Is strategic cyber-warfare feasible today?
up vote
19
down vote
favorite
Cyber attacks that target a nation's infrastructure are a documented fact and as such a danger that political and military leadership across the world needs to worry about and act proactively. These attacks can be disruptive but given the relatively few examples, I think it is valid to ask exactly how disruptive can they be.
That is, I'm wondering about the ramifications such an attack by a competent opponent can have that would allow cyber-warfare to be considered a strategic asset the military needs to incorporate to its structure.
All major armies in the world have three branches: Land Forces, Aerospace, Navy. Is the inclusion of a cyber-warfare branch or sub-command necessary in the sense that cyber-warfare can affect operations and strategic outcomes (either coerce an opponent to do as you please or destroy an opponent) to a similar extent the other three can?
In particular, I am wondering about peer-to-peer strategic cyber-warfare attacks involving the three main powers: USA, Russia and China.
USA alongside Israel did mount a successful attack against Iran using Stuxnet but Iran was a far weaker opponent and likely an unsuspecting one, caught off guard.
Just to be clear, I don't refer to attacks that seek to influence public opinion, but "hard" attacks that aim to disrupt and/or destroy networks and infrastructure virtual (e.g stock market crash) or physical (e.g. cause a nuclear plant to go critical) as extreme examples.
network attacks defense government cyber-warfare
|
show 4 more comments
up vote
19
down vote
favorite
Cyber attacks that target a nation's infrastructure are a documented fact and as such a danger that political and military leadership across the world needs to worry about and act proactively. These attacks can be disruptive but given the relatively few examples, I think it is valid to ask exactly how disruptive can they be.
That is, I'm wondering about the ramifications such an attack by a competent opponent can have that would allow cyber-warfare to be considered a strategic asset the military needs to incorporate to its structure.
All major armies in the world have three branches: Land Forces, Aerospace, Navy. Is the inclusion of a cyber-warfare branch or sub-command necessary in the sense that cyber-warfare can affect operations and strategic outcomes (either coerce an opponent to do as you please or destroy an opponent) to a similar extent the other three can?
In particular, I am wondering about peer-to-peer strategic cyber-warfare attacks involving the three main powers: USA, Russia and China.
USA alongside Israel did mount a successful attack against Iran using Stuxnet but Iran was a far weaker opponent and likely an unsuspecting one, caught off guard.
Just to be clear, I don't refer to attacks that seek to influence public opinion, but "hard" attacks that aim to disrupt and/or destroy networks and infrastructure virtual (e.g stock market crash) or physical (e.g. cause a nuclear plant to go critical) as extreme examples.
network attacks defense government cyber-warfare
1
Almost certainly feasible today. Many articles online about vulnerability of US power grid to cyber attack. A lot of banking systems likely to be similarly vulnerable.
– paj28
Nov 27 at 11:37
7
but given the relatively few examples
there are actually quite a few examples. There's even a Wikipedia list and I would assume that the overwhelming majority of these attacks stay under the radar.
– Tom K.
Nov 27 at 12:19
8
us-cert.gov/ncas/alerts/TA18-074A The US is currently being attacked via our power distribution infrastructure by Russia. It is effective and they managed to compromise hundreds of utilities. It's just a matter of them doing it a little bit better and then actually breaking stuff, next time.
– Adonalsium
Nov 27 at 17:53
1
Have you checked Wikipedia? en.wikipedia.org/wiki/Cyberwarfare
– papajony
Nov 28 at 9:14
1
"Let's play Global Thermonuclear War"
– topshot
Nov 28 at 17:57
|
show 4 more comments
up vote
19
down vote
favorite
up vote
19
down vote
favorite
Cyber attacks that target a nation's infrastructure are a documented fact and as such a danger that political and military leadership across the world needs to worry about and act proactively. These attacks can be disruptive but given the relatively few examples, I think it is valid to ask exactly how disruptive can they be.
That is, I'm wondering about the ramifications such an attack by a competent opponent can have that would allow cyber-warfare to be considered a strategic asset the military needs to incorporate to its structure.
All major armies in the world have three branches: Land Forces, Aerospace, Navy. Is the inclusion of a cyber-warfare branch or sub-command necessary in the sense that cyber-warfare can affect operations and strategic outcomes (either coerce an opponent to do as you please or destroy an opponent) to a similar extent the other three can?
In particular, I am wondering about peer-to-peer strategic cyber-warfare attacks involving the three main powers: USA, Russia and China.
USA alongside Israel did mount a successful attack against Iran using Stuxnet but Iran was a far weaker opponent and likely an unsuspecting one, caught off guard.
Just to be clear, I don't refer to attacks that seek to influence public opinion, but "hard" attacks that aim to disrupt and/or destroy networks and infrastructure virtual (e.g stock market crash) or physical (e.g. cause a nuclear plant to go critical) as extreme examples.
network attacks defense government cyber-warfare
Cyber attacks that target a nation's infrastructure are a documented fact and as such a danger that political and military leadership across the world needs to worry about and act proactively. These attacks can be disruptive but given the relatively few examples, I think it is valid to ask exactly how disruptive can they be.
That is, I'm wondering about the ramifications such an attack by a competent opponent can have that would allow cyber-warfare to be considered a strategic asset the military needs to incorporate to its structure.
All major armies in the world have three branches: Land Forces, Aerospace, Navy. Is the inclusion of a cyber-warfare branch or sub-command necessary in the sense that cyber-warfare can affect operations and strategic outcomes (either coerce an opponent to do as you please or destroy an opponent) to a similar extent the other three can?
In particular, I am wondering about peer-to-peer strategic cyber-warfare attacks involving the three main powers: USA, Russia and China.
USA alongside Israel did mount a successful attack against Iran using Stuxnet but Iran was a far weaker opponent and likely an unsuspecting one, caught off guard.
Just to be clear, I don't refer to attacks that seek to influence public opinion, but "hard" attacks that aim to disrupt and/or destroy networks and infrastructure virtual (e.g stock market crash) or physical (e.g. cause a nuclear plant to go critical) as extreme examples.
network attacks defense government cyber-warfare
network attacks defense government cyber-warfare
edited Nov 27 at 22:33
asked Nov 27 at 10:59
MathematicianByMistake
200110
200110
1
Almost certainly feasible today. Many articles online about vulnerability of US power grid to cyber attack. A lot of banking systems likely to be similarly vulnerable.
