By Tom Abram, Director, Archives of IT
When Caesar “Crossed the Rubicon” in 49 BC he passed a point of no return that implied a declaration of war. In May 2022 Chris Hurst and Iain Johnson of the Blackwired told the Archives of IT that the cyber Rubicon had been crossed in 2010 and that cyberspace was recognised as the fifth theatre of war alongside land, sea, air and space. On June 30 Channel 4 TV in the UK aired the first episode of Undeclared War and brought to life some of the issues.
Personally, my worst nightmare and experience of cybersecurity was identity theft and fraud, which I found very unsettling. One of our audience at an Archives of IT webinar urged us to include interviews with the “bad guys” of the web, such as “the pornographers”, to give a more balanced view of the industry. Others in the Archive mention online bullying and grooming. These are bad enough but, naively, I had not connected the www, whether light or dark with a trigger point for global war. However, Chris Hurst pointed out that as the Pentagon recognised cyber as the fifth domain of war, there came with it some profound questions. Cyber weapons are very powerful, especially if used covertly, such as in the Stuxnet event of 2013, which saw one nation state attack another with a cyberweapon, destroying national infrastructure, at a time of peace. Chris suggests this was another crossing of the Rubicon and caused Michael Hayden, the Director of the NSA at the time, to question the morality, ethics and the possible consequences of the use of cyberweapons. Do they not come with the same dangers and responsibilities as nuclear and biological weapons of mass destruction?
In 2016 when the Australian defence and government was attacked via a private company called NewSat Ltd” Chris observes that attack was called out by Michael Hayden as another Rubicon moment when private companies and enterprise became part of a cyberwar.” Chris says: “What’s generally attacked from the dark space and by bad actors is the systems and processes of management control. The three things that are attacked are production, distribution and exchange, i.e. Banks, Stock Exchanges and so forth. Chris highlights three types of violence that he sees: instrumental violence such as extortion or ransom, expressive violence, and statement violence. He adds: “Expressive violence is looking beyond the instrumental violence of say a ransomware attack or an extortion attack at what was the expression behind that attack, was it control over distribution (Fuel Pipelines) or production (Energy), for example. An example of statement violence is the Sony Pictures attack. North Korea attacked Sony Pictures in retaliation of the release of the film The Interview. Again, this is a Rubicon that’s been crossed, North Korea state attacked a public company, Sony Pictures, in response to a movie. Chris and Iain don’t work only for the national security and defence communities but, considering incidents such as above, do apply military disciplines to tackle the threat to commerce and industry that is hidden in the Dark Web.
That might stem from Iain’s Army service and his adoption of the US Marine Corps’ “Left of Bang” philosophy. “Bang” is the attack, the first shot, the explosion etc, so keep left of it on the timeline. On the physical battlefield, the threat might be an IED (Improvised Explosive Device) explosion, the sniper taking a shot, or the beginning of an ambush. Iain says “The reason we did this is that we knew that traditional military doctrine and methods, processes and management of battles was failing in Afghanistan. The US Marine Corps Combat Hunter program looked at what are the fine grain things that we can find out, e.g. who’s standing where, who’s watching what, who’s building what, who’s buying plastic tubing to put IEDs in, who’s buying different electronic components and mobile phones? So, these are all preparations that we couldn’t see before, and the Combat Hunter program brought those things into the sunlight so the real actionable intelligence could be created. Just because the dark web is closed and unsearchable, not indexed and cloaked does not mean that you can’t get inside the dark web. You don’t have to see inside the volcano to see what’s going on, you plant a sensor and it tells you what you need to know about what is coming. I looked at that geophysical/climate change philosophy and spun it round to look at cyberspace.”
If we believe the picture painted on TV in Undeclared War, there is not much that is invulnerable, so what is going to keep the world safe? Without going into detail (read the full interview here) Iain and Chris at Blackwired, and others in the industry and security agencies are working on ways to anticipate and neutralise the threat. However, if there is a moral from the TV drama, perhaps it is that we also rely on politicians of all persuasions to find a way around the Rubicon rather than wading across it.