Cyber Warfare: Nation State Sponsored Cyber Attacks
What is Cyber Warfare?
The internet has changed how we view and interact with the world in a remarkable number of ways. Unfortunately, this change is not limited to just peacetime activities. The way wars are fought is also affected by this evolution. Now that every nation-state is tied into and reliant upon the internet for news, elections, communicating with its citizens, and providing public services, traditional physical warfare has been expanded to include cyber warfare.
But cyber warfare isn’t as easy to define as conventional warfare. The reason? Cyber warfare is not about the acquisition of physical territory or the movement of troops and equipment, although it may support conventional warfare in achieving such objectives; it’s about gathering intelligence, financial gain, damaging digital and physical infrastructure, hindering communications and the theft of intellectual property. Moreover, because cyber warfare is virtual and doesn’t involve or require any kind of overt declaration of war, it’s usually very difficult to prove that a particular state actor is responsible. Cyber warfare is therefore very different from conventional warfare:
“… modern war is a messy affair, not a clean and glittery Hollywood movie. The emergence of cyber as a separate domain of warfighting does not necessarily offer magic solutions and miraculous short-cuts to achieve strategic goals. As of November 2015, the case has shown that destructive cyber operations are not (yet) a silver bullet in the arsenal of states which still operate below certain thresholds due to legal and political considerations and uncertainties over escalation.” — Cyber War in Perspective: Russian Aggression against Ukraine
The Undercover Nature of Cyber Warfare
The current and very messy physical war being waged on Ukraine by Russia—what the Kremlin refers to as a special military operation—illustrates the power of these constraints in limiting Russian cyber attacks and the undercover nature of cyber warfare. In fact, Russian cyber attacks on Ukraine have been going on for a long time. The first serious assault on Ukraine was Operation Armageddon, which started in 2013. This was followed by more Russian cyber attacks, which included , multiple Russian cyber attacks on the Ukrainian election system, also in 2014, and the world’s first successful cyber attack on a power grid in 2016 that resulted in service outages for roughly 230,000 consumers in Ukraine for up to six hours.
Since then, Russian cyber attacks on Ukraine have continued and Ukraine has retaliated with a flurry of cyber-offensives starting—as far we as we know— in 2016. A key result of these counterattacks was The Surkov Leaks in 2016. This resulted in the exfiltration of 2,337 email messages along with hundreds of attachments, exposing Russia’s plans for annexing Crimea and creating separatist unrest in Donbas.
So why hasn’t Russia unleashed what some commentators have called “cybergeddon” on Ukraine as part of its current offensive? According to Russia Matters:
One group of scholars has long argued that expectations of cyber apocalypse have been overblown, with doomsayers ignoring that cyber and military campaigns serve different purposes. Cyber operations, these experts say, are neither “catastrophic weapons of destruction” nor good for “managing destruction at scale”—meaning they’re unlikely to be the game-changers many anticipated in modern warfare. “It’s much simpler,” four of these authors write, “for Russia to launch an artillery barrage at a [Ukrainian] power substation than to hack it from Moscow.” —
In the 2022 conflict, there’s also doubt as to whether Russian cyber security staff were in the loop in the Kremlin’s initial war-planning so , they might have been too busy with disinformation campaigns to mount any significant infrastructure attacks. Finally, there’s the suggestion that Russia’s cyber warfare capabilities may not be as advanced as has been assumed, thereby limiting the impact of Russian cyber attacks.
These are the kind of constraints that explain why cyber warfare—at least for now—is different from conventional warfare and nothing like the science fiction-like vision promoted by mainstream media. There’s also a strategic reason that nation states are hesitant to go all out in digital attacks: State actors don’t want to deploy their most effective tools and techniques to mount a cyber attack unless they absolutely have to because once they do, the enemy will eventually reverse-engineer the attack and learn not just how to defend against it but also how to use for their own purposes. The most valuable of these tools are the zero-day exploits that cyber security organizations such as the U.S. National Security Agency, the U.K. Government Communications Headquarters, and the Special Communications and Information Service of the Federal Protective Service of the Russian Federation are known to have both developed themselves as well as purchased for millions of dollars.