– paj28
Nov 27 at 11:37
7
but given the relatively few examples
there are actually quite a few examples. There's even a Wikipedia list and I would assume that the overwhelming majority of these attacks stay under the radar.
– Tom K.
Nov 27 at 12:19
8
us-cert.gov/ncas/alerts/TA18-074A The US is currently being attacked via our power distribution infrastructure by Russia. It is effective and they managed to compromise hundreds of utilities. It's just a matter of them doing it a little bit better and then actually breaking stuff, next time.
– Adonalsium
Nov 27 at 17:53
1
Have you checked Wikipedia? en.wikipedia.org/wiki/Cyberwarfare
– papajony
Nov 28 at 9:14
1
"Let's play Global Thermonuclear War"
– topshot
Nov 28 at 17:57
|
show 4 more comments
1
Almost certainly feasible today. Many articles online about vulnerability of US power grid to cyber attack. A lot of banking systems likely to be similarly vulnerable.
– paj28
Nov 27 at 11:37
7
but given the relatively few examples
there are actually quite a few examples. There's even a Wikipedia list and I would assume that the overwhelming majority of these attacks stay under the radar.
– Tom K.
Nov 27 at 12:19
8
us-cert.gov/ncas/alerts/TA18-074A The US is currently being attacked via our power distribution infrastructure by Russia. It is effective and they managed to compromise hundreds of utilities. It's just a matter of them doing it a little bit better and then actually breaking stuff, next time.
– Adonalsium
Nov 27 at 17:53
1
Have you checked Wikipedia? en.wikipedia.org/wiki/Cyberwarfare
– papajony
Nov 28 at 9:14
1
"Let's play Global Thermonuclear War"
– topshot
Nov 28 at 17:57
1
1
Almost certainly feasible today. Many articles online about vulnerability of US power grid to cyber attack. A lot of banking systems likely to be similarly vulnerable.
– paj28
Nov 27 at 11:37
Almost certainly feasible today. Many articles online about vulnerability of US power grid to cyber attack. A lot of banking systems likely to be similarly vulnerable.
– paj28
Nov 27 at 11:37
7
7
but given the relatively few examples
there are actually quite a few examples. There's even a Wikipedia list and I would assume that the overwhelming majority of these attacks stay under the radar.– Tom K.
Nov 27 at 12:19
but given the relatively few examples
there are actually quite a few examples. There's even a Wikipedia list and I would assume that the overwhelming majority of these attacks stay under the radar.– Tom K.
Nov 27 at 12:19
8
8
us-cert.gov/ncas/alerts/TA18-074A The US is currently being attacked via our power distribution infrastructure by Russia. It is effective and they managed to compromise hundreds of utilities. It's just a matter of them doing it a little bit better and then actually breaking stuff, next time.
– Adonalsium
Nov 27 at 17:53
us-cert.gov/ncas/alerts/TA18-074A The US is currently being attacked via our power distribution infrastructure by Russia. It is effective and they managed to compromise hundreds of utilities. It's just a matter of them doing it a little bit better and then actually breaking stuff, next time.
– Adonalsium
Nov 27 at 17:53
1
1
Have you checked Wikipedia? en.wikipedia.org/wiki/Cyberwarfare
– papajony
Nov 28 at 9:14
Have you checked Wikipedia? en.wikipedia.org/wiki/Cyberwarfare
– papajony
Nov 28 at 9:14
1
1
"Let's play Global Thermonuclear War"
– topshot
Nov 28 at 17:57
"Let's play Global Thermonuclear War"
– topshot
Nov 28 at 17:57
|
show 4 more comments
4 Answers
4
active
oldest
votes
up vote
3
down vote
accepted
The term "Cyber Warfare" is largely nonsense. There just isn't enough there to make a prolonged exchange of hostilities likely, not on the order of magnitude that you could call a "war".
However, as we have seen already, there is quite a bit of critical infrastructure reachable (directly or indirectly) through the Internet. If an actual war would break out between any non-3rd-world countries, it is quite possible that the initial strikes would include cyber attacks to disable as much of that as possible.
At the current level of tech actually deployed (i.e. ignoring fancy future dreams about everything-IoT, etc.) that would mostly be it. There is a very simple countermeasure against cyberattacks: Go offline. Most critical infrastructure can run without Internet connection. Of all the various companies in this area that I've done security work for in the past decade or so, none would stop working without Internet. Sure, it would be a big hassle, but power stations would run, fuel would still run, traffic systems would run, trains would run, the airport would still be open. All at reduced capacity, all with major operational trouble, but they would run.
The most affected part would be supply chains, which rely strongly on data exchange today, but there are still enough old people in the business to switch back to older methods (phone, fax, and if you have to, couriers).
You could damage a countries economy as a lot of consumer stuff and B2C trade relies on the Internet today. But we also have a vast parallel infrastructure of supermarkets, shopping centers and such, so the damage would be manageable.
That is not to say that there would be no damage. Entire companies would go out of business without Internet, and the impact on daily life would be quite severe, especially regarding communication which has moved so much to the Internet that most of us don't even have the phone numbers of a lot of our friends, only their various online contact details (e-mail, FB, Twitter, etc.). Is WhatsApp still using phone numbers as usernames? That might save your social network. But for anyone outside the immediate circle, including any business that you're not a very frequent customer to, most of us today look up the phone number online if we have to call them, and it's been a long time since I saw a phone book anywhere.
But in the context of an actual war, the cyber aspect would be a negliegable factor, and when you worry about nukes falling, Amazon and Google going out of business would not be frontpage news.
