This article was submitted to the UK Defence Journal by Rebecca Campbell*.
As early as September 2007, according to the US Centre for Strategic and International Studies, Israel used a cyber attack to disrupt Syrian air defence networks as part of an air strike against an alleged Syrian nuclear facility. The Stuxnet computer worm, discovered in 2010, inflicted physical damage on more than 900 uranium enrichment centrifuges in Iran. In late 2014, a cyber attack manipulated and disrupted the control systems of an unidentified German steel plant, resulting in massive damage to a blast furnace. In December 2015, a cyber attack on Ukraine’s power grid disconnected 30 electricity substations from the grid and cut the electricity supply to 200 000 people for several hours. Physical damage was inflicted on industrial control systems and the 30 affected substations had to be manually operated for several weeks.
Don’t forget that shutting down electrical networks also shuts down wide swathes of the economy and national infrastructure: electric trains cannot run, financial services cannot take place, civilian telecommunications are severely disrupted, hospitals are crippled – and can patients die – traffic control systems go down, and so on.
In all these actual cases, the level of damage inflicted was previously only achievable by the use of strategic bombing.
But the potential is much wider. Chemical plants are also vulnerable. Cyber attacks which give hackers remote control of the industrial control systems in chemical plants would allow them to disrupt the entire process control system, exceed safety parameters and wreck equipment, accompanied by the spilling of dangerous chemicals and/or the release of poisonous gases, endangering the lives of many, perhaps thousands, of people. That the risk to people is real is shown by the consequences of one of the worst, if not the worst, industrial accident in history.
In December 1984 more than 40t of methyl isocyanate gas leaked from a pesticide plant in Bhopal, India, immediately killing at least 3 800 people, with up to 6 000 more dying in the following few days, and a further 15 000 to 20 000 people suffering premature death over the next 20 years. And many people who survived, and still survive today, suffered permanent damage to their eyes, as well as their neurological, reproductive, and respiratory systems. Survivors also suffered from genetic damage, with increased levels of chromosomal abnormalities.
It should now be obvious that the military potential of cyber warfare is very real. State-organised and coordinated hacking could attack electricity grids at multiple points simultaneously, overwhelming repair crews, and, at the same time, attack multiple chemical plants and other essential systems. An entire country could be “taken down”, with recovery requiring (depending on the sector of the economy) anything from minutes to months. Now imagine such an attack combined with a simultaneous full-scale conventional assault against that country or a small, weak, ally of that country. The chaos resulting from the cyber attack would pretty much neutralise any military response to such an attack for crucial hours, maybe even days.
Both Russia and China could attack the UK through Cyber warfare, as could countries like Iran and North Korea. In fact, Cyber warfare is the ideal weapon for weaker countries against stronger ones. Because it has global range and can inflict potentially devastating physical damage and loss of life, it can substitute for strategic air power and conventionally-armed ballistic missiles, and at a fraction of the price. Cyber attacks must be guarded against.
However, protection against Cyber attack is complicated because the sphere of cyber defence embraces the military, civilian government, and civilian commercial realms. Perhaps different terms should be used for each – “cyber defence” for the military realm, “cyber security” for the civilian governmental realm, and “cyber protection” for the commercial realm. Cyber defence would be the responsibility of service personnel (whether regular or reservist or both), cyber security would be handled by civilian government agencies, while cyber protection would involve the private sector with government support. Coordination and cooperation would be required across all three realms.
As the threat is real, Britain must make serious investments in Cyber defence. The idea that the armed forces should protect national industrial infrastructure from air or submarine-launched conventional cruise missile attack but not from equally (perhaps even more) destructive Cyber attacks is completely irrational and, in fact, absurd.
Of course, what is sauce for the goose is sauce for the gander. Britain can also use Cyber warfare to attack foes. I am no expert in the law of war, but I suspect that, to be legal, Cyber attacks would have to be carried out by uniformed personnel. Moreover, it would make no sense to take such a potentially powerful offensive capability away from the armed forces and give it to a civilian agency.
But who should be responsible for strategic level Cyber defence in the UK, especially given the general perception that the types of people best suited for Cyber are not really amenable to military discipline and hierarchy?
The RN and RAF are probably better bets for hosting such people than the British Army. The RN in particular has a well-established record of successfully operating ‘quasi-piratical’ and quite informal organisations that relied on self-discipline much more than formal discipline, such as the early submarine service and coastal forces during the two World Wars.
But whichever service gets to form the framework for Cyber defence operations (which would obviously fall under the control of Strategic Command), each of the armed forces must have their own tactical and higher-level Cyber defence and offensive capabilities, just as, for example, they have their own EW capabilities.
In purely defence environments Cyber warfare can be used to “crash” defence command, control, communications and computer systems, sensor systems, integrated defence (such as air defence) systems, thereby blinding, confusing and disarming military forces and allowing an aggressor to inflict severe losses and seize key locations using its conventional forces.
