Cyber Warfare: The Modern Theater of Operations

A great deal of debate circles around the concept of cyberwarfare – and definitions are rarely agreed upon. While some claim that cyberwarfare is the fifth domain of warfare (after land, sea, air and space) others simply claim that the term is an attempt at sensationalism. The increasing importance of cyberspace for military operations has led to the United States Department of Defense classifying it as the Fifth Domain of Warfare. However, cyberspace lacks the explicit physical properties of land, sea, air and space, and as a consequence its classification as a warfighting domain is controversial. The cyber debate is replete with hyperbole and ambiguous terminology and there are calls to limit the militarization of cyberspace. The critical dependence of Western military forces on microprocessor technology inevitably means that exploiting this domain is viewed from the dual perspectives of opportunity and vulnerability. From a more specific perspective, cyberwarfare refers to any action by a nation-state to penetrate another state’s computer networks for the purpose of causing some sort of damage. However, broader definitions claim that cyberwarfare also includes acts of "cyberhooliganism", "cybervandalism" or "cyberterrorism".

Cyber warfare involves the actions by a nation-state or international organization to attack and attempt to damage another nation's computers or information networks through, for example, computer viruses or denial-of-service attacks.

The Internet security company McAfee stated in their 2007 annual report that approximately 120 countries have been developing ways to use the Internet as a weapon and target financial markets, government computer systems and utilities.

Cyberwarfare can consist of many threats, namely:

Online acts of espionage and security breaches – done to obtain national material and information of a sensitive or classified nature through the exploitation of the internet (e.g. exploitation of network flaws through malicious software).

Sabotage – the use of the internet by one nation state to disrupt online communications systems of another nation state (e.g. military communication networks) with the intent to cause damage and disadvantage.

Attacks on SCADA networks and Nuclear Control Institutes (NCIs).
SCADA networks are national industrial control systems – computer systems (consisting of hardware, software and communication components) designed to monitor and control various critical infrastructures or facility-based processes. They include the computer-based systems that run such critical infrastructure as power generation plants and transmission networks, refinery plants, oil and gas pipelines, and transport and communication systems.

In the past, such SCADA networks operated in isolated environments – with different points communicating to each other within segregated networks, and rarely sharing information with any system outside a specific network. With the advent of internet-based systems however, these SCADA networks have gradually become more and more interconnected with the outside world and integrated into larger global networks. Consequently, their vulnerability to cyber attacks has increased drastically. SCADA networks perform centralized monitoring for wide-ranging networks, which can be spread over long distances. The systems send supervisory commands to field devices based on information they receive from the remote field sites in which these devices are located. For instance, a central SCADA system can control the opening and closing of valves in power plants located hundreds of kilometers away. Consequently, if such a centralized system is compromised by a cyber attack, the attacker could potentially have control over the valve systems of those particular power plants – and may choose to use that control to cause widespread damage. Alternatively, the networks may be infected unintentionally by viruses or worms causing massive and widespread damage.

An example of an intentional cyber attack on a SCADA system was in January 2000 in Queensland Australia, when a disgruntled ex-employee of a sewerage plant covertly took control of the plant’s operating systems – opening and closing valves and disrupting communications systems. The attack resulted in 264,000 gallons of raw sewerage flooding a nearby river. Another more recent example is the 2010 Stuxnet virus, which was allegedly designed to specifically infect the SCADA networks of Iran’s nuclear infrastructures.

SCADA networks are the vital underpinnings of our society and lifestyle; yet, they are notoriously difficult to secure due to the increasing complexity of their system architectures. There is a general lack of discussion on issues related to SCADA vulnerabilities, and it is important that effective strategies and measures are developed to greatly improve the resilience of these vital assets before they become victim to either intentional or unintentional cyber attacks.

In 2011, The White House published an "International Strategy for Cyberspace" that reserved the right to use military force in response to a cyber attack:

When warranted, the United States will respond to hostile acts in cyberspace as we would to any other threat to our country. We reserve the right to use all necessary means — diplomatic, informational, military, and economic — as appropriate and consistent with applicable international law, in order to defend our Nation, our allies, our partners, and our interests. In so doing, we will exhaust all options before military force whenever we can; will carefully weigh the costs and risks of action against the costs of inaction; and will act in a way that reflects our values and strengthens our legitimacy, seeking broad international support whenever possible.

-- International Strategy for Cyberspace, The White House, 2011

In 2013, the Defense Science Board, went further, stating that "The cyber threat is serious, with potential consequences similar in some ways to the nuclear threat of the Cold War," and recommending, in response to the "most extreme case" (described as a "catastrophic full spectrum cyber attack"), that "Nuclear weapons would remain the ultimate response and anchor the deterrence ladder." In a full-scale attack, the report warns of the following scenario:

Should the United States find itself in a full-scale conflict with a peer adversary, attacks would be expected to include denial of service, data corruption, supply chain corruption, traitorous insiders, kinetic and related non-kinetic attacks at all altitudes from underwater to space. U.S. guns, missiles, and bombs may not fire, or may be directed against our own troops. Resupply, including food, water, ammunition, and fuel may not arrive when or where needed. Military Commanders may rapidly lose trust in the information and ability to control U.S. systems and forces. Once lost, that trust is very difficult to regain.

The impact of a destructive cyber attack on the civilian population would be even greater with no electricity, money, communications, TV, radio, or fuel (electrically pumped). In a short time, food and medicine distribution systems would be ineffective; transportation would fail or become so chaotic as to be useless. Law enforcement, medical staff, and emergency personnel capabilities could be expected to be barely functional in the short term and dysfunctional over sustained periods. If the attack's effects were reversible, damage could be limited to an impact equivalent to a power outage lasting a few days. If an attack’s effects cause physical damage to control systems, pumps, engines, generators, controllers, etc., the unavailability of parts and manufacturing capacity could mean months to years are required to rebuild and reestablish basic infrastructure operation.

-- Resilient Military Systems and the Advanced Cyber Threat, Defense Science Board, 2013

Although the risk of a debilitating cyber attack is real, the perception of that risk is far greater than it actually is. No person has ever died from a cyber attack, and only one alleged cyber attack has ever crippled a piece of critical infrastructure, causing a series of local power outages in Brazil. In fact, a major cyber attack of the kind intelligence officials fear has not taken place in the 21 years since the Internet became accessible to the public.