That said, why do we have "cyber commands"? First, for publicity and to attract more nerds to the military. The military understands smart people. Second, because all of this is changing and when you think about the future, not the quarterly-report future of the business world, but the 10-years, 20-years type of future, then certainly the Internet as well as IT security in general will only become more important, so start being ready today. Third, you want to protect your own infrastructure against such attacks. Even if you don't believe (like me) that any cyber attack would be more the equivalent of sabotage than that of warfare, it is still something worth protecting against. If you look at the budgets of those "cyber commands" and compare them to the cost of, say, a new aircraft carrier or a couple fighter jets, you see the real priority of "cyber warfare" quite clearly.
add a comment |
up vote
27
down vote
The problem with such attacks is that neither the attacker nor the defender have any incentives to claim responsibility of the attack. As such attacks can be done with small number of people and the internet also makes it possible to conceal the source of an attack, a well resourced attacker can even make it impossible for the defender to realise that an attack happened at all. The defender on the other hand, would usually try its best to hide the fact that it's attacked, or to the fact that it had discovered the attack, so as not to alarm the attacker (to allow them to feed back false information), and to avoid embarrassment and erosion of public trust on the agency.
When a military cyber warfare department launched an attack against another nation's infrastructure, since there's no real witness and because most people are ignorant about how internet works and because attack forensic is hard even for experts, concealing such attacks is a lot easier than concealing physical wars. Even the defender might never realise that they are being sabotaged, or that they may have a really hard time proving that the sabotage was done by a nation state actor or figure out who the actors are, rather than, say, by a random Anonymous prankster. Additionally, the attackers themselves may sometimes not realise that they are acting under the direction of a nation state actor.
Infrastructures like nuclear power plant are more difficult to compromise purely by cyberwarfare. The reason being that there's a lot of physical safe guards (not computer controlled) and manual override systems. The most that an attacker can do is force nuclear plant worker to shutdown their sophisticated automatic control system and fallback to manually working the plant. The attack might reduce the efficiency of the power plant and increases the operational costs of the system, but it's unlikely that serious meltdown could occur from such attack.
Most attacks likely will be of the nature to increase costs of the victim, data espionage, and affect decision making. Increasing costs is fairly straight forward, with DDoS, sabotage, etc. Data espionage are more subtle but it's easily concealed by attacking random civilians, so that if the attack is discovered in government machines it'd hopefully be dismissed as random infection rather than a targeted attack. Affection decision making are even more subtle as it's essentially propaganda, targeted at specific decision maker or the entire populace for election.
Is the inclusion of a cyberwarfare branch or subcommand necessary in the sense that Cyberwarfare can affect operations and strategic outcomes
I think it's safe to say that most countries already do have Cybersecurity and Cyberwarfare capabilities.
Stock market crash
It's very difficult to say if this kind of attack are happening because stock prices are essentially decided by investors sentiments. A campaign of misinformation could potentially affect investors decision making. Spreading fake news about an upcoming political or economical instability could cause less observant investors to panic and push the market to a certain direction. This might actually trigger an actual meltdown as the initial fake wave can potentially turn into a real one.
4
I think there are many automated systems in the stock market which could be manipulated directly via a cyber attack, no need to loop humans into it via fake news to cause major harm
– user2813274
Nov 27 at 15:37
@user2813274 Such systems often are linked to social media (news based trading), so spreading fake news could well cause major fluctuations, especially if, say, a state leader helped to make them public and the HFT systems act upon it immediately with no human intelligence to stop them in time. Another point to consider is that it's very difficult to determine whether such situations were the result of malicious actors or poor programming as the algorithms are usually industrial secrets - it took the SEC the best part of 5 months to track down the cause of the May 6th 2010 Flash Crash.
– MrLore
Nov 28 at 15:39
add a comment |
up vote
12
down vote
Yes. The Russian government appears to be using attacks to destabilise the Ukraine - for some years now.
There's a well researched Wired article that has a lot of details:
https://www.wired.com/story/russian-hackers-attack-ukraine/
Then there's also NotPetya (which, you may remember, got a little out of hand):
https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/
Comments are not for extended discussion; this conversation has been moved to chat.
– Rory Alsop♦
Nov 28 at 15:04
Hm, missed the edit time. Further, I may have been guilty of 'unthinking racism', as I was perhaps guilty of using the common trope of conflating the 'country' with 'the country's gov't'. As I say, it was not my intention, and perhaps I should be a bit more careful making such statements on the internet in future.
– Ian
Nov 29 at 14:16
add a comment |
up vote
3
down vote
I cannot quantify for you, but it can certainly be said that strategic cyber-warfare is increasingly feasible - with whole swathes of vital national infrastructure now completely dependent on digital integrity. It could be argued that the feasibility of strategic cyber-warfare is increasing with exponential.
Especially so with the emergence of everyday devices which are becoming 'too smart for their own good'. They may become pawns in future warfare, especially if these devices are connected to high bandwidth. Home security is about to take on a whole new dimension.
A newish example (and possibly being forcefully deployed in an area near you) is the 'smart meter'. https://www.information-age.com/smart-metres-vulnerable-cyber-attacks-123470837/
Some intelligence agencies appear (on the surface) to be very wary of the vulnerabilities this can introduce, and rightly so.
add a comment |
4 Answers
4
active
oldest
votes
4 Answers
4
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
3
down vote
accepted
The term "Cyber Warfare" is largely nonsense. There just isn't enough there to make a prolonged exchange of hostilities likely, not on the order of magnitude that you could call a "war".
However, as we have seen already, there is quite a bit of critical infrastructure reachable (directly or indirectly) through the Internet. If an actual war would break out between any non-3rd-world countries, it is quite possible that the initial strikes would include cyber attacks to disable as much of that as possible.
At the current level of tech actually deployed (i.e. ignoring fancy future dreams about everything-IoT, etc.) that would mostly be it. There is a very simple countermeasure against cyberattacks: Go offline. Most critical infrastructure can run without Internet connection. Of all the various companies in this area that I've done security work for in the past decade or so, none would stop working without Internet. Sure, it would be a big hassle, but power stations would run, fuel would still run, traffic systems would run, trains would run, the airport would still be open. All at reduced capacity, all with major operational trouble, but they would run.
The most affected part would be supply chains, which rely strongly on data exchange today, but there are still enough old people in the business to switch back to older methods (phone, fax, and if you have to, couriers).
You could damage a countries economy as a lot of consumer stuff and B2C trade relies on the Internet today. But we also have a vast parallel infrastructure of supermarkets, shopping centers and such, so the damage would be manageable.
