Page 10 - index
P. 10
Cyber - A Fresh START?
The requirement to generate agreed restrictions on the use of sinister cyber capabilities
By Ash J. Hunt
Cyber, cyber, cyber - here we go again! As the complicated mess of the Ukraine crisis continues
to unravel, global commentators have been eagerly suggesting that the escalatory nature of the
conflict could lead to a ‘cyber war’. Jarno Limnéll, Director of Cyber Security at McAfee,
identifies that likely targets ‘could include ATM networks, e-commerce systems, energy grids,
transit and road signals, air traffic control, and certainly military command lines’. In truth, Limnéll
is right, but his flag of concern only touches the edge of the enormous hurt that can be targeted
to us all. The toolkit of the cyber assassin’s arsenal is simple enough to understand and
importantly consists of: ability, capability, flexibility and agility. It is this lethal cocktail of
adjectives within the context of limiting damage, that must be treated with agreed restrictions for
the interest of human life and dignity.
The established paradigm and treaties of restricting weapons adjudged to cause unacceptable
levels of human suffering is not new. International law already prohibits the use of chemical,
incendiary and nuclear weapons, and it is these limitations that have helped protect us within
the four conventional domains of war (land, sea, air and space) for decades. As the international
community gradually grows into its shoes of the fifth domain (cyber), it is essential that
deleterious cyber utility and activity is given equal consideration (particularly as its destructive
capacity is coequal to its nuclear counterparts). Renowned individuals such as James Lewis,
Director of the Technology and Public Policy Program at the Center for Strategic and
International Studies, have stated that a cyber treaty ‘does not make sense’. I disagree and
contend that it is prudent to look at both the here and now and forward to the emerging science
of the fifth domain and its immense capabilities. Only once the full yardstick of cyber probability
and capability is understood can responsible stakeholders credibly postulate on what mandatory
limits are agreed against the backdrop of safeguarding the vast networks that service nation
states.
At present, thirty five countries have offensive cyber capabilities, not to mention the untold
millions of cyber-savy individuals. National life-support systems such as critical energy
infrastructure (CEI) and the like, remain desirable targets and are vulnerable assets; the more
vulnerable our assets, the more fragile our infrastructure. The United States reported a rise from
34 to 257 cyber attacks on their industrial control systems in 2013 alone. The same report
revealed that the industrial internet was disproportionately weaker than the consumer-facing
web. It is folly to secure and defend our wants over our essential security needs. Experts have
further stated that ‘if the grid [was] down for a year or more, between two-thirds and 90% of our
population could be lost to malnutrition, disease, and the [ensuing] chaos associated with social
breakdown’. This kind of sinister cyber attack will leave a smoking crater: a hospital without
power, a city without water, a region without energy…
Indeed, the emerging, continued and growing threat to critical national infrastructure (CNI) is a
real concern with very few safeguards available. As the previous Chair of the British Defence
Select Committee, Rt. Hon James Arbuthnot MP, warns, ‘there is a need to focus on protecting
critical systems’ for ‘a successful cyber-attack could have truly apocalyptic consequences’. The
physical fallout of such disasters have already transpired with the ‘Maroochy Water Breach’ and
the ‘Stuxnet Worm’. In the first instance, the Maroochy Water Services at Queensland, Australia
10 Cyber Warnings E-Magazine – January 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
