Episode 43. The Next Phase in Cyber Warfare
With each major technological leap forward in warfare the rules of war also change. Today's challenge is Cyber Warfare, which has completely thrown out the conventional concept of the first strike. With tens of thousands of attacks occurring each day from all of the major players, we look at the landscape of cyber warfare and ask whether any nation can truly be prepared to defend itself.
Senior Analyst for the Australian Strategic Policy Institute (ASPI) specialising in Cyber Warfare
Worked with the Australian Department of Defence and the CSIRO
Author of several key papers on the advances in Cyber Warfare
Senior Fellow specialising in Cyberwarfare for the CATO Institute
Senior Advisor to the Cyberspace Solarium Commission
Donald Bren Chair of Military Innovation at the Marine Corps University
CEO of the technology and advisory services firm Global Cyber Risk
Chair of the Privacy & Computer Crime Committee of the American Bar Association
Co-author of UN publication "The Quest for Cyber Peace"
American Cryptographer and Cybersecurity expert
Lecturer at Harvard University
Author of several key works on Cybersecurity
Fellow at the Berkman-Klein Center for Internet & Society
Part 1: The Grey Area (03:55)
Tom Uren gives us examples of the types of advantages cyber warfare can bring in a conflict situation, helping us understand how drastically it has shifted the battlefield.
We look at the key actors in cyber warfare and their respective capabilities. This includes the rules of engagement for the United States and Fiveyes, and their doctrine of "Persistent Engagement". We look at China's speciality in intellectual property theft, North Korea's focus on traditional cybercrimes for economic gain and defending Kim Jong Un, Iran seeking any way to strike back at the US, Russia's harassment speciality, and Israel's capacity to punch above its weight.
Many countries have espionage capabilities and are working toward increasing synergy between cyber capabilities and existing military infrastructure. Achieving a basic level of cyber capability is possible with just a few well trained people taking publicly available online courses, making cyber warfare very accessible.
We look at the difference between offensive and defensive cyber operations, and examine the difficulties in attribution of attacks, and the industry set up around identifying the 'fingerprints' that help to figure out where attacks have come from.
Part 2: Opening the Gates (23:04)
Brandon Valeriano looks at the practical role that cyber warfare plays in the international arena. It is primarily used as an enhancement to existing strategy, or a substitute where a state is incapable of pursuing normal strategies like sanctions.
Everything that is connected to a network, or reliant on a person is hackable. We look at the most vulnerable part of any cyber defence - people. Communication networks were not build with security in mind - trying to create security on top of a system of insecurity is a tall order.
We look at the unique weakness of the United States, in which a great deal of infrastructure and systems are maintained by the private sector, or are underfunded because they are managed by local governments. This is a significant weakness in the US system, and one that they are working on addressing as we speak.
Valeriano analyses the overestimation of Russia as an operator in cyber warfare. While their presence appears large, it is primarily in disruption and harassment, and has not successfully utilised it for coercion or demonstrated its use in a first strike capacity.
Russia’s weakness is particularly clear in their comparative imprecision and in regularly getting caught. Russia is often successfully identified as the operator responsible, and while this certainly makes their public perception more imposing, it is indicative of failings in security and successful anonymisation of actions.
Finally in understanding China’s cyber warfare strategy, Valeriano looks at how domestic unity and harmony is much more important to their government than foreign cyber adventurism. While they are fairly capable, there is a much greater focus on internal work to maintain a societ of 1.4 billion people.
Part 3: The First Strike (45:07)
Jody Westby helps us understand the 2016 Shadow Brokers leak of critical NSA cyber weapons. It revealed extraordinary capabilities for zero-day exploitations of many common software products, including Microsoft Office.
While the immediate result was a great deal of ransomware attacks against companies, in the long term Westby argues that this leak is a key part of why cyber attacks have so significantly increased in volume and success in recent years.
Westby takes us through the difficulties cybersecurity experts face in trying to shore up the security of key companies and networks, and how the legal system interacts with these efforts.
We examine the complexities of attribution, through layers of different networks, hardware, companies and states. The legal framework for navigating these is different throughout the world, making attributing attacks often a painstaking process.
Finally we look at how attribution can be weaponised internationally. 'Fingerprints' of certain types of code or vulnerabilities can be left in by foreign actors to point to a different foreign actor. When this interacts with domestic politics, the situation can get messy quickly.
Part 4: Free For All (1:01:12)
Bruce Schneier looks at the difference between cyberattacks and cyber warfare - the former we see every day, the latter we have not yet really seen.
We have yet to see warfare fully integrated with cyber capabilities - the closest we have really seen is Iraq, but the developments in cyber warfare since then are astronomical.
Schneier helps us understand what a cyber war might look like; the utter devastation that states are capable of wreaking upon each other.
Why are systems so vulnerable? We dive deep into what exactly a zero-day vulnerability means and looks like, and how vulnerabilities are discovered.
We look at why it is that so many little attacks are exchanged between states. Primarily, they seek to leave small bits of code or programs in waiting, to be activated or accessed if greater conflict does break out.
The US has a uniquely privatised security industry. We look at the double edged sword that this presents, by both enabling a strong industry of cybersecurity and cyber warfare experts, as well as making US infrastructure uniquely vulnerable.
Cyberweapons are unique in their democratisation; once used the code is out there, and can be reverse engineered and repurposed by innumerable other actors. We look at how this plays out for smaller players in the cyber warfare sphere, and whether the major players are holding back their real cards for when a serious conflict breaks out.
The Red Line's Cyber Warfare Reading List:
We’ve put together some further reading for those of you looking for more resources to help you get across the geopolitics of Cyber Warfare.
Click Here to Kill Everybody: Security and Survival in a Hyper-connected World
Cyber Strategy: The Evolving Character of Power and Coercion
Brandon Valeriano and Ryan Maness
Cyber Dragon: Inside China's Information Warfare and Cyber Operations
For episode transcripts, monthly geopolitics Q&A’s, member-only videos and to support the show, check out our Patreon here: https://www.patreon.com/theredlinepodcast
This episode is dedicated to Patreon members Cloud Phantom, and Jose Nuno.