That is not to say that there would be no damage. Entire companies would go out of business without Internet, and the impact on daily life would be quite severe, especially regarding communication which has moved so much to the Internet that most of us don't even have the phone numbers of a lot of our friends, only their various online contact details (e-mail, FB, Twitter, etc.). Is WhatsApp still using phone numbers as usernames? That might save your social network. But for anyone outside the immediate circle, including any business that you're not a very frequent customer to, most of us today look up the phone number online if we have to call them, and it's been a long time since I saw a phone book anywhere.
But in the context of an actual war, the cyber aspect would be a negliegable factor, and when you worry about nukes falling, Amazon and Google going out of business would not be frontpage news.
That said, why do we have "cyber commands"? First, for publicity and to attract more nerds to the military. The military understands smart people. Second, because all of this is changing and when you think about the future, not the quarterly-report future of the business world, but the 10-years, 20-years type of future, then certainly the Internet as well as IT security in general will only become more important, so start being ready today. Third, you want to protect your own infrastructure against such attacks. Even if you don't believe (like me) that any cyber attack would be more the equivalent of sabotage than that of warfare, it is still something worth protecting against. If you look at the budgets of those "cyber commands" and compare them to the cost of, say, a new aircraft carrier or a couple fighter jets, you see the real priority of "cyber warfare" quite clearly.
add a comment |
up vote
3
down vote
accepted
The term "Cyber Warfare" is largely nonsense. There just isn't enough there to make a prolonged exchange of hostilities likely, not on the order of magnitude that you could call a "war".
However, as we have seen already, there is quite a bit of critical infrastructure reachable (directly or indirectly) through the Internet. If an actual war would break out between any non-3rd-world countries, it is quite possible that the initial strikes would include cyber attacks to disable as much of that as possible.
At the current level of tech actually deployed (i.e. ignoring fancy future dreams about everything-IoT, etc.) that would mostly be it. There is a very simple countermeasure against cyberattacks: Go offline. Most critical infrastructure can run without Internet connection. Of all the various companies in this area that I've done security work for in the past decade or so, none would stop working without Internet. Sure, it would be a big hassle, but power stations would run, fuel would still run, traffic systems would run, trains would run, the airport would still be open. All at reduced capacity, all with major operational trouble, but they would run.
The most affected part would be supply chains, which rely strongly on data exchange today, but there are still enough old people in the business to switch back to older methods (phone, fax, and if you have to, couriers).
You could damage a countries economy as a lot of consumer stuff and B2C trade relies on the Internet today. But we also have a vast parallel infrastructure of supermarkets, shopping centers and such, so the damage would be manageable.
That is not to say that there would be no damage. Entire companies would go out of business without Internet, and the impact on daily life would be quite severe, especially regarding communication which has moved so much to the Internet that most of us don't even have the phone numbers of a lot of our friends, only their various online contact details (e-mail, FB, Twitter, etc.). Is WhatsApp still using phone numbers as usernames? That might save your social network. But for anyone outside the immediate circle, including any business that you're not a very frequent customer to, most of us today look up the phone number online if we have to call them, and it's been a long time since I saw a phone book anywhere.
But in the context of an actual war, the cyber aspect would be a negliegable factor, and when you worry about nukes falling, Amazon and Google going out of business would not be frontpage news.
That said, why do we have "cyber commands"? First, for publicity and to attract more nerds to the military. The military understands smart people. Second, because all of this is changing and when you think about the future, not the quarterly-report future of the business world, but the 10-years, 20-years type of future, then certainly the Internet as well as IT security in general will only become more important, so start being ready today. Third, you want to protect your own infrastructure against such attacks. Even if you don't believe (like me) that any cyber attack would be more the equivalent of sabotage than that of warfare, it is still something worth protecting against. If you look at the budgets of those "cyber commands" and compare them to the cost of, say, a new aircraft carrier or a couple fighter jets, you see the real priority of "cyber warfare" quite clearly.
add a comment |
up vote
3
down vote
accepted
up vote
3
down vote
accepted
The term "Cyber Warfare" is largely nonsense. There just isn't enough there to make a prolonged exchange of hostilities likely, not on the order of magnitude that you could call a "war".
However, as we have seen already, there is quite a bit of critical infrastructure reachable (directly or indirectly) through the Internet. If an actual war would break out between any non-3rd-world countries, it is quite possible that the initial strikes would include cyber attacks to disable as much of that as possible.
At the current level of tech actually deployed (i.e. ignoring fancy future dreams about everything-IoT, etc.) that would mostly be it. There is a very simple countermeasure against cyberattacks: Go offline. Most critical infrastructure can run without Internet connection. Of all the various companies in this area that I've done security work for in the past decade or so, none would stop working without Internet. Sure, it would be a big hassle, but power stations would run, fuel would still run, traffic systems would run, trains would run, the airport would still be open. All at reduced capacity, all with major operational trouble, but they would run.
The most affected part would be supply chains, which rely strongly on data exchange today, but there are still enough old people in the business to switch back to older methods (phone, fax, and if you have to, couriers).
You could damage a countries economy as a lot of consumer stuff and B2C trade relies on the Internet today. But we also have a vast parallel infrastructure of supermarkets, shopping centers and such, so the damage would be manageable.
That is not to say that there would be no damage. Entire companies would go out of business without Internet, and the impact on daily life would be quite severe, especially regarding communication which has moved so much to the Internet that most of us don't even have the phone numbers of a lot of our friends, only their various online contact details (e-mail, FB, Twitter, etc.). Is WhatsApp still using phone numbers as usernames? That might save your social network. But for anyone outside the immediate circle, including any business that you're not a very frequent customer to, most of us today look up the phone number online if we have to call them, and it's been a long time since I saw a phone book anywhere.
But in the context of an actual war, the cyber aspect would be a negliegable factor, and when you worry about nukes falling, Amazon and Google going out of business would not be frontpage news.
That said, why do we have "cyber commands"? First, for publicity and to attract more nerds to the military. The military understands smart people. Second, because all of this is changing and when you think about the future, not the quarterly-report future of the business world, but the 10-years, 20-years type of future, then certainly the Internet as well as IT security in general will only become more important, so start being ready today. Third, you want to protect your own infrastructure against such attacks. Even if you don't believe (like me) that any cyber attack would be more the equivalent of sabotage than that of warfare, it is still something worth protecting against. If you look at the budgets of those "cyber commands" and compare them to the cost of, say, a new aircraft carrier or a couple fighter jets, you see the real priority of "cyber warfare" quite clearly.
