Is cyberwarfare exaggerated as a threat?

We caught up with infosec veterans Bruce Schneier and Jeffrey Carr to gauge how cyberwarfare measures up, and its extent as a threat for countries like India.

Cyberwarfare has emerged as one the most discussed and debated security threats around the world. The world is yet to develop a profound understanding of the term ‘cyberwarfare’ and hence, it has no proper definition. Using ‘cyberwar’ for every cyber crime or attack has become commonplace. However, Bruce Schneier, an internationally renowned security expert is of the opinion that cyberwarfare is a rhetorical term — one which is dangerous to use it for every cyber attack.  

Citing an example of such mislabeling, Schneier pointed out to a case in 2007 where attacks against Estonian government Websites were traced back to a Russian individual, So in this case, can it be assumed that Russia is at war with Estonia? To take another example, is it right to assume that espionage attempts by Chinese individuals is specifically directed by the country’s government? 

A real possibility

In the above mentioned context, it’s fair to assume that cyberwarfare is an oft-abused term. A broad range of tactics and strategies are currently covered under cyberwarfare, said Jeffrey Carr, Principal, Greylogic during the Data Security Council of India (DSCI) annual security summit held in early December at Chennai. For instance, China is more known for its cyber espionage activities targeting the intellectual properties of other nations, while countries like Russia use cyberwarfare tactics to suppress oppressions from Jihadis and threats from Commonwealth of Independent States.

It is also likely that cyberwarfare is hyped and used as propaganda by the corporate to sell their security products. Hence, does this imply that cyberwarfare is just a product of sheer imagination? Not really. Although a little exaggerated currently, cyberwarfare looks like a real possibility in the near future. “The Stuxnet attack, which is believed to have targeted Iran's nuclear facilities, is a typical example of non-commercial politically motivated cyber attack; such attacks are increasingly being referred to as cyberwarfare,” explained Schneier at the Clubhack event held recently in Pune. 

Eavesdropping, data poisoning, data manipulation, denial of service, and sabotage are the leading methods to wage a cyberwar. Every country that wants to dominate the world is expected to develop cyberwarfare capabilities, observed Carr. “The threat is not from China, Russia or Middle East who have developed cyber attack capabilities, but from terrorist groups who are more likely to create a catastrophe,” explained Carr. Cyberwarfare is expected to become an important component of conventional warfare. While Russia uses cyber as a military doctrine, the United States’ Cyber Command became operational in November and NATO has also enshrined cyber security among its new strategic priorities.  

Key targets

Critical infrastructure such as power grid, oil and mineral reserves, and water refining plants are likely to be the initial targets during a cyberwarfare. Carr is of the view that defense, energy and finance are three critical sectors on the radar of cyber miscreants. Besides, critical research industries like nano-computing, semi-conductor, and next generation mobile are also prone to serious cyber attacks.

In this context, Schneier pointed to the power struggle in the cyber space between countries, corporate entities and governments. Many governments are forcing corporates to redesign their systems to enable monitoring and thwart the risk of cyberwarfare. The question here is about who should secure critical infrastructure and what kind of government intervention is legitimate to avoid cyberwarfare? “When a private asset has a social value greater than that of corporation, the government should step in,” advised Schneier.

Is India prepared for cyberwarfare?

It was suspected that the Stuxnet worm struck the Indian Space Research Organization’s INSAT-4B Satellite and Ghostnet the Chinese cyber spying network last year was reported to have infiltrated key Indian government websites. Is India competent to face a cyberwarfare kind of situation? “India is not, but for that matter, no country is. India in particular however, has experienced multiple widely publicized breaches, which could have happened in any country,” Carr replied. No country is adequately armed against cyberwarfare. Schneier however observed that it is legitimate for nations to build offensive and defensive cyberwarfare capabilities just to survive.

Cyber peace

The increase in cyberwarfare activities has given rise to talks of cyber peace and cyber treaties between countries. International cooperation agreements and unified approach of valid registration data like domain name are required, said Carr. “I would like to see G20, United Nations or some other international body to start looking at cyberwarfare and cyber weapons and start official dialogue between countries,” added Schneier. 

At present cyberwarfare may be an exaggerated threat, but going forward, cyber security will become a key element of every country’s national security strategy. Countries with advanced cyber capabilities and warriors will be better equipped to tackle cyberwarfare and will thus, assume power in the global economies.

Read more on Hackers and cybercrime prevention