Cyber Security Threats on the State Level
This paper examines two notable events of cyber warfare and security in our current age (the Stuxnet attack on centrifuges, and the Petya ransomware affecting citizens and governmental agencies), as well as examines how these attacks shape foreign and domestic policies and procedures. By examining the extent of the damage of these two attacks, I will argue that cyber warfare events will not just affect governmental systems, but would ultimately cause destruction to the layman’s infrastructure, further crippling any state prone to a devastating attack. Additionally, I will assert that uninformed end-users and physical access to systems are the two most detrimental factors to a system’s security.
As the connectedness of the world reaches new levels, through the usage of the phones, tablets, computers, smart watches, refrigerators and more, there comes with it a risk that affects every device connected to another. With more and more technologies becoming connected to the worldwide internet, more and more devices become at risk to attacks from a user who could be miles away. Regarding the national level, this “user” is normally a group of individuals (although, on rare occasions it can be a single actor) affiliated with a state who utilizes the current connected state of the world to cripple or gain reconnaissance on states or individuals.
There are many agencies around the world who have purposed designed to inflict or protect from cyber-attacks most notably, the Central Intelligence Agency, National Security Agency, the Russian Foreign Intelligence Service, the English Secret Intelligence Service, and many more. These agencies are in a constant struggle with outside attackers and defenders, attempting to find zero-day exploits in order to abuse or protect from them, and looking to gain access to intranets through network penetration.
Sometimes, these attacks can seep into the civilian world. We have seen examples of this with the Stuxnet and Petya viruses, as well as released exploits from the Shadow Brokers which were leaked from the NSA’s “exploitation warehouse”. This paper will attempt to review and summarize these attacks and how cyber security shapes domestic and foreign procedures and policies, as well as assert that cyber warfare will be a probable cause for the crippling of domestic systems.
There are many sources and references which talk about specific cyber-attacks, including the ones I wish to discuss here, but very few journals, reviews, or scholarly articles exist which discuss in full-length the effects of cyber security and cyber warfare on the relationships of states or the implementation of defensive or offensive measures. The way that I gathered my sources was by using JSTOR, Google Scholar, and Academic Search Complete using the key words of “international”, “national”, “cyber”, “cyber security”, “security”, “warfare”, and “cyberwarfare”.
Cyber security. The Australian Government, in 2009, acknowledged the notion that the cyber space and ‘cyber domain’ are among top national security threats in their 2013 White Paper. It was noted, as well, that attacks could cripple the nation’s governmental networks along with their civilian counterparts (Ball & Waters 2013). Phillip Pool (2013) counters saying that most countries are not effectively prepared for attacks from states or terrorist organizations. He says, “Despite more frequent occurrences of these cyber attacks [sic], the international community has yet to adopt a framework to govern the rules nations are to follow in this new arena of warfare.” In the article Establishing Cyber Warfare Doctrine, Dr. Andrew M. Colarik and Lech Janczewski (2012) argue that military and commercial systems have become so intertwined that to protect both is to serve the national interest greatly. It is also argued that the military systems of most nations have become so dependent on the use of information technology that if any of the integrated systems were down for any meaningful time, then the state would be crippled; cyber security is of a top national priority.
Cyber warfare. Cyber warfare is not readily defined in most articles reviewed in this paper; however, the term is related to in many ways as to garner more information about the topic. In War of the Cyber World: The Law of Cyber Warfare, Phillip Pool (2013) makes the assertation that military systems and networks are so ingrained with certain technological systems and future advancements that the computers and systems themselves have become weapons for other state-actors to use. By becoming so heavily dependent on these systems, advanced states have given other states an easy target to cripple the nation. These examples have been seen and will be further explored in the scope of the Stuxnet and Petya virus exploitations.
Similarly, a consensus amongst articles readily suggests that states are not effectively prepared for a full-out cyber war. In the past, small attacks have been able to cripple governmental organizations just by using a simple virus (even ransomware), the inability to effectively counter a small-scale rogue virus goes at length to suggest a multi-stage cyber warfare attack would have the potential to take down governmental and civilian operations for a meaningful amount of time, making the state prone to invasion and civil unrest. Establishing a cyber warfare doctrine will be necessary for all nations to have an appropriate response and back up system in case vital operations are brought offline by a state or terrorist actor (Colarik & Janczewski 2013).
In the modern world, to be without a cyber security infrastructure is to ensure that your state will fall whether it be due to a leak of intelligence, or to an exploit crippling their systems. Many people may believe that an attack like this is very far off, or that it holds very little real-world comparison. However, there have already been several examples of this that have hit a large set of targets. The two main exploits I would like to explore, briefly, are Stuxnet and Petya.
According to The Stuxnet Enigma: Implications for the Future of Cybersecurity, by Irving Lachow (2011), Stuxnet is a computer virus that wiped out around 60 percent of Iran’s computer network. The attack was first discovered in 2010 by Sergey Ulasen, a programmer for a regional antivirus network. In the beginning, it appeared to be a normal virus, but as time and research went on it was soon discovered to use multiple zero-day exploits and seemed to be meant to target specific Iranian systems. For those unaware, zero-day exploits are exploits that have yet to be released to the public (or were just recently released) and, thus, do not have any security patches to resolve them. These exploits allowed a terrorist- or state-agent access to computers in the Iranian system (believed to have been first transmitted via USB). The virus then targeted Iran’s centrifuges in their nuclear program, causing them to over-exert and break. Additionally, the virus caused multiple system crashes.
