Cyber Warfare’s Reality is Total War — Point of Decision — Medium

https://medium.com/point-of-decision/cyber-warfare-s-reality-is-total-war-98372a2b970

Cyber Warfare’s Reality is Total War — Point of Decision — Medium

Cyber Warfare’s Reality is Total War

There are several notions from current military strategists, information technology experts, and futurists who will harp until they’re blue in the face about what cyber warfare looks like. There was a decent movie about hostile hacker(s) that attacked Western infrastructure called, Blackhat. An apt name to coincide with the three types of hackers: black, gray, and white. But with all these theories floating around, have any of them actually engaged in cyber warfare between nation states?

How about, can any of them talk about it? I can.

The attack on our networks are no different than an attack on an airbase in Asia or an Army garrison in Germany or Poland. The hacking of the Office of Personnel Management’s background investigation files is akin to stealing nuclear codes. John Schindler does an excellent job describing how this hack and theft can be offensive counterintelligence:

the real pros engage in offensive counterintelligence, which aims at recruiting spies inside the enemy camp, particularly inside the opposing intelligence service. That’s how you gain control of the enemy’s central nervous system: You know what he knows about you, hence you can deceive him at a strategic level.

But how is this dangerous beyond the games that spies play? Because of the way the Chinese and Russians see us… as the enemy. We are and will always be The Main Enemy to them until we are so severely hampered that we cannot function as a competitor on the world stage (best case) or we cease to exist as a functioning republic (worst case). Make no mistake about it, they are in this to win while we’re busy playing by the Queensberry Rules. That’s a better analogy that I originally planned: Russia and China are MMA fighters and we’re boxers- that mentality is not suitable to winning.

So where does this leave us with how this looks post-hack? Let me spend a few minutes explaining this:

  1. This hacking of OPM was not the first and won’t be the last compromise of critical information, remember war is continuous. The adversaries are not satisfied and will use this information to filter likely recruits for espionage, primarily access agents- people who can facilitate collection efforts while not directly engaging in actual “spying”.
  2. Once in place, hooked to spy for the adversary for various reasons (hint: ethnicity, family ties, blackmail) the newly recruited asset can now act in perpetuity. Spies are recruited because they hold a certain placement and access and the adversary decides what kind of P&A they want to seek in an asset. Think of it like hiring a new employee.
  3. So now the asset is in place and functions regularly for the adversary without detection. Small things are asked of the new asset unclassified reports, taking notes at meetings, checking in, getting emails from coworkers, phone numbers, etc… All of which may be unclassified but useful to the adversary all the same.
  4. But on the international front things have changed. Forces are being moved forward and the world waits with baited breath. Meanwhile, the asset has increased his collection efforts. Gathering more classified information and just as John Schindler described: gaining control of the enemy’s central nervous system.
  5. Then it’s time to execute and use the asset in place. Our adversaries know we use the Internet for command and control of some critical assets. Particularly some logistical work. While war stocks, the bombs and bullets, are being moved forward into the area of operation our insider threat begins running malicious code on the network. He’s not really doing it, he’s too valuable, so he plugs in a USB with a call back program that runs in the blind to the users and possibly system administrators. Back to those email addresses from coworkers? Phishing emails are sent out and in my experience, despite all the training, roughly 18–25% will click the links that run malicious software on their computer. This gives the adversary more computers, the more computers he has, the clearer his network intelligence picture becomes and the more damage he can do.
  6. This ping back says to the adversary “here I am, hit me”. And they do. We’re talking about nation states here so they have the ability to throw hundreds if not thousands of hackers at a computer and can work slowly. So frankly, this work may already be done… think about that for a second. The ping works and the attack is underway. Before any successful operation you first have to find your target, then you fix him. That goes a lot more smoothly on the network if you have someone helping steer you towards the right computer or server to hit.
  7. The attack is successful and leaves little to no trace of activity. The adversary is now inside our logistic chain and is already impacting our ability to function. He’s moving decimals around. Replacing numbers in spreadsheets with incorrect requests. Nothing too serious, just enough to make a difference and hope to not be noticed. Simple things like fuel requests, printer paper… bombs… bullets… men.
  8. The war starts and we’re winning… its going well for us. We’ve survived the initial onslaught and have held the tide. But the adversaries have their man on the inside… and his previous actions have already given the adversary what they need. They then shut down our Internet and disable our ability to use some of the critical pieces to our command and control. There is already a precedent of Russia being able to do this: Estonia (2007); Georgia (2008), Ukraine (2014-Present). But to be honest, most of Ukraine’s ISPs ran through Russia so the hacking started taking place as soon as the first cable was dropped in country.
  9. So what then? There’s some impact but not we’re able to function, we have a classified communication system right? Yes. But we’ve already identified we have at least one insider. Think of the damage a Edward Snowden could cause during a shooting war. Game over.

That is ultimately what we’re looking at. Total war is everywhere and the adversary will use everything, all the time, at their disposal. Building spy networks to identify the actual computer networks we use for various governmental, military, and intelligence functions. The OPM hack was just the start and it won’t be the last. Cyber warfare does not necessarily mean a power plant being shut down nor does it mean someone defaces a website. It means using one’s network against them for whatever purpose the adversary desires.

I am involved in testing security measures and I see it during every assessment. Sometimes we don’t get the network from the outside but we get someone inside the building who can facilitate access to the correct computer. Other times the cyber team I partner with hacks a security manager’s terminal and puts me on the access roster. Then I’m in and unquestionable because I’m “cleared”. But most satisfying and disturbing is when I’m able to give the cyber team access and see the damage they can do. Notional planes have been shot down because they were able to collect battle plans on the network. Ships have been sunk. The scenario above where we moved numbers around on supply requests? All the time… but we also do it to operational planners. Instead of a strike package of 10 aircraft, you get 4 because of maintenance issues.

Cyber warfare is not just 1s and 0s. It’s physical and has a very real affect on the battlefield. Which, to our adversaries is everywhere.