Thursday, February 24, 2022

Cyberwarfare, Ukraine, and Mutual Assured Destruction

 This is being written the day after Vladimir Putin began his broad invasion into Ukraine.  As he announced his intention to do just that, he included a curious warning to any country that might choose to interfere with his plans.  He claimed that such a country would experience “such consequences as you have never experienced in your history.”  The news commentators seemed to assume Putin was threatening the use of nuclear weapons.  However, countries that could choose to try to block his plans have experienced nuclear weapons and all sorts of destruction and mass casualties, both military and civilian, from past wars.  It seemed as though Putin was referring to something new, perhaps a new type of warfare and a new type of damage.

Nicole Perlroth has provided a survey of what Putin could have been threatening in her book This Is How They Tell Me the World Ends: The Cyberweapons Arms Race.  She chose the title based on the assessment that all complex software has vulnerabilities that can allow it to be penetrated and modified to perform in a way not intended.  And as we continue to move to the “internet of things” more and more of what defines our personal lives, and the lives of our nations, can be subject to hostile attack and caused to malfunction.  This cyberactivity could include intelligence gathering of information which is a nuisance and could prove dangerous.  It could also involve taking control of critical infrastructure and making it ineffective or even destroying it.  Rendering a nation without electrical power for many months, or the destruction of all financial records, would fall into the category of “such consequences as you have never experienced in your history.”  As Perlroth points out, such capabilities exist, and such capabilities have already been demonstrated.  Putin has been using Ukraine for both a testing area for his capabilities and a warning of what he could do to other countries should he so choose.

In 2015 Russia demonstrated to Ukraine and the world that they could take control of the electric grid in several locations and shut off the power.  That this was only a demonstration, or perhaps an experiment, became clear when it turned the power back on after a few hours.  In 2017, another, far more serious attack on Ukraine would be launched.

“On June 27, 2017, Russia fired…cyberweapons into Ukraine in what became the most destructive and costly cyberattack in world history.  That afternoon Ukrainians woke up to black screens everywhere.  They could not take money from ATMs, pay for gas at stations, send or receive mail, pay for a train ticket, buy groceries, get paid, or—perhaps most terrifying of all—monitor radiation levels at Chernobyl.  And that was just in Ukraine.”

“The attack hit any company that did any business in Ukraine.  All it took was a single Ukrainian employee working remotely for the attack to shut down entire networks.  Computers at Pfizer and Merck, the pharmaceutical companies; at Maersk, the shipping conglomerate; at Fed Ex, and at a Cadbury chocolate factory in Tasmania were all hijacked.  The attack even boomeranged back on Russia, destroying data at Roosneft, Russia’s state-owned oil giant, and Evraz, the steelmaker owned by two Russian oligarchs…The hack that circled the globe would cost Merck and Fed Ex, alone, $1 billion.”

“By the time I visited Kyiv in 2019, the tally of damage from that single Russian attack exceeded $10 billion, and estimates were still climbing.  Shipping and railway systems had still not regained full capacity.  All over Ukraine, people were still trying to find packages that had been lost when the shipment tracking systems went down.  They were still owed pension checks that had been held up in the attack.  The records of who had owed what had been obliterated.”

It could have been worse; Russia could have shut down the power grid at the same time.  They had the capability.

Russia is one of the most capable countries when it comes to this type of warfare.  But it would be the United States, complicit with Israel, who would first demonstrate the potential of cyberwarfare and, in so doing, encourage others to develop their own capabilities, setting off an arms race that is ongoing today.  It was so inexpensive a technology that almost any country could participate.

By 2009, the US and Israel had managed to infect the systems that controlled the Iranian centrifuge facility through the Windows operating system, then jump to Siemens code that controlled the centrifuges themselves.  The intention was to remotely drive select centrifuges in such a manner that they would become unstable and damage themselves.  To avoid detection the injected software would have to hide from observers any knowledge of this erratic behavior and be used in such a way that it appeared that what was happening was a hardware issue with the centrifuges.  The system worked for about a year with Iranians puzzled by why they were having so many centrifuge failures.  But, as with the Russians in Ukraine, introducing a worm into computer systems causes distribution around the world.  The offensive software was so highly specific to the Iranian systems that it caused little or no damage to others, but it did get noticed.  And eventually its purpose and its developers were identified and outed.  The worm would be known as Stuxnet.  It was a tremendous technical accomplishment, but in terms of civilization, a complete disaster.  Like nuclear weapons, once they were demonstrated, there was no going back.

At the time of Stuxnet, the US was the acknowledged leader in this type of technology.  Others now saw the utility in catching up.  The US made the situation even more threatening when its National Security Agency (NSA) somehow allowed access to its cyberweapons.  An outfit calling itself the Shadow Brokers in 2016 claimed possession, and eventually released many of them on the internet.  Finely honed cyberweapons became available to all.  The US has seen its own tools being used against it.  Russia had some US weapons assisting them in the 2017 attack on Ukraine.

The net result is that many players are using cyberweapons.  Most seem content with surveillance and intelligence gathering.  There seem to be four aggressive users of the technology, none being friends of the US.  Iran was furious and has frequently retaliated against the US; North Korea has seemed most interested in using the tools to acquire money; China has focused on surveillance, intelligence gathering, and the stealing of technology.  Russia’s focus has been on preparing for war with us and probably other countries. 

Besides the expected hacks of government departments, ransom attacks, and such, Russia has made a concerted effort to probe our infrastructure in ways that can only be interpreted as planning for an attack.  They have been all over nuclear and other power plants, our electric grid, and other critical facilities.  Perlroth seems to believe they are prepared to strike; they are just waiting for the right level of motivation.  The same approach has driven US work in this area.  Be able to strike harder than anyone else.  However, it is no longer clear that the US has an advantage should cyberwar break out with a country like Russia.  It can do to the US what it did to Ukraine in 2017, and a lot worse.  Consider what a meltdown in a few nuclear reactors would do.  We must expect, and hope, that we could do the same to Russia.

The cyber-standoff is reminiscent of the role of nuclear weapons during the Cold War.  They were so horrible, and it was impossible to use them in an attack without suffering intolerable damage in retaliation, so using them at all made no sense.  The armed standoff between the US and the USSR surprised everyone by yielding stability.  The tools available in cyberwarfare meet the “horrible” standard; let’s hope no one tries to get away with a first strike attack.

 

No comments:

Post a Comment