Impact Realisation of Cyber Warfare

Cyber Warfare can be classed as the mechanics of a specific attack which could be politically or financially motivated within the digital sphere. These attacks can be originated from any digital device such as a mobile telephone, pc or any other digital devices. The reason for these state-sponsored attacks is designed and mitigate to disable or to destroy infrastructures without the need for manpower or military equipment, the number of attacks can be motivated but for the basis of this report will revolve around the following: Sabotage - can be communications, utility’s such as electricity/gas, financial such as banking/stock marketing, these systemic attacks can leave country’s open to physical attacks such as terrorism. Espionage - information gathering for restricted or classified material which could give a person, company or party financial, political or military gain. Digital assaults might be brought out through a large group of innovations, however, have an assault design that might be displayed.

Despite utilizing the most cutting-edge innovation, the periods of a digital assault for the furthermost part take after indistinguishable example from a customary wrongdoing. (Colarik, Janczewski 2007)The Motives and Ramifications of Cyber WarfareThe motive for such attacks can be numerous, and the end goal can be different than can be expected and can cause disastrous effects, the four main types of motives that can be used are, Infrastructure, Political, Military and Financial (this list is not exhaustive) Country’s such as Russia, USA, UK, Iran, China and North Korea are among the planets leading exponent in cyberwarfare. Some detrimental effects of this can cause:· Loss of life (Donnelly 2018).

Economic Implications (Oxford Economics 2014)· Infrastructure failures (Pandey, Misra Dec 2016)· Political (Brenner, Clarke 2010). AramcoOn the 15 August 2012, a cyber-attack codenamed Shamoon also known as W32. DisTrack was utilized against and oil company Aramco in Saudi Arabia. (Madaan 2013)The primary motive of this attack was to enter a network infrastructure and wipe the storage areas of all networked linked devices, Shamoon done this by attaching itself to the master boot record of the suspected hard drives but an added side affect of this was it prevented any machine that it attached to prevent it from restarting along with affecting adjacent child companies. (Bronk, Tikk-Ringas 2013)

The company had severe losses and Shamoon damaged over 30,000 systems. After the attack Aramco recruited an external cyber security company to analyse the exploits that were used, after deep diving thousands of lines of code it was found and suspected that this code was written by the Iranians however due to the complexly and the similarities of the code it does appear that the code originated from the US. (Dunn E John 2012) The Implications Aramco had to stop production, this company supply’s 10 percent of the world's oil (Nakov Anton 2011), contractors had to be turned away, employees resulted in using typewriters which increased workload and governments were affected by the lack of oil, another subsequent event was Aramco had to buy 50,000 hard drives which the company saved money, however socially, local business and customers suffered and had to increase prices. (Pagliery 2015) Due to the location, no one was prosecuted.

This year the second version of this exploit was released since then it has been under investigation by the Industrial Control Systems Cyber Emergency Response Team ISC – CERT which is part of Homeland Security who has advised on the implications of such an exploit, the ramifications and an incident response plan on how to mitigate and strategize these issues if such an event occurs again. (ICS-CERT 2012)StuxnetStuxnet was the first type cyber weapon of its class which uses Zero-Day exploits that was suspected to be created directly through the collaboration with the United States and the Israeli Governments. (Weinberger 2011)

The purpose of this weapon was to disable the centrifuges within one if not all of Iran’s nuclear power plants, its design is a combination of multiple malware elements such as a Virus, Rootkit, Word and Trojan(Summary. 2011). In November 2007 this weapon was deployed to attack Uranium Enrichment Facility’s, its result was to speed up of 1410 hertz then slow down to 1064 hertz the centrifuges(Bond 2017) that separates waste from nuclear material in these facility’s which would end up in destroying them due to the dramatic change in speed.

Its primary use is to systematically target industrial PLCs – Programmable Logic Boards which are primary used in a majority of control systems such as factory’s, warehouses, water treatment and power stations and amusement parks (Chen, Abu-Nimeh 2011a). It is also used in centrifuges by separating waste from nuclear material in power stations, Stuxnet works by penetrating windows-based systems by appearing as a Windows Certification Key then attaching itself within the adjacent networks, once deployed it seeks and targets a piece of software call Step7 by Siemens AG (Gießler 2003) its purpose to sabotage the links to the control boards.

Step7 had a serious security flaw that was exploited, in the depths of the code there was a hardcoded password (Chen, Abu-Nimeh 2011b) embedded into the system once broken would allow full access to change system priority’s, shut systems down, and disable active administrator accounts, Image curtesy of (Michael Holloway 2015) and Sandford University.

The result of this outbreak is because once the main systems have been infected it sends false signals to the controller boards then spreads within the network. If this was not detected when it was Iraq would have been nuclear dead zone. There are many references to this attack, it has to be mentioned that majority of these references do state that this is the amalgamation of the United States and Iranian governments, in this attack over 45,000 devices have been affected, 66% of these are based in Iran (Bronk, Tikk-Ringas 2013).

