• Uncategorized

Cyber Warfare




Cyberwarfare (CW) has become the new addition to the vocabulary of war.Growth in the use of computers and related technology in military andthe government agencies has led to increased consciousness ofinnovative vulnerability in national infrastructure and freshapproaches for confronting opponents. This raises the possibility ofusing information networks to safeguard, monitor, and attackcommunication facilities. Cyber warfare came into play to win warswithout firing shots, exploit an opponent`s communication systems andsecuring national infrastructures at the press of a button. This hasgiven rise to a dangerous affair which may result in threats acrossthe globe where countries with limited or no capabilities to launch aconformist attack have become victims.

Cyberwarfare has become the new weapon phenomenon as well as a newindefinite risk. These days, the cyber warfare units are structuredalongside the national boundaries in aggressive operations whileusing computers to attack their enemies` through electronic methods(Ben, 2015). Hackers and those proficient and skilled in softwareprogramming and exploiting the computer networks complexity are thekey initiators of these attacks. In the coming years, personal cyberwarfare units will be involved in executing attacks against theiropponents in a supportive and synchronized manner. The aim of thisstudy is to investigate the evolution of cyber warfare, identify thethreats, vulnerabilities, as well as future conflicts and itsimplication to national security. The nature of cyber threats changesfrequently, unless something intense is done, the danger of cyberwarfare and the reality of attacks like crime and espionage willremain with us for the coming years.

TheEvolution of Cyber-related Capabilities and Technologies in Warfaresince 1998

Inthe twentieth century, the technology associated with computers andcommunication networks gave rise to the importance of instantaneousintelligence. It was now possible to deliver information gatheredsomewhere to a warfighter situated in a different environment whoneeded it for the actual combat they were involved in (Ben, 2015).The period of electronic control and command systems came along withnumerous advantages but created new weaknesses. In the 1990s, thecomputer systems reached a new level of maturity where a new militaryphilosophy developed by the US comprised a new area designated towarfare information. The objective behind it was to interrupt andinterfere with information from one party and deny it the chance touse it to engage in fights (Ben, 2015). Similarly, it reached a pointwhere computers were small enough to be integrated into combat andweapon systems. While analyzing the development of cyberspace warfaremodel, various prominent levels come into play. The role ofintelligence agencies was to gather data regarding elements that posea significant risk to the national security. As such, the agencieshave been tasked to monitor, perform photo-surveillance,reconnaissance, etc. (Ben, 2015). With the increased and aggressivedevelopment of computer technologies and innovations has led to thegrowth where intelligence organs are now obliged to hack intocomputers so as to achieve their classic assignment.

Fora long time, intelligence has played a significant role in warfare.Its evolution dates back to 1998 when the US military systems andprivate research organizations were hacked for at least two yearsbefore the department of defense traced the incidence to the priorSoviet Union in Russia. In 2007, the federal government sufferedundercover activities when an unknown foreign entity, attacked themilitary bodies, and hi-tech organizations and accessed large amountsof information (Staff, 2011). The US government has always strived tolimit cyber warfare, thus, proceeding to 2010, several talks wereheld with various foreign powers including Russia, and China, withthe aim of minimizing military attacks (Shane,2012).The cyberspace remains to be aggressive, and the warfare mechanism isincreasingly becoming sophisticated. In 2012, denial of serviceattacks was conducted against financial institutions such as the J.PMorgan Chase and NYSE whose origin was traced to the Qassam CyberFighters (Staff,2011).These threats were implemented in various stages and were againresumed in 2013(Staff,2011).Given the complexity of cyber warfare, remains confident to curbcyber-attacks. With the support from the Department of Defense, theyare focusing on building mechanisms to safeguard, and defend computernetworks, and data to protect the country against cyber threats.

