E. "Testimony before the US-China Economic and Security Review Commission Hearing on China’s Information Controls, Global Media Influence, and Cyber Warfare Strategy." (2017).

Armistead, L., et al. "Journal of Information Warfare." (2016).

Courtney, Martin. "States of cyber-warfare." Engineering & Technology 12.3 (2017): 22-25.

Gady, Franz-Stefan. "Trump and offensive cyber warfare." The Diplomat (2017).

Burke, Ivan D., and Renier P. van Heerden. "The World is Polluted With Leaked Cyber Data." International Journal of Cyber Warfare and Terrorism (IJCWT) 7.4 (2017): 35-51.

Korstanje, Maximiliano E., Martti Lehto, and Andrew N. Liaropoulos. "International Journal of Cyber Warfare and Terrorism." International Journal 6.1 (2016).

Brown, Gary D. "International Law Applies to Cyber Warfare: Now What." Sw. L. Rev. 46 (2016): 355.