Networks undergird the modern world. Networks that support our travel, water and electricity systems are more critical – and their compromise, more deadly – than any single building. If our networks were jeopardised, it’d be tantamount to instantaneous blindness: we’d reach out at the world we once knew, no longer sure of how to interact with it.
So, if a nation unable to retaliate along traditional lines was unable to do so, how would they instead attack the world’s most powerful nation – the United States – and its allies? The assassination of Qassem Suleimani has led to this exact scenario. Retaliation is inevitable. The only question is when and, more importantly, how.
The threat of cyberwarfare
Many life-ending scenarios can be easily imagined if our network infrastructure should fail. Some realistic, some not. Planes falling. Health care systems failing. Emergency services not being able to respond to emergencies. And the more mundane too: organizations and institutions that rely on web connections to conduct their day-to-day unable to do so, supermarkets no longer supplied, payment systems unresponsive and credit cards rendered useless. Financial markets would cease to trade, and history shows there’s no greater catalyst to chaos than financial uncertainty.
The threat of cyberwarfare is real, now more than ever, with nations poised in a game of tit-for-tat and retaliations, inching closer to a war in which it is programmers, not soldiers, fighting, exploiting vulnerabilities and exchanging digital fusillades. If war were to break out tomorrow, we’d see a very different war to that of a decade ago. It would be a war concluded not by military expenditure and resources, but by knowledge and expertise. Cyberwarfare is unique in that the winner is not the necessarily biggest opponent, but the most prepared (or unprepared). In October, a researcher in the Netherlands identified twenty-six thousand undefended industrial control systems across America susceptible to attack.
What could happen?
We’ve built our lives upon a precarious web of connections. These connections can be interfered with, or used as ingresses into servers or critical parts of networks. Iran has invested heavily in its cyberwarfare capabilities, spurred by the Stuxnet attack in 2010, which saw the US and Israel degrade Iran’s nuclear capabilities using a computer virus.
So far, cyberwarfare has yet to result in the sort of destabilising impact often prophesied. Cyberwarfare has been based on espionage and sabotage: interference and compromise. Soon, however, that careful balancing act between disruption and destruction may be tipped, and the capabilities of cyberwarfare manifest in frightening ways. Our lives are becoming more intertwined with network infrastructure. Electricity grids and water systems are mostly unguarded and their interference would cause instant and widespread chaos. As with anything so fundamental, we must hope for the best, but prepare for the worst.
What can network managers do?
It’s the responsibility of network managers to secure their network, but prevention is not always possible. When dealing with the unknown – what will be attacked, when and how? – the best answer is detection.
Should state actors attack, they are likely to focus on networks that deliver critical services to end-users. But rather than tampering, we’re likely looking at the elimination of systems, to inflict the maximum disruption – if not destruction – on the targeted nation. Manipulation is tricky and takes time; at the point in which the lines between acceptable and non-acceptable interference are blurred, destruction is the more efficient option.
In May 2017, the WannaCry ransomware attack paralysed the NHS. The consequences were severe, but the same attack carried by a more sophisticated state actor would threaten lives.
A network security manager may only have moments to respond to an attack. Moments between initiation, detection and conclusion. Seconds count. Every attack vector is an option; any weakness exploited. System-paralysing viruses may be disguised in encrypted traffic, credentials compromised or an unprotected computer sitting on a network used as a doorway.
Cyberwarfare is a favourite subject of science fiction writers because it sets the context for world-altering events. But there are solutions – and as much as malicious actors evolve their methods, so, too, do vendors evolve their security solutions.
For more information about network security, and how to protect all areas of your network against the unknown, contact us today. With options from Plixer, Cisco, Ixia, Endace, ntop and Securonix, we can advise on specific integrations and devices to help you create a network solution with comprehensive monitoring, detection and analysis capabilities.