Characteristicsof an APT

Fromhackers who target personal information and intellectual property togovernment funded cyber-attacks that seek to steal information andcompromise national infrastructure, the current advanced persistentthreats (APT) have evaded cyber security systems and caused severedamages to most organizations. A professional hacker can applyseveral vectors and entry points to cross through defenses, disruptcommunication networks in a matter of seconds, and escape detectionfor years if not months (Kliarsky, 2011). Advanced persistent threatspose a challenge for most organizations` cyber security. Specificprimary characteristics are used to describe APT which includetargeted, persistence, threat, and ROI motive (Kliarsky, 2011). Thetarget is usually selected based on political, business, and safetyinterest. The second feature is persistence. In this case, an enemydoes not concede when an attack fails instead, the attacking partywill divert its strategy and find new attack methods to use againstthe target (Kliarsky, 2011). APT is control-focused hence, it triesto create destruction on the target. These attacks are aimed atcommunication systems and the industrial infrastructures. The lastfeature is that the cyber criminals are not concerned withexpenditures or gaining revenues (Kliarsky, 2011). In this case,hefty budgets are allotted as ‘technology competitive edge` or‘national security` (Kliarsky, 2011). An example to one of theearliest APT attacks involves the Russian Distributed Denial ofService against Estonia and Georgia in 2007 and 2008 respectively(Hagen, 2012). Through several runs of attacks, Russia proclaimedthe states as online service, incapable (Hagen, 2012). This was laterknown as a nation sponsored attack that was intended for thecountries` online infrastructure. If they had not consideredattacking them offline, they would have attempted a different line ofattack.

Differencebetween the Characteristics of the APT and the Threats beforeInternet Prevalence

Almosta decade ago, the National Security Agency introduced the term APTwhich, at the time, was used to refer to the ultra-sophisticatedmulti-staged cyber threats that people began to witness among statesand defense institutions. The fundamental characteristic of APTthreats was that they sidestepped the customary perimeter-based cyberbarricades including firewalls that indeed penetrated throughtargeted networks (Clinton &amp Perera, 2015). Currently, APT hasnow become more superior and sophisticated. These attackers aresufficiently funded, well-organized, and receive tremendous supportfrom the government. Sometimes back, only a few states were involvedin the cyber-attacks, but today, over 100 countries are engaged inthese attacks (Clinton &amp Perera, 2015).

Onecharacteristic is that, due to their improved technologies, theseattackers have thousands of customized version malware at theirdisposal. A particular organization with superior detectionstructures may encounter millions of threats in a year where afraction of these may be using upscale malware systems which arecustom-made to attack the specific company. Another feature is thatthe attackers have polished their sophistication to react toresistances. They tend to uphold their existence in targeted systemsand occasionally call home with the stolen data. Additionally,attackers not only capture data but they also manipulate and corruptthese systems which weaken the necessary confidence in criticalrecords.

Beforethe prevalence of the internet, planting malicious programs onwebsites was impossible. Attackers mostly staged the denial ofservice attacks (DoS attack), which refers to practice of making anetwork resource or a machine unavailable or inaccessible to theusers (Mandiant, 2014). The attacks were not computer-based, rather.The attackers could carry out a strategic physical attack oninfrastructure, such as the destruction of undersea communicationcables (Mandiant, 2014). Cutting down of the communication tableswould mean that communication is crippled in the affected countriesor regions.

TheLikely Origin of the Attack

Withlimited or none security controls in place, data is likely to beexposed to threats. There are those threats that are passive,implying that data is properly scrutinized while others are active,suggesting that data is distorted to destroy information. Networkattacks mostly occur when an attacker applies particular methods tobreach the security of a network maliciously. Currently, there aremore than 10,000 satellite dishes that are vulnerable tocyber-attacks (Storm, 2014). Small satellite dish systems (VSAT) arecomputer-based networks that make the Internet easily reached inremote places, convey bank payments among others. These devices aresometimes used in defense sectors to carry classified information,used by financial institutions such as banks, and industrial sectorslike energy, to transfer confidential data and power grid stationrespectively. Some research by IntelCrawler found that VSAT deviceshave underlying TCP/IP protocols that may allow one to access remotecomputers (Storm, 2014). They also have a weak password strengthincorporating default industrial settings which make them susceptibleto attackers. It can be deduced that the likely origin of anyorganization’s network attacks is through eavesdropping on passworddetails. This arises when the hacker footprints network traffic andinterpret all unsecured information. The attacker has to have asniffer technology to snoop on IP network to trap traffic. When thereal handler has the administrator privileges, the attackerestablishes numerous accounts for consequent access for futurestages. He/she gathers lists of authorized users, computer names, andsensitive data. Having secured full rights to the victim’scomputer, he/she alter server configurations as well as modify,erase, or destroy data in computer networks.