The term "Cyber Warfare" is largely nonsense. There just isn't enough there to make a prolonged exchange of hostilities likely, not on the order of magnitude that you could call a "war".
However, as we have seen already, there is quite a bit of critical infrastructure reachable (directly or indirectly) through the Internet. If an actual war would break out between any non-3rd-world countries, it is quite possible that the initial strikes would include cyber attacks to disable as much of that as possible.
At the current level of tech actually deployed (i.e. ignoring fancy future dreams about everything-IoT, etc.) that would mostly be it. There is a very simple countermeasure against cyberattacks: Go offline. Most critical infrastructure can run without Internet connection. Of all the various companies in this area that I've done security work for in the past decade or so, none would stop working without Internet. Sure, it would be a big hassle, but power stations would run, fuel would still run, traffic systems would run, trains would run, the airport would still be open. All at reduced capacity, all with major operational trouble, but they would run.
The most affected part would be supply chains, which rely strongly on data exchange today, but there are still enough old people in the business to switch back to older methods (phone, fax, and if you have to, couriers).
You could damage a countries economy as a lot of consumer stuff and B2C trade relies on the Internet today. But we also have a vast parallel infrastructure of supermarkets, shopping centers and such, so the damage would be manageable.
That is not to say that there would be no damage. Entire companies would go out of business without Internet, and the impact on daily life would be quite severe, especially regarding communication which has moved so much to the Internet that most of us don't even have the phone numbers of a lot of our friends, only their various online contact details (e-mail, FB, Twitter, etc.). Is WhatsApp still using phone numbers as usernames? That might save your social network. But for anyone outside the immediate circle, including any business that you're not a very frequent customer to, most of us today look up the phone number online if we have to call them, and it's been a long time since I saw a phone book anywhere.
But in the context of an actual war, the cyber aspect would be a negliegable factor, and when you worry about nukes falling, Amazon and Google going out of business would not be frontpage news.
That said, why do we have "cyber commands"? First, for publicity and to attract more nerds to the military. The military understands smart people. Second, because all of this is changing and when you think about the future, not the quarterly-report future of the business world, but the 10-years, 20-years type of future, then certainly the Internet as well as IT security in general will only become more important, so start being ready today. Third, you want to protect your own infrastructure against such attacks. Even if you don't believe (like me) that any cyber attack would be more the equivalent of sabotage than that of warfare, it is still something worth protecting against. If you look at the budgets of those "cyber commands" and compare them to the cost of, say, a new aircraft carrier or a couple fighter jets, you see the real priority of "cyber warfare" quite clearly.
answered Nov 28 at 6:36
Tom
4,405628
4,405628
add a comment |
add a comment |
up vote
27
down vote
The problem with such attacks is that neither the attacker nor the defender have any incentives to claim responsibility of the attack. As such attacks can be done with small number of people and the internet also makes it possible to conceal the source of an attack, a well resourced attacker can even make it impossible for the defender to realise that an attack happened at all. The defender on the other hand, would usually try its best to hide the fact that it's attacked, or to the fact that it had discovered the attack, so as not to alarm the attacker (to allow them to feed back false information), and to avoid embarrassment and erosion of public trust on the agency.
When a military cyber warfare department launched an attack against another nation's infrastructure, since there's no real witness and because most people are ignorant about how internet works and because attack forensic is hard even for experts, concealing such attacks is a lot easier than concealing physical wars. Even the defender might never realise that they are being sabotaged, or that they may have a really hard time proving that the sabotage was done by a nation state actor or figure out who the actors are, rather than, say, by a random Anonymous prankster. Additionally, the attackers themselves may sometimes not realise that they are acting under the direction of a nation state actor.
Infrastructures like nuclear power plant are more difficult to compromise purely by cyberwarfare. The reason being that there's a lot of physical safe guards (not computer controlled) and manual override systems. The most that an attacker can do is force nuclear plant worker to shutdown their sophisticated automatic control system and fallback to manually working the plant. The attack might reduce the efficiency of the power plant and increases the operational costs of the system, but it's unlikely that serious meltdown could occur from such attack.
Most attacks likely will be of the nature to increase costs of the victim, data espionage, and affect decision making. Increasing costs is fairly straight forward, with DDoS, sabotage, etc. Data espionage are more subtle but it's easily concealed by attacking random civilians, so that if the attack is discovered in government machines it'd hopefully be dismissed as random infection rather than a targeted attack. Affection decision making are even more subtle as it's essentially propaganda, targeted at specific decision maker or the entire populace for election.
Is the inclusion of a cyberwarfare branch or subcommand necessary in the sense that Cyberwarfare can affect operations and strategic outcomes
I think it's safe to say that most countries already do have Cybersecurity and Cyberwarfare capabilities.
Stock market crash
It's very difficult to say if this kind of attack are happening because stock prices are essentially decided by investors sentiments. A campaign of misinformation could potentially affect investors decision making. Spreading fake news about an upcoming political or economical instability could cause less observant investors to panic and push the market to a certain direction. This might actually trigger an actual meltdown as the initial fake wave can potentially turn into a real one.
4
I think there are many automated systems in the stock market which could be manipulated directly via a cyber attack, no need to loop humans into it via fake news to cause major harm
– user2813274
Nov 27 at 15:37
@user2813274 Such systems often are linked to social media (news based trading), so spreading fake news could well cause major fluctuations, especially if, say, a state leader helped to make them public and the HFT systems act upon it immediately with no human intelligence to stop them in time. Another point to consider is that it's very difficult to determine whether such situations were the result of malicious actors or poor programming as the algorithms are usually industrial secrets - it took the SEC the best part of 5 months to track down the cause of the May 6th 2010 Flash Crash.
– MrLore
Nov 28 at 15:39
add a comment |
up vote
27
down vote
The problem with such attacks is that neither the attacker nor the defender have any incentives to claim responsibility of the attack. As such attacks can be done with small number of people and the internet also makes it possible to conceal the source of an attack, a well resourced attacker can even make it impossible for the defender to realise that an attack happened at all. The defender on the other hand, would usually try its best to hide the fact that it's attacked, or to the fact that it had discovered the attack, so as not to alarm the attacker (to allow them to feed back false information), and to avoid embarrassment and erosion of public trust on the agency.
