Research on Cyberwarfare: Cyberattacks, Experiments, and Future Predictions

Mette Eilstrup-Sangiovanni defines cyberwarfare as “deliberate and hostile use by a state of a cyber weapon with the intention of causing injury or death to persons, and/or to significantly disrupt, damage, or destroy another state’s strategic assets or critical national infrastructure. ” (Eilstrup-Sangiovanni, 2018)What would a cyberwar look like? In this essay I will examine cyberattacks and experiments, such as Stuxnet, The Aurora Generator Test, the failed Iranian hack on Bowman Avenue dam in New York, and Russian cyberattacks on the Ukrainian power grid. I will try to predict the future possibility of cyberattacks, and what a cyberwar might look like, including the effect of the growing internet of things and possible effects of Digital twins. I will start with what is probably the most famous cyberattack, Stuxnet. The Stuxnet Worm was the first “cyber warfare weapon” ever, it was used to sabotage an Iranian nuclear site. (Langner, 2011). Stuxnet entered the system via an infected USB key. The worm presented itself with a trusted digital certificate to fool any windows operating system it found. The worm then searched the local network for any Siemens programmable logic controllers (PLCs), as its code was specific to Siemens.

1. An examlple of The siemens controller infected
2. An example of the Centrifuges being controlled

The code firstly just monitored the Siemens controllers, doing no damage to the machines, however after a complex system of timers and messages, the worm sent messages to any output devices on the network telling them that everything was working normally, while simultaneously causing centrifuges to spin incredibly quickly until they broke down. (A centrifuge is a Cylinder which usually contains a gas, which spins quickly, in this case it is used to enrich uranium). This cost Iran a lot of money and set them back in their nuclear efforts. Stuxnet is an important example, as the code was far too complex and specific for any small group of hackers. It was very likely a co-ordinated attack from at least one country to sabotage another. Stuxnet was “reportedly developed and launched by the United States and Israel” (New Jersey Cybersecurity and Communications Integration Cell, 2017).

The attack was also different as it was a military action. “Stuxnet's goal was to physically destroy a military target-not just metaphorically, but literally. ” (Langner, 2011). This attack was not to gain information or extort money, it was a precision attack from one country to another. Cyberattacks usually occur on SCADA (Supervisory control and data acquisition) systems. A PLC is an example of a Scada system. SCADA is used in a wide range of industries, and with the growing internet of things, its use will only become more widespread. For example, although the united states are one of the leaders in Cyberwarfare, they are also one of the most vulnerable countries to cyberattack because of their use of internet of things. Amy Zegart says in her tech talk on cyberwarfare “The United States are the most vulnerable why because we're the most connected we rely on networks and connectivity for our economy for our civil society for our government for our military” (Zegart, 2017). In future it is possible that most machinery and vehicles will be automated or remotely operated.

The next case I will talk about is the Aurora Generator test. This test caught the attention of the public in the United States. This was a test carried out by homeland security, they hacked into an isolated generator and caused it to overheat and break down. “The project was conducted to determine if a cyber-related event could cause physical damage to critical hardware” (Robert Radvanovsky, 2013). The test showed how easy it would be to take a generator offline, but what if a co-ordinated attack broke most if not all electric generators in a country? There would be blackouts across that country, some could last weeks if the generators had completely been made completely redundant. This could cripple a country, cause numerous riots, and slow a countries reaction time and ability in the event of an actual war. The Aurora Test helps us visualise what an attack might look like, cyberattacks on public infrastructure causing massive damage and rendering them useless. Attacks could happen in other areas, if an attack took place inside a datacentre for example, causing fans to overload until they physically broke, would create a situation where several extremely expensive servers are permanently damaged beyond repair within minutes, causing potentially billions of dollars of damage.

The worst-case scenario of a highly co-ordinated, well planned cyberattack, affecting all possible systems in a country, could be devastating to services, the economy and social order. Could a cyberattack lead directly to loss of life? Here we come to the Iranian hack on Bowman Avenue dam in New York. A group known as the “Islamic Revolutionary Guards Corps” (Thompson, 2016) gained control of the “command and control system”. (Thompson, 2016) These attackers could have opened the dam had it not been for a manual lever being disconnected. It should be noted that this was a small dam and perhaps did not have the same cybersecurity as others in America, however the idea of remotely opening a dam to cause damage and death from across the world shows how terrifying a cyberwar could be.