1.0 Introduction
Cyber wars or cyber-attacks have been deemed to be the kinds of wars that will happen between nations in the future (Ophardt, 2010). In a cyber-war, the targets of attacks include the computer networks and other similar infrastructure of war enemies. According to Theoharry and Rollins (2015), cyber-attack is a new term to refer to a range of activities that are conducted through the use of information and communications technology (ICT). A number of nations have recognized this reality in the new warfare and have taken decisive steps to strategically position for the eventuality, but more importantly to have proactive measures put in place to prevent susceptibility to such cyber-attacks. For the nations that are taking steps to guard against cyber-attacks, recognition and acknowledgement of this reality and paradigm shift in warfare is the first major step to devising workable means to guard against it. For instance, according to Hjortdal (2011), the state of China has recognized the reality of cyber warfare and have put policies in place to strategically position it to exploit this new paradigm which are aimed at deterring enemy states through the infiltration of their critical infrastructure, gain military knowledge advantage through technological espionage and also gain economic advantage through industrial espionage.
In India, the reality and the threats posed by cyber-attacks to national security has made the government embrace a military doctrine embracing electronic warfare, and culminating in the publishing of a 10-year comprehensive plan as a roadmap to exploiting the IT competencies of India in a national defense program. Iran has also been recognized as developing competencies in cyber warfare through the partnership between the armed forces and technical universities to create IT research and development centers to train personnel in IT skills and she also always seeks to but IT and military related technical assistance from other countries. North Korea is also believed to be developing information warfare units in the military or intelligence services. The Russian government has also developed a robust cyber warfare program by working together of the armed forces and the experts in industry and academic community.
2.0 Cyber Attacks in history
A number of cyber-attacks have been recorded in the past, although not in a warfare. Some of these attacks include the 2007 cyber-attack on the American nuclear arms laboratory, the cyber-attacks on Estonia in the same year which paralyzed the IT system and other critical infrastructure, a forced electronic entry into the Joint Strike Fighter program where large amounts of data were copied, the attack on the Iran nuclear facility in Natanz carried out with the cyber-worm ‘Stuxnet’, an ‘espionage Pearl Harbour’ as experienced by the United States in 2007 where all the high tech and military agencies were broken into and tons of information were copied and a hack in 2009 into the electricity network of the United States which could have been further exploited by the hacker. These are just some of the many significant events of cyber breaches around the world.
In all these, it is evident that the threats posed by cyber wars are real and more troubling is the fact that a number of critical infrastructures are susceptible to these attacks.
The security of network infrastructure and information in the light of cyber-attacks pose serious problems that undermine national security. With the advancement in information and communication technology and the cyber base of so many operations in our day-to-day lives, a lot of infrastructures are managed using information technology. As more infrastructure management operations gravitate towards the use of information and communications technologies, the more they become vulnerable to possible cyber-attacks.
The internet backbone has been viewed by experts not to be as resilient as initially thought due to its gradual progression towards central network hubs which make it a prime target for hackers (Billo and Chang, 2004). Furthermore, in industrial countries like the United States, there is increase in the convergence of IT and telecommunications infrastructure linked to the embedded computer systems that control physical infrastructure. This dependence on IT has increased greatly over the last decade, making the networks even more vulnerable to attacks. This vulnerability is further worsened by two major factors; one is the outsourcing of the IT infrastructural needs of the United States to other countries with an attendant risk of programmers introducing rogue codes into the programs they develop thereby enabling them to take control of systems remotely, and second, the possible adversaries of the United States are thought to be improving considerably in the hacking skills needed to identify loopholes in networks and softwares and exploit them (Billo and Chang, 2004).
3.0 Infrastructure target
The target of infrastructure in war was theorized by European strategists as a response to the First World War, that aerial bombings of critical infrastructure well behind the war front lines will cripple an enemy's capacity to wage war (Lewis, 2002). Although, reports have been presented that this does not have the desired effect unless the attack is carried out multiple times. In the case of cyber-attacks however, a single attack could prove very catastrophic to the infrastructure and cause far reaching negative consequences for the victim nation.
An attack on the national electricity grid of the United States will have far reaching catastrophic consequence on national security. The national electric grid of the United States is an interconnected system comprising over 3,000 public and private utilities as well as cooperatives making use of different information technologies for the control of their power generation and transmission operations (Lewis, 2002).
The possible attacks on the electricity grid of the United States can be through remote access aimed at sending commands to large electricity generators causing them to destroy themselves. This was established through the Aurora tests conducted by researchers at the Idaho National Labs where they sent the generator out of control by remotely changing its operating cycle, making the generator shake, emit smoke and eventually stop. This effect on the generator was brought about by the control signals sent to it remotely.
When such attacks are carried out, there is a potential cascading effect it has on the rest of the electricity grid. This was observed in the Northeast power blackout that happened in 2003 in a small power company in Ohio that had a cascading effect on the grid. The Northeast Blackout which went on for a number of days demonstrated the very costly nature of multiday outages and the potential of prolonged power outages to disrupt the delivery of essential services which includes food, water, healthcare, communications, emergency response etc., wreaking incalculable havoc on the daily lives of millions of people (Bipartisan Policy Center, 2014).