This virus ended up infecting thousands of systems within Iran, and even hundreds of systems across the globe. While not affecting many civilian systems, Stuxnet is a great example of how cyber warfare can be waged to cripple a company developmentally. It is proposed that due to the two-layer structure of the code, and the appearance that the code was written in two different styles, that Stuxnet was developed by a collaboration of states and developers (Lachow).
Petya is a similar story, told in a different tune. Petya was a ransomware attack that took place in 2017. A ransomware virus is one that “locks” a computer’s files using an encryption method that can only be decrypted using a specific code. The virus then gives on-screen instructions for paying the creator bitcoins (or a similar currency) in exchange for a decryption key. The difference with Petya, however, is that the files were encrypted in such a way that a decryption key would not unlock the files the virus is more akin to a “self-destruct” button on the computer, disguising itself as ransomware (Goodin 2017). This virus asked for a relatively low unlock amount, $300, and only had one bitcoin wallet associated with it. Along with this suspicious information, some personal research into the bitcoin wallet shows that the wallet has not made any withdrawals since June of 2017 (see the wallet here).
Information purports that this was an attack made on the Ukrainian financial system. The virus was apparently spread via a financial software that was utilized by a number of financial organizations within Ukraine, and investigation by the cybercrime unit of Ukraine has reported that there was evidence of Russian presence on the servers. Additionally, they gave the official report that the company should be held criminally liable since they had not patched their servers since 2013, and the exploits used in the attack had been patched previously in the same year that the virus attack happened. Their servers were eventually seized a week later, when it was shown that more activity was on their servers that may have led to a second round of malware being spread via their systems. The rapid spread and dismantling of financial institutions due to this virus showed that cyberwarfare can be propagated by state actors and used to cripple their enemies via a civilian vector (Henry & Brantly 2018). The fact that civilian neglect can lead to widespread damage is an example of why cyber security policies, laws, and procedures should be put into place, as well as placing liability on software developers who do not properly patch or monitor their systems.
Perhaps the most surprising aspect of the Petya virus was that the exploit used by the state actors was previously released by a hacking group known as the Shadow Brokers. They alleged that they had received a leak of information from the United State’s NSA, and then they sold and released several zero-day exploits that the NSA had been stockpiling and using in their own offensive works on other countries or actors. After the first round of Petya attacks (before the major 2017 cyber-attacks), Microsoft released a patch to cover these vulnerabilities, after which only un-updated systems were vulnerable. The fact that governments are stockpiling exploits (while supposedly patching their own systems) shows that cyber warfare is being recognized as an ever-increasing threat, and that governments have already been preparing and developing weapons to be used when needed.
Cyber security information needs to become more readily available for the general populace. We currently live in the most technologically advanced time period of the world, and we have exploits being patched and created every single day however, users will still push past update notifications in the pursuance of laziness. As we saw with Ukraine and the Petya attack being unaware of exploits and computer security can end up costing hundreds of millions of dollars and cause your personal computer to be used as a vector within a cyber-attack. Nations should be making awareness of malware and computer a higher priority in order to better secure a system’s networks – one user placing a USB where it doesn’t belong crippled an entire nation’s nuclear network, after all.
- Ball, D., & Waters, G. (2013). Cyber Defence and Warfare. Security Challenges, 9(2), 91-98. Retrieved from https://www.jstor.org/stable/26462919
- Colarik, A., & Janczewski, L. (2012). Establishing Cyber Warfare Doctrine. Journal of Strategic Security, 5(1), 31-48. Retrieved from https://www.jstor.org/stable/26463986
- Henry, S., & Brantly, A. (2018). Countering the Cyber Threat. The Cyber Defense Review, 3(1), 47-56. Retrieved from http://www.jstor.org/stable/26427375
- Kettemann, M. (2017). ENSURING CYBERSECURITY THROUGH INTERNATIONAL LAW. Revista Espa?±ola De Derecho Internacional, 69(2), 281-290. Retrieved from http://www.jstor.org/stable/26187885
- Lachow, I. (2011). The Stuxnet Enigma: Implications for the Future of Cybersecurity. Georgetown Journal of International Affairs, 118-126. Retrieved from http://www.jstor.org/stable/43133820
- Pool, P. (2013). War of the Cyber World: The Law of Cyber Warfare. The International Lawyer, 47(2), 299-323. Retrieved from http://www.jstor.org/stable/43923953
- VILI?†, V. M. (2017). Dark Web, Cyber Terrorism and Cyber Warfare: Dark Side of the Cyberspace. Balkan Social Science Review, 10(10), 7–24. Retrieved from http://search.ebscohost.com.leo.lib.unomaha.edu/login.aspx?direct=true&db=a9h&AN=127927428&site=ehost-live&scope=site