Cfrgtkky

Cyber attacks that target a nation's infrastructure are a documented fact and as such a danger that political and military leadership across the world needs to worry about and act proactively. These attacks can be disruptive but given the relatively few examples, I think it is valid to ask exactly how disruptive can they be.

That is, I'm wondering about the ramifications such an attack by a competent opponent can have that would allow cyber-warfare to be considered a strategic asset the military needs to incorporate to its structure.

All major armies in the world have three branches: Land Forces, Aerospace, Navy. Is the inclusion of a cyber-warfare branch or sub-command necessary in the sense that cyber-warfare can affect operations and strategic outcomes (either coerce an opponent to do as you please or destroy an opponent) to a similar extent the other three can?

In particular, I am wondering about peer-to-peer strategic cyber-warfare attacks involving the three main powers: USA, Russia and China.

USA alongside Israel did mount a successful attack against Iran using Stuxnet but Iran was a far weaker opponent and likely an unsuspecting one, caught off guard.

Just to be clear, I don't refer to attacks that seek to influence public opinion, but "hard" attacks that aim to disrupt and/or destroy networks and infrastructure virtual (e.g stock market crash) or physical (e.g. cause a nuclear plant to go critical) as extreme examples.

The term "Cyber Warfare" is largely nonsense. There just isn't enough there to make a prolonged exchange of hostilities likely, not on the order of magnitude that you could call a "war".

However, as we have seen already, there is quite a bit of critical infrastructure reachable (directly or indirectly) through the Internet. If an actual war would break out between any non-3rd-world countries, it is quite possible that the initial strikes would include cyber attacks to disable as much of that as possible.

At the current level of tech actually deployed (i.e. ignoring fancy future dreams about everything-IoT, etc.) that would mostly be it. There is a very simple countermeasure against cyberattacks: Go offline. Most critical infrastructure can run without Internet connection. Of all the various companies in this area that I've done security work for in the past decade or so, none would stop working without Internet. Sure, it would be a big hassle, but power stations would run, fuel would still run, traffic systems would run, trains would run, the airport would still be open. All at reduced capacity, all with major operational trouble, but they would run.

The most affected part would be supply chains, which rely strongly on data exchange today, but there are still enough old people in the business to switch back to older methods (phone, fax, and if you have to, couriers).

You could damage a countries economy as a lot of consumer stuff and B2C trade relies on the Internet today. But we also have a vast parallel infrastructure of supermarkets, shopping centers and such, so the damage would be manageable.

That is not to say that there would be no damage. Entire companies would go out of business without Internet, and the impact on daily life would be quite severe, especially regarding communication which has moved so much to the Internet that most of us don't even have the phone numbers of a lot of our friends, only their various online contact details (e-mail, FB, Twitter, etc.). Is WhatsApp still using phone numbers as usernames? That might save your social network. But for anyone outside the immediate circle, including any business that you're not a very frequent customer to, most of us today look up the phone number online if we have to call them, and it's been a long time since I saw a phone book anywhere.

But in the context of an actual war, the cyber aspect would be a negliegable factor, and when you worry about nukes falling, Amazon and Google going out of business would not be frontpage news.

That said, why do we have "cyber commands"? First, for publicity and to attract more nerds to the military. The military understands smart people. Second, because all of this is changing and when you think about the future, not the quarterly-report future of the business world, but the 10-years, 20-years type of future, then certainly the Internet as well as IT security in general will only become more important, so start being ready today. Third, you want to protect your own infrastructure against such attacks. Even if you don't believe (like me) that any cyber attack would be more the equivalent of sabotage than that of warfare, it is still something worth protecting against. If you look at the budgets of those "cyber commands" and compare them to the cost of, say, a new aircraft carrier or a couple fighter jets, you see the real priority of "cyber warfare" quite clearly.

The problem with such attacks is that neither the attacker nor the defender have any incentives to claim responsibility of the attack. As such attacks can be done with small number of people and the internet also makes it possible to conceal the source of an attack, a well resourced attacker can even make it impossible for the defender to realise that an attack happened at all. The defender on the other hand, would usually try its best to hide the fact that it's attacked, or to the fact that it had discovered the attack, so as not to alarm the attacker (to allow them to feed back false information), and to avoid embarrassment and erosion of public trust on the agency.

When a military cyber warfare department launched an attack against another nation's infrastructure, since there's no real witness and because most people are ignorant about how internet works and because attack forensic is hard even for experts, concealing such attacks is a lot easier than concealing physical wars. Even the defender might never realise that they are being sabotaged, or that they may have a really hard time proving that the sabotage was done by a nation state actor or figure out who the actors are, rather than, say, by a random Anonymous prankster. Additionally, the attackers themselves may sometimes not realise that they are acting under the direction of a nation state actor.

Infrastructures like nuclear power plant are more difficult to compromise purely by cyberwarfare. The reason being that there's a lot of physical safe guards (not computer controlled) and manual override systems. The most that an attacker can do is force nuclear plant worker to shutdown their sophisticated automatic control system and fallback to manually working the plant. The attack might reduce the efficiency of the power plant and increases the operational costs of the system, but it's unlikely that serious meltdown could occur from such attack.

Most attacks likely will be of the nature to increase costs of the victim, data espionage, and affect decision making. Increasing costs is fairly straight forward, with DDoS, sabotage, etc. Data espionage are more subtle but it's easily concealed by attacking random civilians, so that if the attack is discovered in government machines it'd hopefully be dismissed as random infection rather than a targeted attack. Affection decision making are even more subtle as it's essentially propaganda, targeted at specific decision maker or the entire populace for election.

Is the inclusion of a cyberwarfare branch or subcommand necessary in the sense that Cyberwarfare can affect operations and strategic outcomes

I think it's safe to say that most countries already do have Cybersecurity and Cyberwarfare capabilities.

Stock market crash

It's very difficult to say if this kind of attack are happening because stock prices are essentially decided by investors sentiments. A campaign of misinformation could potentially affect investors decision making. Spreading fake news about an upcoming political or economical instability could cause less observant investors to panic and push the market to a certain direction. This might actually trigger an actual meltdown as the initial fake wave can potentially turn into a real one.

Yes. The Russian government appears to be using attacks to destabilise the Ukraine - for some years now.

There's a well researched Wired article that has a lot of details:

https://www.wired.com/story/russian-hackers-attack-ukraine/

Then there's also NotPetya (which, you may remember, got a little out of hand):

https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/

I cannot quantify for you, but it can certainly be said that strategic cyber-warfare is increasingly feasible - with whole swathes of vital national infrastructure now completely dependent on digital integrity. It could be argued that the feasibility of strategic cyber-warfare is increasing with exponential.

Especially so with the emergence of everyday devices which are becoming 'too smart for their own good'. They may become pawns in future warfare, especially if these devices are connected to high bandwidth. Home security is about to take on a whole new dimension.

A newish example (and possibly being forcefully deployed in an area near you) is the 'smart meter'. https://www.information-age.com/smart-metres-vulnerable-cyber-attacks-123470837/

Some intelligence agencies appear (on the surface) to be very wary of the vulnerabilities this can introduce, and rightly so.