This discussion of cyber warfare is based on: Centre for Strategic and International Studies “Significant Cyber Incidents Since 2006” https://cisi-prod.s3.amazonaws.com/s3fs-public/200403_Significant_Cyber_Events_List.pdf?.tlmv65Bm5D0d5UVqRtac3qdYqd.BYtLj, accessed 26/04/2020; Gabrielle Desarnaud Cyber Attacks and Energy Infrastructures: Anticipating Risks, Ifri, Paris, January 2017, www.ifri.org/sites/default/files/atoms/files/desarnaud_cyber_attacks_energy_infrastructures_2017_2.pdf, accessed 14/06/2020; Kim Zetter “A Cyberattack Has Caused Confirmed Physical Damage for the Second Time Ever” in Wired 8/01/2015, www.wired.com/2015/01/german-steel-mill-hack-destruction/ accessed 16/06/2020; and Emma Stoye “Security Experts warn chemical plants are vulnerable to cyber-attack” in Chemistry World 10 June 2015, www.chemistryworld.com/news/security-experts-warn-chemical-plants-are-vulnerable-to-cyber-attack-/8632.article, accessed 16/06/2020.
Edward Broughton “The Bhopal disaster and its aftermath: a review”, US National Library of Medicine, National Institutes of Health, www.ncbi.nim.nih.gov/pmc/articles/PMC1142333/ accessed 15 November 2020.
*Rebecca Campbell is British and permanently resident in South Africa, where she works as a science and technology journalist, covering, among other things, the aerospace, defence and nuclear sectors. She has a MA degree, with distinction, in International Relations from the University of the Witwatersrand in Johannesburg.
- Δημοφιλέστερες Ειδήσεις Κατηγορίας Blogs
- Ερντογάν: Μετά το «χαστούκι» των ΗΠΑ «παρακαλάει» την Ευρώπη – «Η Ελλάδα αποφεύγει τον διάλογο»
- Δίδυμοι: Γιατί οι παρεξηγημένοι του ζωδιακού είναι αξιολάτρευτοι;
- Το φόρεμα της Βίκυς Καγιά στον τελικό του GNTM είναι “συγκλό!”. Μάθαμε όλες τις λεπτομέρειες του look της
- Άγιος Παΐσιος: Η αντίδρασή μας όταν βρίζουν τα Θεία
- Συντάξεις Ιανουαρίου 2021: Πληρωμή ΙΚΑ ΟΓΑ- τελών κυκλοφορίας- Φοιτητές 200 ευρώ
- Ρατσισμός της κυβέρνησης Μητσοτάκη κατά των κυνηγών
- Κλειστά τα εστιατόρια των ξενοδοχείων παραμονή και ανήμερα Χριστούγεννα και Πρωτοχρονιά – Έντονη αντίδραση της Ένωσης Ξενοδόχων
- Χριστουγεννιάτικες online προσφορές σε COSMOTE και ΓΕΡΜΑΝΟ
- Παραίτηση από το ΒΗΜΑ της δημοσιογράφου που είχε αποκαλύψει τα “διπλά βιβλία” του ΕΟΔΥ
- Ο (τέως βασιλιάς) Κωνσταντίνος πουλάει την πολυτελή έπαυλη στο Πόρτο Χέλι...
- Δημοφιλέστερες Ειδήσεις Armynow
- Τελευταία Νέα Armynow
- Cyber war is real war
- FT: Investor relief at “mild” Turkey sanctions masks further trouble with US
- Easterseals resources for Veterans and their families
- North Atlantic Council Statement as the Treaty on the Prohibition of Nuclear Weapons Enters Into Force
- A New “Stealth Helicopter” is On Its Way to the U.S. Army
- U.S. Navy arms first new Flight III destroyer with next-gen weapons
- Is Erdoğan moving closer to “Making Turkey Big Again”?
- US imposes sanctions on Turkey over purchase of Russian air defence system
- From K9 handler in Vietnam to VA volunteer
- Deputy Secretary General: private sector is vital to strengthening NATO’s resilience
- Τελευταία Νέα Κατηγορίας Blogs
- Κλειστά τα εστιατόρια των ξενοδοχείων την παραμονή και ανήμερα των Χριστουγέννων και της Πρωτοχρονιάς
- Νάσος Ηλιόπουλος: Θρηνούμε 3.159 απώλειες από τις αρχές Νοεμβρίου και η κυβέρνηση μειώνει τις δαπάνες για την υγεία
- Κορονοϊός: 54χρονη νοσοκόμα το 13ο θύμα των υγειονομικών
- 8 Λέξεις: Η συνέχεια της τηλεοπτικής σειράς στο ΣΚΑΪ με 2 επεισόδια – Κινδυνεύει η όραση του Οδυσσέα
- Χαμηλώνει τον πήχη ο Πέτσας: Θα έρθουν αρχικά μόνο 300.000 δόσεις
- Άγιος Διονύσιος ο Νέος, ο Ζακυνθινός: Tι γιορτάζουμε στις 17 Δεκεμβρίου
- Διευκρινίσεις ΥΠΟΙΚ για τη μείωση ενοικίου 80%: Ποιες επιχειρήσεις αφορά
- Credit bureau: Έρχεται ο ενιαίος Big Brother για τα χρέη προς Εφορία, ΕΦΚΑ, τράπεζες και ΔΕΚΟ
- Έκλεψαν τάματα από την Ιερά Μονή Ζωοδόχου Πηγής στα Συχαινά