When a military cyber warfare department launched an attack against another nation's infrastructure, since there's no real witness and because most people are ignorant about how internet works and because attack forensic is hard even for experts, concealing such attacks is a lot easier than concealing physical wars. Even the defender might never realise that they are being sabotaged, or that they may have a really hard time proving that the sabotage was done by a nation state actor or figure out who the actors are, rather than, say, by a random Anonymous prankster. Additionally, the attackers themselves may sometimes not realise that they are acting under the direction of a nation state actor.
Infrastructures like nuclear power plant are more difficult to compromise purely by cyberwarfare. The reason being that there's a lot of physical safe guards (not computer controlled) and manual override systems. The most that an attacker can do is force nuclear plant worker to shutdown their sophisticated automatic control system and fallback to manually working the plant. The attack might reduce the efficiency of the power plant and increases the operational costs of the system, but it's unlikely that serious meltdown could occur from such attack.
Most attacks likely will be of the nature to increase costs of the victim, data espionage, and affect decision making. Increasing costs is fairly straight forward, with DDoS, sabotage, etc. Data espionage are more subtle but it's easily concealed by attacking random civilians, so that if the attack is discovered in government machines it'd hopefully be dismissed as random infection rather than a targeted attack. Affection decision making are even more subtle as it's essentially propaganda, targeted at specific decision maker or the entire populace for election.
Is the inclusion of a cyberwarfare branch or subcommand necessary in the sense that Cyberwarfare can affect operations and strategic outcomes
I think it's safe to say that most countries already do have Cybersecurity and Cyberwarfare capabilities.
Stock market crash
It's very difficult to say if this kind of attack are happening because stock prices are essentially decided by investors sentiments. A campaign of misinformation could potentially affect investors decision making. Spreading fake news about an upcoming political or economical instability could cause less observant investors to panic and push the market to a certain direction. This might actually trigger an actual meltdown as the initial fake wave can potentially turn into a real one.
4
I think there are many automated systems in the stock market which could be manipulated directly via a cyber attack, no need to loop humans into it via fake news to cause major harm
– user2813274
Nov 27 at 15:37
@user2813274 Such systems often are linked to social media (news based trading), so spreading fake news could well cause major fluctuations, especially if, say, a state leader helped to make them public and the HFT systems act upon it immediately with no human intelligence to stop them in time. Another point to consider is that it's very difficult to determine whether such situations were the result of malicious actors or poor programming as the algorithms are usually industrial secrets - it took the SEC the best part of 5 months to track down the cause of the May 6th 2010 Flash Crash.
– MrLore
Nov 28 at 15:39
add a comment |
up vote
27
down vote
up vote
27
down vote
The problem with such attacks is that neither the attacker nor the defender have any incentives to claim responsibility of the attack. As such attacks can be done with small number of people and the internet also makes it possible to conceal the source of an attack, a well resourced attacker can even make it impossible for the defender to realise that an attack happened at all. The defender on the other hand, would usually try its best to hide the fact that it's attacked, or to the fact that it had discovered the attack, so as not to alarm the attacker (to allow them to feed back false information), and to avoid embarrassment and erosion of public trust on the agency.
When a military cyber warfare department launched an attack against another nation's infrastructure, since there's no real witness and because most people are ignorant about how internet works and because attack forensic is hard even for experts, concealing such attacks is a lot easier than concealing physical wars. Even the defender might never realise that they are being sabotaged, or that they may have a really hard time proving that the sabotage was done by a nation state actor or figure out who the actors are, rather than, say, by a random Anonymous prankster. Additionally, the attackers themselves may sometimes not realise that they are acting under the direction of a nation state actor.
Infrastructures like nuclear power plant are more difficult to compromise purely by cyberwarfare. The reason being that there's a lot of physical safe guards (not computer controlled) and manual override systems. The most that an attacker can do is force nuclear plant worker to shutdown their sophisticated automatic control system and fallback to manually working the plant. The attack might reduce the efficiency of the power plant and increases the operational costs of the system, but it's unlikely that serious meltdown could occur from such attack.
Most attacks likely will be of the nature to increase costs of the victim, data espionage, and affect decision making. Increasing costs is fairly straight forward, with DDoS, sabotage, etc. Data espionage are more subtle but it's easily concealed by attacking random civilians, so that if the attack is discovered in government machines it'd hopefully be dismissed as random infection rather than a targeted attack. Affection decision making are even more subtle as it's essentially propaganda, targeted at specific decision maker or the entire populace for election.
Is the inclusion of a cyberwarfare branch or subcommand necessary in the sense that Cyberwarfare can affect operations and strategic outcomes
I think it's safe to say that most countries already do have Cybersecurity and Cyberwarfare capabilities.
Stock market crash
It's very difficult to say if this kind of attack are happening because stock prices are essentially decided by investors sentiments. A campaign of misinformation could potentially affect investors decision making. Spreading fake news about an upcoming political or economical instability could cause less observant investors to panic and push the market to a certain direction. This might actually trigger an actual meltdown as the initial fake wave can potentially turn into a real one.
The problem with such attacks is that neither the attacker nor the defender have any incentives to claim responsibility of the attack. As such attacks can be done with small number of people and the internet also makes it possible to conceal the source of an attack, a well resourced attacker can even make it impossible for the defender to realise that an attack happened at all. The defender on the other hand, would usually try its best to hide the fact that it's attacked, or to the fact that it had discovered the attack, so as not to alarm the attacker (to allow them to feed back false information), and to avoid embarrassment and erosion of public trust on the agency.
When a military cyber warfare department launched an attack against another nation's infrastructure, since there's no real witness and because most people are ignorant about how internet works and because attack forensic is hard even for experts, concealing such attacks is a lot easier than concealing physical wars. Even the defender might never realise that they are being sabotaged, or that they may have a really hard time proving that the sabotage was done by a nation state actor or figure out who the actors are, rather than, say, by a random Anonymous prankster. Additionally, the attackers themselves may sometimes not realise that they are acting under the direction of a nation state actor.