TheAttacker’s Profile

Tools for cyber-attack detections depend on data activity likemonitoring traffic on networks and activity logs. This allowsfeatures on databases that are exposed to risks to be detected asthey aid to identify threats at an initial phase, as well as makefinding more precise (Kliarsky, 2011). An example of an attacker isthe State-Sponsored Threat Actors. According to Kenneth Geers, theseattackers are highly competent and have specific motives and kinds ofthreat actions employed (Geers, 2013). The table below gives asample threat profile.

State-Sponsored Threat Actor


Description: State-Sponsored Threat Actors refers to those people, usually hired by a government to hack into computer systems belonging to Governments and businesses in other countries (Geers, 2013). Their primary goal is to carry out cyber espionage, affect computer systems, access restricted data and sometimes execute cyber warfare.

Relationship: External

Operation Region: Asia Pacific (China),

Motive: Ideological

Intent: Competitive, Malicious

Capability: According to Geers (2013), the Asia-Pacific region houses large groups of hackers such as the ‘Comment Crew’. Among the countries in the region, China is the largest actor which has the capability to penetrate cyber defenses (Geers, 2013).

The capability of the attacker can, therefore, be summarized as: High technical skills, well-financed, several attackers, patient and persistent and high frequency

Target: Public, Transportation, Manufacturing, Professional

Action: Command Control, Exportation of data with the aid of malware, Stolen Credentials (hacking), Phishing (Social)

Target Asset: Computers, File, mail and directory servers, high-level employees

Goal: Business Secrets, System Information, Classified Information, Internal Organizational Data

Inthis scenario, the attacker performs various malicious programs andsocial networking to get confidential information about the targetpopulation. The primary focus of the threat is to obtain classifiedinformation about the organization.


Asthe world expands its technological capabilities and connectivity,especially in the government, industrial, and financialestablishments, policy makers have begun sensing vulnerability. Theaggressiveness of technological advancement has remarkableimplications on how people interact, how the economy functions, andhow to protect the state interest and provide for defense. The onlystruggle will be to diminish the cyber risks and capitalize on thebenefits.



Ben-Israel,Y. (2015). The Evolution of . Retrieved November 22,2016, fromhttp://www.israeldefense.co.il/en/content/evolution-cyber-warfare

Clinton,L., &amp Perera, D. (2015). Social Contract 3.0 Implementing aMarket-Based Model for … Retrieved November 21, 2016, fromhttps://www.law.csuohio.edu/sites/default/files/newsevents/social-contract-3.0_briefing-memos.pdf

Geers,K. (2013, September). FireEye Labs, World War C: Understanding Statesponsored Motives behind Today’s Advanced Cyber Attacks. RetrievedNovember 28, 2016,fromhttp://www.fireeye.com/blog/technical/threat-intelligence/2013/09/new-fireeyereport-world-war-c.html

Hagen,A. (2012). The Russo-Georgian War (2008): The Role of the CyberAttacks in the Conflict. TheArmed Forces Communications and Electronics Association.

Kliarsky,A. (2011). SANS Institute InfoSec Reading Room. Retrieved November21, 2016, fromhttps://www.sans.org/reading-room/whitepapers/incident/responding-zero-day-threats-33709

Mandiant,(2014, April), M Trends – 2014 Threat Report. Retrieved November28, 2016, fromhttps://www.mandiant.com/resources/mandiant-reports/

Shane,S. (2012). Cyberwarfare emerges from shadows for public discussion byUS officials. TheNew York Times,A10.

Staff,D. (2011). Department of Defense Strategy for Operating inCyberspace. June,Department of Defense, Washington, DC.

Storm,D. (2014). Hackers exploit SCADA holes to take full control ofcritical infrastructure. Retrieved November 21, 2016, fromhttp://www.computerworld.com/article/2475789/cybercrime-hacking/hackers-exploit-scada-holes-to-take-full-control-of-critical-infrastructure.html