Today breaches are simply a fact of life in the cyber age. A report tracking the largest breaches of 2017 also said breaches in 2016 had increased by 40% (over 2015 - including the Yahoo compromise of more than one billion accounts) and that 2017 “could get even more messy and more serious.”
As noted in a recent Verizon report, most breaches are the result of attacks against servers and devices.
Attacks aren’t always economically motivated. Some are politically motivated, including 2016 election influence campaigns armed with leaked communications (from hacked servers) and attempts at voting machine manipulation. The Russian government is said to be behind attacks on election systems in 21 states.
The increases in breaches and the entrance of nation states as potential bad actors are ominous developments in a world going digital. A recent article in Forbes claims that the US is already losing the digital war: Digital Generals Are As Important As Military Generals (Because The US Is Losing the Digital War). It points to an increasingly dismal digital economic future framed by preoccupations with out-of-date industries and gaps in science-related curriculums.
A key difference between a conventional war and a cyber war is the difficulty of attribution:
As it stands today, it is unclear what a state actor is other than an intrusion that is definitively attributed to an off-shore actor. Cyber intruders now use in-country assets to mask their location, making attribution challenging. If the state actor has a grudge that they want to air, then they will use their own addresses to get their message across to the company and government. – Identity Week, Philip Lieberman, 2/17
Yet the stealth aspects of cyber attacks make them more likely to be used, because the attacker is less likely to be held accountable. It would be a rational action to use the weaknesses of the digital age to undermine those further along in its benefits, if the prospects of being penalized are low or blame could be deflected to an unsuspecting third party.
The difficulty of attribution should not distract us from the seriousness of the attacks. Cyber wars by nature will more likely be stealth wars between rivals and proxies aimed at degrading the necessary trust institutions (and economies) needed for a civilization to function.
If that is the case, haven’t we already seen enough to acknowledge that cyber war is already a reality?
The Future Looks Even Worse
As nation states get more active in the cyber black market the line between hackonomics and nation-sponsored cyber war gets blurred even further. Attribution can become even more complex, especially for a democracy with competing interests, including those funded by foreign benefactors.
Want to know what the future could look like? Simply look at Ukraine, which has experienced infrastructure hacks and blackouts and a variety of cyber threats. See the recent Wired piece How an Entire Nation became Russia’s Test Lab for Cyberwar.
If you think of civilization as “people who don’t know each other successfully working together,” then trust is the critical foundation of the digital age. Destroy trust and you destroy civilization as we know it. Nothing works.
“Cyberspace is not a target in itself,” Yasinsky says. “It’s a medium.” And that medium connects, in every direction, to the machinery of civilization itself. – Andy Greenberg, Wired 6/17
With larger populations of devices accessing more complex, shared infrastructures attached to increasing exposed systems you have a market of growing opportunity for fast growing populations of cybercriminals and their sponsors living beyond the reach of domestic law enforcement and perhaps even international treaties.
That’s why I’m putting together a cyberwar panel for Future in Review this October in Park City. Stay tuned!