Cyber attacks are inevitable, but can we fight back? (Part 1 or 2)

“There is no blood in cyberspace, but there is incredible danger.” ― Donghui Park, International Policy Institute Cybersecurity Policy Fellow, University of Washington

Sadly, now countries aggressively use cyberspace to maximize their national interests.  Cyberspace is a key domain (as in crucial territory) in today’s conflicts and only gain more importance in coming years not only for militaries, but terrorists and criminals.

Imagine that all the sudden that websites of major banks malfunction; ATMs stop working; and banks’ internal systems go haywire. Thousands of businesses and millions of people are affected. Within hours Computer Emergency Response Team (CERT) point to a cyber attack. In the following day there is a run on supermarkets for daily necessities and petrol stations; after a few days the strain on multiple supply chains is showing.

What is the government to do? Well, we know politicians would demand their security advisors to point a finger to the guilty party or parties PDQ. Who? Was it a country? Was it organized crime? Was it a thrillseeker? Why? Was it an accident? Is it a crime? Was it a deliberate attack? Is a prelude to war?

All would be demanding attribution first and like the why later from the national-level intelligence agency(ies) to determine a measured reaction, but would it/they know for certain who had launched the cyber attack. Attribution uncertainty for a crippling cyber attack would make it hard to deliver a measured response by the appropriate department or agency, national security, national law enforcement, alone or with allies…

In the event of a major cyber attack, public pressure for government to respond would be instantaneous and very forceful. If the cyber attack is wrongly attributed because the forensics was wrong and a country strikes back inadvertently starting a war, retraction maybe costly.

Russia’s alleged cyberwarfare and hybrid warfare attacks on the Baltic countries,[i] the Ukraine, the US have kept the issue of cyberspace warfare and undeclared war in the top of the news, but the promises these raise are only the tip of the iceberg when it comes to the role of cyber operations in future warfare. However, it is hard to say with certainty the exact role and impact cyber operations in future conflicts present. Unlike conventional arms cyber weapons impact and effects on the information domain are much harder to ascertain and possibly contain.

Even in cases one country can attribute with great certainty where a cyber attack originated, say from a country that considers cyberspace as just another theater of war like China, Iran, Israel, North Korea, Russia, or the US, it could be hard to know for sure whether its government ordered it. In some cases governments rely on third parties to develop their cyber weapons and conduct their attacks, using mercenary for hire to offer Hacking as a Service (HaaS) or Cybercrime as a Service (CaaS). Third party, especially located elsewhere say Israel’s Unit 8200, offers governments many benefits such as the obvious one, deniability; but it also offers them less control over what their cyber mecenaries do, creating a so called “principle agent problem.”

Also, an attack that originates from within one country’s cyberspace might or might not be the work of that country, further complicates the choice of response. Sometimes, the culprit is clear, of course. However, the question is how, specifically, to respond.

Now that almost all countries of cyberwarfare units, some want to retaliate in kind with a cyber counter attack to inflicts equal damage on the guilty party. However, this is not always possible. If the perpetrator is a terrorist group, then there is no equivalent financial system to target. Then should a country instead use conventional military weapons like a cruise missile? However, what if the country’s financial system had recovered in the interim with relatively minimal real damage, as military response might look as excessive.

[i] Radin, Andrew, Hybrid Warfare in the Baltics: Threats and Potential Responses. Santa Monica, CA: RAND Corporation, 2017.

Bodine-Baron, Elizabeth, Todd C. Helmus, Andrew Radin, and Elina Treyger, Countering Russian Social Media Influence. Santa Monica, CA: RAND Corporation, 2018.

Chase, Michael S. and Arthur Chan, China’s Evolving Approach to “Integrated Strategic Deterrence”. Santa Monica, CA: RAND Corporation, 2016.