Virtual World, Real Threats

Cyber warfare is capable of upending military operations, negating advantages of massed weapons

Atanu PattanaikLt Gen. Atanu Pattanaik (retd)

In the first week of April 2023, a trove of Pentagon documents dumped onto multiple social media had some embarrassing repercussions. The leak complicated relations between the US and its allies making it plain that the CIA was not only spying on Russia but also on its own allies and top political and military leadership of Ukraine. There were documents that also revealed internal discussions among top South Korean officials about US pressure on Seoul to help supply weapons to Ukraine and its policy of not doing so.

Interestingly, it also sowed fissures with close ally Israel as it revealed intercepts of senior leaders of Israel’s famous foreign spy agency, the Mossad, advocating that Mossad’s officials and Israel’s citizens should protest against judicial reforms proposed by Israel’s new government.

The leak also revealed that the CIA was using intercepted communication to spy on discussions inside the Russian defence ministry. The extensive penetration into the Russian miliary planning organisations enabled the US to forewarn Ukraine about Moscow’s future plans. Of course, since these are old intercepts, they necessarily do not impact current and future Russian military operations in Ukraine. But they definitely sowed seeds of misgivings and a sense of betrayal among the US allies to the advantage of Moscow.

The incident illustrates the extent to which cyber warfare is capable of upending well strategised military operations, obliterate the advantages of massed weapon systems and combat arrays and also create divisions among allies to the benefit of one party or the other. It also emphasises the need to field cyber hardened hardware in critical communication systems within the domain of the military as well as vital civilian infrastructure like electricity grids, railways and airport controls systems, banking and finance networks etc. This is precisely the challenge of Grey Zone warfare, especially in view of the fact that more than 60 per cent of the world’s population (5.03 billion people) uses the internet. It’s our source of instant information, entertainment, news and social interaction and therefore disruptive capabilities in this domain have a sweeping and disproportionate impact.

 

Grey Zone warfare

Grey Zone warfare is always below the conventional threshold and can be visualised in the realms of deniability, ambiguity, uncertainty and veracity. Cyber domain in such an arena of warfare presents major threats with unknown dimensions and far-reaching consequences. The enemy is mostly unknown and even if indicators are there, they cannot be held accountable because of the current legal framework of the prevalent world order. The repercussions of such a threat manifesting can be both kinetic and non-kinetic, thus making it a dangerous preposition. The response mechanism thus has to be potent to counter Grey Zone warfare in the cyber domain with credible deterrence.

Elbit Systems’ Cyber trainer
Elbit Systems’ Cyber trainer

Cyber-warfare is meaningless unless it affects someone or something in the non-cyber world. One can attack entities in the cyber world as much as one wants but unless something happens in the physical world as a result, one might as well be playing core wars. In recent times, thousands of flights have been cancelled and entire flight operations shut down in the US by suspected cyber-attacks. Blackouts in major cities is also a common phenomenon. Cyber-warfare in its most subtle form can also affect the minds of decision-makers in the physical world. This domain of cyber security is referred to as the Cyber-Physical Systems (CPS) that involve various interconnected systems, which can monitor and manipulate real objects and processes. They are closely related to the Internet of Things (IoT) systems, except that the CPS focuses on the interaction between physical, networking and computation processes. Their integration with IoT led to a new CPS aspect, the Internet of Cyber-Physical Things (IoCPT). The fast and significant evolution of the CPS affects various aspects in people’s way of life and enables a wider range of services and applications including e-health, smart homes, e-commerce, etc.

However, interconnecting the cyber and physical worlds gives rise to new dangerous security challenges in the realm of the Grey Zone warfare. CPS systems have been integrated into critical infrastructures (smart grid, industry, supply chain, healthcare, military, agriculture, etc.), which makes them an attractive target for security attacks for various purposes, including economical, criminal, military, espionage, political and terrorism as well. Thus, any CPS vulnerability can be targeted to conduct dangerous attacks against such systems. Different security aspects can be targeted, including confidentiality, integrity, and availability. In order to enable the wide adoption and deployment of the CPS systems and to leverage their benefits, it is essential to secure these systems from any possible attack, internal or/ and external, passive or active.