Infrastructures like nuclear power plant are more difficult to compromise purely by cyberwarfare. The reason being that there's a lot of physical safe guards (not computer controlled) and manual override systems. The most that an attacker can do is force nuclear plant worker to shutdown their sophisticated automatic control system and fallback to manually working the plant. The attack might reduce the efficiency of the power plant and increases the operational costs of the system, but it's unlikely that serious meltdown could occur from such attack.
Most attacks likely will be of the nature to increase costs of the victim, data espionage, and affect decision making. Increasing costs is fairly straight forward, with DDoS, sabotage, etc. Data espionage are more subtle but it's easily concealed by attacking random civilians, so that if the attack is discovered in government machines it'd hopefully be dismissed as random infection rather than a targeted attack. Affection decision making are even more subtle as it's essentially propaganda, targeted at specific decision maker or the entire populace for election.
Is the inclusion of a cyberwarfare branch or subcommand necessary in the sense that Cyberwarfare can affect operations and strategic outcomes
I think it's safe to say that most countries already do have Cybersecurity and Cyberwarfare capabilities.
Stock market crash
It's very difficult to say if this kind of attack are happening because stock prices are essentially decided by investors sentiments. A campaign of misinformation could potentially affect investors decision making. Spreading fake news about an upcoming political or economical instability could cause less observant investors to panic and push the market to a certain direction. This might actually trigger an actual meltdown as the initial fake wave can potentially turn into a real one.
edited Nov 27 at 12:54
Maarten Bodewes
3,3591122
3,3591122
answered Nov 27 at 12:21
Lie Ryan
21.8k24674
21.8k24674
4
I think there are many automated systems in the stock market which could be manipulated directly via a cyber attack, no need to loop humans into it via fake news to cause major harm
– user2813274
Nov 27 at 15:37
@user2813274 Such systems often are linked to social media (news based trading), so spreading fake news could well cause major fluctuations, especially if, say, a state leader helped to make them public and the HFT systems act upon it immediately with no human intelligence to stop them in time. Another point to consider is that it's very difficult to determine whether such situations were the result of malicious actors or poor programming as the algorithms are usually industrial secrets - it took the SEC the best part of 5 months to track down the cause of the May 6th 2010 Flash Crash.
– MrLore
Nov 28 at 15:39
add a comment |
4
I think there are many automated systems in the stock market which could be manipulated directly via a cyber attack, no need to loop humans into it via fake news to cause major harm
– user2813274
Nov 27 at 15:37
@user2813274 Such systems often are linked to social media (news based trading), so spreading fake news could well cause major fluctuations, especially if, say, a state leader helped to make them public and the HFT systems act upon it immediately with no human intelligence to stop them in time. Another point to consider is that it's very difficult to determine whether such situations were the result of malicious actors or poor programming as the algorithms are usually industrial secrets - it took the SEC the best part of 5 months to track down the cause of the May 6th 2010 Flash Crash.
– MrLore
Nov 28 at 15:39
4
4
I think there are many automated systems in the stock market which could be manipulated directly via a cyber attack, no need to loop humans into it via fake news to cause major harm
– user2813274
Nov 27 at 15:37
I think there are many automated systems in the stock market which could be manipulated directly via a cyber attack, no need to loop humans into it via fake news to cause major harm
– user2813274
Nov 27 at 15:37
@user2813274 Such systems often are linked to social media (news based trading), so spreading fake news could well cause major fluctuations, especially if, say, a state leader helped to make them public and the HFT systems act upon it immediately with no human intelligence to stop them in time. Another point to consider is that it's very difficult to determine whether such situations were the result of malicious actors or poor programming as the algorithms are usually industrial secrets - it took the SEC the best part of 5 months to track down the cause of the May 6th 2010 Flash Crash.
– MrLore
Nov 28 at 15:39
@user2813274 Such systems often are linked to social media (news based trading), so spreading fake news could well cause major fluctuations, especially if, say, a state leader helped to make them public and the HFT systems act upon it immediately with no human intelligence to stop them in time. Another point to consider is that it's very difficult to determine whether such situations were the result of malicious actors or poor programming as the algorithms are usually industrial secrets - it took the SEC the best part of 5 months to track down the cause of the May 6th 2010 Flash Crash.
– MrLore
Nov 28 at 15:39
add a comment |
up vote
12
down vote
Yes. The Russian government appears to be using attacks to destabilise the Ukraine - for some years now.
There's a well researched Wired article that has a lot of details:
https://www.wired.com/story/russian-hackers-attack-ukraine/
Then there's also NotPetya (which, you may remember, got a little out of hand):
https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/
Comments are not for extended discussion; this conversation has been moved to chat.
– Rory Alsop♦
Nov 28 at 15:04
Hm, missed the edit time. Further, I may have been guilty of 'unthinking racism', as I was perhaps guilty of using the common trope of conflating the 'country' with 'the country's gov't'. As I say, it was not my intention, and perhaps I should be a bit more careful making such statements on the internet in future.
– Ian
Nov 29 at 14:16
add a comment |
up vote
12
down vote
Yes. The Russian government appears to be using attacks to destabilise the Ukraine - for some years now.
There's a well researched Wired article that has a lot of details:
https://www.wired.com/story/russian-hackers-attack-ukraine/
Then there's also NotPetya (which, you may remember, got a little out of hand):
https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/
Comments are not for extended discussion; this conversation has been moved to chat.
– Rory Alsop♦
Nov 28 at 15:04
Hm, missed the edit time. Further, I may have been guilty of 'unthinking racism', as I was perhaps guilty of using the common trope of conflating the 'country' with 'the country's gov't'. As I say, it was not my intention, and perhaps I should be a bit more careful making such statements on the internet in future.
– Ian
Nov 29 at 14:16
add a comment |
up vote
12
down vote
up vote
12
down vote
Yes. The Russian government appears to be using attacks to destabilise the Ukraine - for some years now.
There's a well researched Wired article that has a lot of details:
https://www.wired.com/story/russian-hackers-attack-ukraine/
Then there's also NotPetya (which, you may remember, got a little out of hand):
https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/
Yes. The Russian government appears to be using attacks to destabilise the Ukraine - for some years now.