The final constraint on cyber warfare is international law. In May 1999, the Pentagon general counsel office published An Assessment of International Legal Issues in Information Operations, which is a set of guidelines for waging cyberwar:
The document points out that although it was not clear that information operations (IO) would legally be considered “weapons,” the traditional law of war applied to a military cyber attack. / Therefore, viruses or logic bombs aimed at civilian targets such as banks and universities could constitute a war crime. / In one example, the Pentagon document says: “It might be possible to use computer morphing techniques to create an image of the enemy’s chief of state informing his troops that an armistice or ceasefire agreement had been signed. If false, this also would be a war crime. – “Pentagon kept the lid on cyberwar in Kosovo,” The Guardian, November 8, 1999
Current Cyber Warfare by Nation-states Demonstrates It’s Been Used For
- Disinformation and Propaganda: Russia’s social media-based disinformation campaigns for the 2016 U.S. presidential election highlight how digital attacks can be used against intangible targets, such as faith in social and traditional media, and confidence in the integrity of elections.
- Cyber Espionage: Cyber espionage is not warfare as such but rather an ongoing activity by nation-states to determine the strengths and weaknesses not only of enemies but also of any state, friendly or otherwise. There are many documented cases where a state-sponsored cyber espionage group has been suspected of or occasionally found to have surveilled other countries for cyber espionage purposes. For example, the U.S. National Security Agency recorded nearly every cell phone conversation in the Bahamas, without the Bahamian government’s permission, along with similar programs in Kenya, the Philippines, Mexico and Afghanistan.
- Cyber Terrorism: Cyber terrorism is the use of non-state actors (funded by a state actor) to commit cyber attacks to cause physical, political, psychosocial, economic, or other damage. The goal is to create fear, distrust, and or destabilize or degrade government or politically important activities, and infrastructure.
- Cyber-sabotage: One of the most famous cyber attacks that resulted in physical sabotage—to deliberately destroy, damage, or obstruct (something), especially for political or military advantage—was the 2010 attack on the Iranian nuclear fuel processing facility that resulted in the physical destruction of almost 1,000 uranium enrichment centrifuges by the Stuxnet computer worm. The evidence suggests that the worm was created by the United States and Israel in a collaborative effort known as Operation Olympic Games.
The United States has only ever admitted to one major cyber warfare attack, which was Operation Glowing Symphony mounted in 2016 against ISIS/ISIL by US Cyber Command, the NSA’s cyber security offensive team. This is covered in detail on Episode 50: Operation Glowing Symphony of the Darknet Diaries podcast. This episode gives an insight into the operational and bureaucratic complexities of a government agency mounting a large scale cyber attack while at the same time being constrained by international law, the need to use force strategically, and the political complexities of a nation-state cyber security engagement with another group such as ISIS.
Cyber warfare is about sophisticated and stealthy hacking by nation-state actors or their proxies to support economic, political, or real-world warfare goals. The truth is that digital attacks haven’t been and may never be as dramatic as science fiction and mainstream media have portrayed it. That said, cyber warfare as it has been practiced is dangerous and the potential for spill-over into business and civilian life could well have major impacts. Another episode of Darknet Diaries (EP 48: Operation Socialist) quoted Craig Mundie, ex-advisor to Bill Gates, from a keynote at Columbia University:
The real problem right now is that if a nation-state chooses to use their full array of capabilities against even a sophisticated business, the business almost doesn’t stand a chance. Part of the problem we’ve got is that people are still thinking that if they use conventional defensive techniques to improve the perimeter security of their network, that they’re going to be okay. That may be sufficient against malicious mischief or petty criminals but it’s questionable against sophisticated organizations and it’s probably hopeless as a defense strategy against the government.
How Can You Improve your Cyber Defense Posture
In the face of a potentially overwhelming attacks, a key step is bolstering your internal cyber security by adopting a zero trust security strategy. This alone will make incursions and lateral movement of malicious actors far more difficult. Another crucial cyber defense strategy is managing incoming and outgoing network traffic, and making sure the organization has full visibility into all traffic, encrypted and otherwise, using TLS/SSL Inspection.
Finally, since DDoS attacks are increasingly becoming cheaper and easier to launch—the latter being facilitated by the availability of over 15 million DDoS weapons, cyber criminals have, time and again, leveraged them in their cyber warfare strategies. Ensuring an AI/ML-based, automated DDoS defense strategy is essential to protect critical infrastructure, users and resources against DDoS attacks.
How A10 Networks Can Help
A10 Networks is an industry leader in cyber defense offering world class cyber security products. A10’s Thunder Threat Protection System (TPS) employs advanced DDoS protection and mitigation strategies that protect against any DDoS attack while A10’s Thunder SSLi gives you full network traffic visibility. With A10 Networks you’ll be prepared for whatever the bad guys throw at you.