Another possibility during an attack on the power grid would be a reconnaissance attack by the military opponent aimed at obtaining critical information about the underlying network infrastructure, identifying the vulnerabilities in the network for a future attack on the network. An American chief of counterintelligence has been credited with a statement stating that "our networks are being mapped" in the wake of the realization that the work or traces of Chinese hackers were detected in US network. He further stated "We have seen Chinese network operations inside certain of our electricity grids" (Hjortdal, 2011).
A further action by an enemy when an infiltration to a network is successful might be the planting of what is regarded as a cyber "time bomb" which is expected to cause the desired havoc at a later time than the time of the attack (Lewis, 2010).
4.0 Preventing cyber-attacks
There are quite a number of proposed actions to prevent a possible cyber-attack or mitigate one if it ever happens. Some of these are considered as follows.
4.1 Information Sharing
Information sharing is considered an important component of strategies against cyber-attacks. The information sharing should be encouraged between government and industry, across industry and across government agencies at the different levels of government. A free flow of useful information is encouraged to promote identification and assessment of threats in real time in order to provide swift response. Federal agencies and policy makers are encouraged to seek better understanding with the industry on how much customer data is needed to be shared to obtain the needed relevant information on threat and vulnerability.
4.2 Adherence to Standards and Best Practice
Following standards with respect to operations and procedures will reduce the vulnerability and susceptibility to cyber-attacks. For instance the US Power system is subject to mandatory federal reliability standards which also include cyber security and critical infrastructure standards from the North American Electricity Reliability Corporation (NERC). The implementation of these standard practices will go a long way in mitigating any vulnerability to the electricity networks.
5.0 Response to Cyber-attacks
Response to a cyber-attack will require a coordination of efforts at first removing or neutralizing the source of the threat, such as a malware and also deal with the effects of the attack using traditional response management operations. Effective communications is critical to the success of any cyber-attack response to coordinate the efforts to neutralize the threats to the health and safety of the general public.
6.0 Conclusion
It is very clear that the threats posed by cyber warfare are very real, as have been experienced in small pockets in the various cyber-attacks as reported in this paper. The increasing convergence of IT infrastructure and the embedded computer systems used for the control of physical infrastructure increase the risk of the physical infrastructures to cyber-attacks. For the United States, coupled with this is the pronounced culture of outsourcing of the development of the IT infrastructure outside the country, opening up the possibility of exploitation by rogue programs. One key infrastructure that will be badly hit by a massive cyber-attack is the electric grid of the United States. Such a massive attack, it successful will cripple the delivery of essential services for months, depending on the scale of the attacks. Steps can however be taken to prevent such attacks or mitigate the effects if it happens. Most fundamental to any response by a government to the possibility of such attacks is recognition of electronic warfare as a starting point of developing programmes to address cyber warfare. Some actions such as information sharing and adherence to best practices and standards are suggested proactive measures to help in preventing cyber-attacks.
REFERENCES
Billo, C. and Chang, W. (2004). Cyber Warfare: An Analysis of the Means and Motivations of Selected Nation States. Institute for Security Technology Studies, Dartmouth College. PDF. Retrieved from http://www.ists.dartmouth.edu/docs/cyberwarfare.pdf on 20 April, 2016
Bipartisan Policy Center (2014). Cybersecurity and the North American Electric Grid: New Policy Approaches to Address an Evolving Threat. A Report from the Co-chairs of the Bipartisan Policy Center’s Electric Grid Cyber security Initiative. PDF. Retrieved from http://bipartisanpolicy.org/wpcontent/uploads/sites/default/files/Cybersecurity%20Electric%20Grid%20BPC.pdf on 23 April, 2016.
Hjortdal, M. (2011). China's Use of Cyber Warfare: Espionage Meets Strategic Deterrence. Journal of Strategic Security, 4(2), Pp 1-24.
Lewis, J.A. (2002). Assessing the Risks of Cyber Terrorism, Cyber War and Other Cyber Threats. Center for Strategic and International Studies. PDF. Retrieved from http://www.steptoe.com/publications/231a.pdf on 19 April, 2016.
Lewis, J.A. (2010). The Electrical Grid as a Target for Cyber Attack. Center for Strategic and International Studies. PDF. Retrieved from http://csis.org/files/publication/100322_ElectricalGridAsATargetforCyberAttack.pdf on 21 April, 2016.
Theoharry, C.A. and Rollins, J.W. (2015). Cyberwarfare and Cyberterrorism: In Brief. Congressional Research Service. PDF. Retrieved from http://fas.org/sgp/crs/natsec/R43955.pdf on 19 April, 2016.
Ophardt, J.A. (2010). Cyber Warfare and the Crime of Aggression: The Need for Individual Accountability on Tomorrow’s Battlefield. Duke Law Technology Review. PDF. Retrieved from http://scholarship.law.duke.edu/cgi/viewcontent.cgi?article=1198&context=dltr on 18 April, 2016.