The Collaboration of Security Agency’s J-CATThe collaboration of multiple government security agencies is working together to fight the cause of Cyber Warfare, The Joint Cybercrime Action Taskforce (J-CAT) is a collaboration between EU Member States: Austria, France, Germany, Italy, the Netherlands, Spain, Sweden and the United Kingdomand Non-EU Member States: Australia, Canada, Colombia, Norway, Switzerland and the United States (New European task force will tackle international cybercrime. 2014). J-CAT’s primary goal by identifying high value targets that have a protentional detrimental treat to the world digital infrastructure, there objectives include (not an exhaustive list):

• Identification of paedophiles and child exploitation
• To prevent high tech crimes such as distribution of malware, botnets, money laundering
• To eradicate counter-antivirus services, card cloning

To educate and prevent social engineering. J-CAT work with the European Cybercrime Centre – EC3 (Buono 2012) role is to identify the laws that govern Cyber Warfare/Terrorism, analyse these laws then provide identification tactics on how to improve on these laws. EC3 run multiple conferences each year on emerging threats, the core values of EC3 uses a multipoint approach in the eradication of cybercrime, forensics strategy and operations. Operation Blackfin was one of the largest cyber collaborate efforts to this date, its role was to systematically focus on Identify theft, phishing data for emails/online banking, DDoS attacks and social engineering, below is an extract of the protocols used from the Cyber Security Capacity Portal (Weisser, 2015):

• Pursue – Proposed activity linking in to Prevent campaign against deployer’s of stressed tools
• Prevent – Proactive communications campaign to prevent a trend of young people becoming cyber criminals, communicating what is illegal and the consequences of this behaviour, and to deter young people at a crossroads to choose the right path
• Protect – The focus of PROTECT activity will be to utilise threat data to inform hosting companies of un-remediated threats hosted on their infrastructure
• Prepare – The focus of the PREPARE activity will be to raise awareness of cybercrime and improve the victim experience should they become a victim.

This was done through the preparation of pop-up shops in cooperation with private industry partners (Anti-Virus companies)Incident ResponseAfter a security breach or attack within a company or government a protocol is initiated, usually this is a called a Cyber Incident Response, the primary goal of this procedure is to prevent disaster, reduce time in recovery and decline the financial impact. Once initiated an incident response plan is followed, this usually consists of six elements:

1. Preparation – A set of rules and instructions and actions to complete if an attack or breach does happen.
2. Identification – What is they method, type and delivery of attack, what systems have been affected.
3. Containment – Once the identification process has taken place, all affected systems must go through isolation to protect remaining uninfected assets.
4. Eradication – Once the affected systems have been quarantined, investigation takes place to remove the effected systems.
5. Recovery -When all systems are clear from infection and given the green light, backup recovery procedures are actioned to get all systems back up and running.
6. Documentation – This is the most important part of incident response, once identified how this attack took place an analysis is performed to stop future type attacks or breaches.

If a security flaw is known and patched from what is learned from the attack, then it may prevent such in the future. Such an example was on Friday 12th May when the National Health Service went through a Systemic attack. Ransomware was introduced with the NHS network by an employee opening an attachment on an email that looked genuine, from that open attachment WannaCry was able to spread across the entire NHS infrastructure by releasing malware on each machine/device it reached. Eighty organisations were infiltrated with the NHS domain and over 10,000 medical records were loosed due to this attack. After identification, analysis and containment procedures were implemented an external malware researcher found the kill switch which stopped the attack.

The learned outcome was that the systems were not correctly updated and patched to prevent the attack the security systems (CareCERT) that the NHS used was out of date, this systems role is to update all operating system and firewall security services. Since the attack the NHS has advised that they are in the process of updating all systems with state-of-the-art protection by spending one hundred and fifty million. The social and ethical implications of this is that patients could not get access to the duty of care and medication they needed due to the attack. There were no fatalities, due to the fast amount of time that took to eliminate this.

Conclusion

Cyber Warfare is will always continue, technology to initiate a cyber-attack is relatively cheap. Anyone with the right midframe can purchase equipment and start an attack, this could be though a mobile phone, PC, Laptop, Raspberry Pi, the open source software is on the internet where anyone can learn how to use it. Most if not every device now connects to the internet and with the increase in IoT devices Cyber Attacks are going to get more and more frequent. Anonymity is becoming more apt in where locations can be deceived, devices are now available to protect residential users with internet connected homes. Majority of all the worlds governments are working together to actively identify creditable threats or parties to protect the soventry of its people. Cyber Warfare can be stopped by educating people on the correct process, such as social engineering, internet use, social media and the lawful prosecution of such acts.