India too has been the target and victim of the Grey Zone warfare capabilities of Pakistan and China. The Mumbai blackout in recent times was one such attack which is in the public domain. China’s preferred instrument against India is psychological warfare with coercive tactics. China has extensively used the information warfare, media, psychological and legal warfare to subdue the Indian power calculus in South Asia and the Indian Ocean Region. The Chinese strategy is a surreptitious long term ploy professing peace and tranquillity but periodically disturbing the status quo and unleashing political warfare designed to subdue India’s growth and predominance without involving non-state actors or kinetic attacks. China is also using the Grey Zone as part of a campaign of incremental expansionism in the South China Sea.

Rafael Cyber system
Rafael Cyber system

Conversely, Pakistan has mastered the art of employment of regulars & irregulars along with non-state actors and the conflict in Jammu and Kashmir is a manifestation of this capability. The most satanic demonstration of the Grey Zone operations in South Asia, however, came in the form of the 26 November 2008 attack on Mumbai, aided and abetted by Pakistan but with unwavering deniability. Thus, India must acknowledge that Grey Zone wars and Grey Zone collisions undermining national security are here to stay and will require greater understanding and a comprehensive national power response. Further, Grey Zone warfare is not only a tool of the weaker state like Pakistan but also of a strong state like China. Manifestation of collusive Grey Zones by Pakistan and China are a reality and no more a myth.

 

Secure Hardware

In recent times, the focus on combating cyber warfare has increasingly been laid on the origins of hardware in vital public infrastructure, security installations and on communication handsets such as mobiles, laptops and hearing devices that are in widespread usage. Back in December 2018, Japan’s big three telecom operators announced a plan not to use current equipment and upcoming fifth-generation (5G) gear from China’s Huawei Technologies Co Ltd and ZTE Corp.

In November 2022, the United States Federal Communications Commission (FCC) announced it was banning telecommunications and video surveillance equipment from prominent Chinese brands, including Huawei, ZTE, Hytera Communications, the Hangzhou Hikvision Digital Technology Company and the Dahua Technology Company, citing an “unacceptable risk to national security.” US security officials have warned that equipment from Chinese brands such as Huawei could be used to interfere with fifth-generation (5G) wireless networks and collect sensitive information.

India has taken multiple steps in the past three years to beef up its network security, taking advantage of supply chain disruptions since the onset of the Covid-19 pandemic in November 2019. India has held up approvals for import of wifi modules from China, driving companies such as the United States-based computer makers Dell and HP and China’s Xiaomi, Oppo, Vivo and Lenovo to delay product launches in the country. Imports from China of finished electronic devices such as Bluetooth speakers, wireless earphones, smartphones, smartwatches and laptops containing wifi modules are being kept at bay through diverse regulatory frameworks and restrictive import regimes. India also does not allow the import of power equipment from China citing recent transgression in border areas and cybersecurity threats.

Field Communications Kit
Field Communications Kit

Active steps

Simple banning of certain equipment with suspicious origins are not enough to keep our systems safe and functional. They need constant and active measures such as encryption, detection and protection against passive and active attacks. In fact, aside from identifying the source of the attack, it is also important to know how the attack was performed despite the challenges. Hence, there is an urgent need for the forensics domain to enhance the forensics tools and techniques to retrieve and analyse logs of events that took place before, during and after the incident. In fact, the CPS forensic analysis is still in its early stages of development because of the equipment’s specialised nature along with its proprietary and poorly documented protocols.