There's a well researched Wired article that has a lot of details:
https://www.wired.com/story/russian-hackers-attack-ukraine/
Then there's also NotPetya (which, you may remember, got a little out of hand):
https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/
edited Nov 28 at 7:58
forest
29.3k1490104
29.3k1490104
answered Nov 27 at 11:36
Ian
46929
46929
Comments are not for extended discussion; this conversation has been moved to chat.
– Rory Alsop♦
Nov 28 at 15:04
Hm, missed the edit time. Further, I may have been guilty of 'unthinking racism', as I was perhaps guilty of using the common trope of conflating the 'country' with 'the country's gov't'. As I say, it was not my intention, and perhaps I should be a bit more careful making such statements on the internet in future.
– Ian
Nov 29 at 14:16
add a comment |
Comments are not for extended discussion; this conversation has been moved to chat.
– Rory Alsop♦
Nov 28 at 15:04
Hm, missed the edit time. Further, I may have been guilty of 'unthinking racism', as I was perhaps guilty of using the common trope of conflating the 'country' with 'the country's gov't'. As I say, it was not my intention, and perhaps I should be a bit more careful making such statements on the internet in future.
– Ian
Nov 29 at 14:16
Comments are not for extended discussion; this conversation has been moved to chat.
– Rory Alsop♦
Nov 28 at 15:04
Comments are not for extended discussion; this conversation has been moved to chat.
– Rory Alsop♦
Nov 28 at 15:04
Hm, missed the edit time. Further, I may have been guilty of 'unthinking racism', as I was perhaps guilty of using the common trope of conflating the 'country' with 'the country's gov't'. As I say, it was not my intention, and perhaps I should be a bit more careful making such statements on the internet in future.
– Ian
Nov 29 at 14:16
Hm, missed the edit time. Further, I may have been guilty of 'unthinking racism', as I was perhaps guilty of using the common trope of conflating the 'country' with 'the country's gov't'. As I say, it was not my intention, and perhaps I should be a bit more careful making such statements on the internet in future.
– Ian
Nov 29 at 14:16
add a comment |
up vote
3
down vote
I cannot quantify for you, but it can certainly be said that strategic cyber-warfare is increasingly feasible - with whole swathes of vital national infrastructure now completely dependent on digital integrity. It could be argued that the feasibility of strategic cyber-warfare is increasing with exponential.
Especially so with the emergence of everyday devices which are becoming 'too smart for their own good'. They may become pawns in future warfare, especially if these devices are connected to high bandwidth. Home security is about to take on a whole new dimension.
A newish example (and possibly being forcefully deployed in an area near you) is the 'smart meter'. https://www.information-age.com/smart-metres-vulnerable-cyber-attacks-123470837/
Some intelligence agencies appear (on the surface) to be very wary of the vulnerabilities this can introduce, and rightly so.
add a comment |
up vote
3
down vote
I cannot quantify for you, but it can certainly be said that strategic cyber-warfare is increasingly feasible - with whole swathes of vital national infrastructure now completely dependent on digital integrity. It could be argued that the feasibility of strategic cyber-warfare is increasing with exponential.
Especially so with the emergence of everyday devices which are becoming 'too smart for their own good'. They may become pawns in future warfare, especially if these devices are connected to high bandwidth. Home security is about to take on a whole new dimension.
A newish example (and possibly being forcefully deployed in an area near you) is the 'smart meter'. https://www.information-age.com/smart-metres-vulnerable-cyber-attacks-123470837/
Some intelligence agencies appear (on the surface) to be very wary of the vulnerabilities this can introduce, and rightly so.
add a comment |
up vote
3
down vote
up vote
3
down vote
I cannot quantify for you, but it can certainly be said that strategic cyber-warfare is increasingly feasible - with whole swathes of vital national infrastructure now completely dependent on digital integrity. It could be argued that the feasibility of strategic cyber-warfare is increasing with exponential.
Especially so with the emergence of everyday devices which are becoming 'too smart for their own good'. They may become pawns in future warfare, especially if these devices are connected to high bandwidth. Home security is about to take on a whole new dimension.
A newish example (and possibly being forcefully deployed in an area near you) is the 'smart meter'. https://www.information-age.com/smart-metres-vulnerable-cyber-attacks-123470837/
Some intelligence agencies appear (on the surface) to be very wary of the vulnerabilities this can introduce, and rightly so.
I cannot quantify for you, but it can certainly be said that strategic cyber-warfare is increasingly feasible - with whole swathes of vital national infrastructure now completely dependent on digital integrity. It could be argued that the feasibility of strategic cyber-warfare is increasing with exponential.
Especially so with the emergence of everyday devices which are becoming 'too smart for their own good'. They may become pawns in future warfare, especially if these devices are connected to high bandwidth. Home security is about to take on a whole new dimension.
A newish example (and possibly being forcefully deployed in an area near you) is the 'smart meter'. https://www.information-age.com/smart-metres-vulnerable-cyber-attacks-123470837/
Some intelligence agencies appear (on the surface) to be very wary of the vulnerabilities this can introduce, and rightly so.
answered Nov 27 at 20:45
PCARR
1314
1314
add a comment |
add a comment |
Thanks for contributing an answer to Information Security Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f198500%2fis-strategic-cyber-warfare-feasible-today%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
Almost certainly feasible today. Many articles online about vulnerability of US power grid to cyber attack. A lot of banking systems likely to be similarly vulnerable.
– paj28
Nov 27 at 11:37
7
but given the relatively few examples
there are actually quite a few examples. There's even a Wikipedia list and I would assume that the overwhelming majority of these attacks stay under the radar.– Tom K.
Nov 27 at 12:19
8
us-cert.gov/ncas/alerts/TA18-074A The US is currently being attacked via our power distribution infrastructure by Russia. It is effective and they managed to compromise hundreds of utilities. It's just a matter of them doing it a little bit better and then actually breaking stuff, next time.
– Adonalsium
Nov 27 at 17:53
1
Have you checked Wikipedia? en.wikipedia.org/wiki/Cyberwarfare
– papajony
Nov 28 at 9:14
1
"Let's play Global Thermonuclear War"
– topshot
Nov 28 at 17:57