Different security measures could be adopted and enhanced to enhance the protection against various threats and attacks. These include:

  • Prioritisation and classification of critical CPS components and assets before assessing, managing and analysing risks to ensure the proper budget spending on the right choice of security measures (basic, standard or advanced) in accordance to their costs compared to the likelihood of the occurrence of a given incident and its impact.
  • Careful financial planning and management must be conducted in terms of available budget and needed costs/resources to protect critical/non-critical CPS assets and components.
  • Lightweight dynamic key dependent cryptographic algorithms. These solutions can be used to ensure several security services such as message confidentiality, integrity and authentication, which are mandatory during any secure CPS communications.
  • Defining privileges. This should be considered as the most suitable access control policy, which assigns permissions and rights depending on the users’ roles/tasks/attributes when it comes to accessing the CPS and removing these access rights upon completing the task or upon the employee’s leave.
  • Strong entity multi-factor authentication. Unfortunately, entity authentication schemes that are based on a single factor of authentication are not resistant enough against authentication attacks, which are increasingly becoming more dangerous.
  • Strong password and dynamic hashing process. Passwords are considered as the ‘you know’ authentication factor. But several attacks such as rainbow and hash table attacks can be applied. In order to prevent them from occurring, after a periodic interval, passwords must be re-hashed with a new dynamic nonce for each user.
  • Secure and protected audit can be done by using an audit manager system that collects and stores logs in a distributed system.
  • Secure and verified backups. This is essential to maintain the CPS data availability and to avoid data destruction or alteration by ensuring robustness against DoS/DDoS and Ransomware attacks, especially that such attacks may result in total blackouts as in the case of the US.
  • Forensic efforts are essential to retrieve the traces of any occurring attack. Also, new solutions against anti-forensic techniques should be introduced to preserve any digital evidence. This is realised by recovering logs and monitoring network and system behaviour, which can successfully limit various reconnaissance attempts.
  • Enhanced incident response includes the ability to identify, alert and respond to a given incident. Moreover, incident recovery and incident investigation plans should be put in place to mitigate attacks.
  • Real time monitoring. Running real-time systems using specialised forensics or non-forensics tools and methods is essential to prevent any cyber-physical system accidental or nonaccidental failure. This enables constant checking and monitoring of CPS devices’ behaviour and hence, the detection of any cyber-attack attempt in its early stages.
  • Security check and employee screening must be done for each employee before and during the job to eliminate and contain any possible insider/whistle-blower attempt.
  • Periodic user training includes periodic awareness training of the ICS and PLC employees on the best cyber-security practices based on their level and knowledge, with the ability to detect any suspicious behaviour or activity.
  • Periodic pen testing and vulnerability assessment must be maintained in a periodic manner to enforce system auditing, detecting threats and mitigating them in a real-time manner before they are discovered and exploited by an attacker under the zero-day exploit conditions.
  • Up-to-date systems. Cyber-physical systems must be kept up-to-date in terms of software, firmware and hardware through constant verified patches and updates.
  • Defence In-depth. Most of the existing solutions offer protection against a single attack aspect or a security requirement. Instead, there is need for a multi-purpose security solution that ensures the best protection at each operational layer (perception, transmission and application) of the CPS.

Cyber Security Capsule

Not Enough

Physical systems interfaced with the internet are already transforming how humans interact with the physical environment by integrating it with the cyber world. They bring efficiency, transparency and speed to governance delivery. Smart airports allow passengers to walk-in to the aircraft without any physical interface. High speed rail depends critically on the CPS. So are power grids, telemedicine, digital financial transactions and everyday basic deliveries such as food and entertainment.

In the military sphere, smart munitions, intelligence systems, beyond visual range attack capabilities, iron-clad air defence systems and critical communications have increasingly become the locus of malicious attacks to drain the adversary’s strength. Therefore, vigilance in origins of hardware and software is as important as active measures to ensure their efficacy and security. It would be not out of place to state that even after the threat is real and immediate, not enough has been invested in this field yet.

 

 

Call us