The phenomenon known as cyber warfare has become common knowledge in recent years. It encompasses an extensive range of activities, like hacking into the automated databases of governments, stealing money using fraudulent bank transactions, publicizing of credit card numbers, locking computer sites as an extortion method and releasing them for ransom, defacing websites, immobilizing and damaging power stations and transportation systems (including sea and air transport), inflicting damage on sensitive installations (like the centrifuges at the Iranian uranium enrichment facility in Natanz), international and commercial espionage (stealing of trade secrets), using social media like the Internet for prompt dissemination of messages intended to influence public opinion and so forth.
To make some sense of the cyber jungle and put it into order, the first part of this article suggests that the activities outlined above be divided into categories according to (1) the type of attacker; (2) the intention of the attack; and (3) the type of damage inflicted by the attack. These three characteristics can be very helpful in understanding and classifying the phenomenon. In the second part of the article, I will briefly describe the various phases through which the cybernetic world progressed since its inception in the 1980s to this day.
Who is the Attacker?
Roughly, the attackers may be divided into the following categories:
Individuals operating on their own. This category often includes disgruntled employees from within the organization who are sometimes driven by greed and other times by other motivations like vengeance.
Groups of individuals who join forces for a common cause, which may vary from one attack to the next. For example, the group known as Anonymous.
Organizations (including companies) operating for a permanent cause. Such causes may be criminal (financial gains), ideological and sometimes political.
What is the Intention of the Attack?
The attackers’ intentions can be numerous and highly diversified. A review of the cyber warfare events of the last few years indicates that in most cases, the attackers’ intentions fall into the following categories:
Criminal – various criminal activities, from stealing and extortion, through vengeance to hate crimes.
Intelligence gathering – this category encompasses numerous activities such as international espionage, stealing of commercial information, stealing of industrial secrets and so forth.
Influencing the public – modern computer technology enables prompt dissemination of messages to massive audiences by a single key click. One example of the utilization of this potential is the way ISIS uses the beheading videos posted on YouTube.
Terrorism – terrorist attacks are intended, eventually, to spread fear among certain populations in order to accomplish an objective that is normally political. In addition to using cyberspace to gain influence, terrorist organizations can also attack and damage computer assets for the same purpose.
Warfare – the first computer was built 70 years ago for the US military, and since then it has become progressively smaller in size and better in performance every year (according to Moore’s law, every eighteen months the number of transistors that may be placed on an integrated circuit chip of a given size is doubled). Today, almost every appliance or device contains a computer chip: from washing machines and mobile phones to cars, aircraft and even “smart” munitions.
This rapid computerization process led to a situation where damage inflicted on computers constitutes a weakness through which almost any computer-controlled system may be neutralized, including such military systems as aircraft, tanks, command and control systems and so forth. Moreover, the rapid computerization process of almost every civilian system has provided the world’s armed forces with the option of damaging the enemy by immobilizing his vital infrastructure systems.
What type of Damage is inflicted by the Attack?
Cyber technology enables the attackers to inflict damage on various systems. As a starting point, we may use the metaphysical classification of philosopher Karl Popper (1902-1994), who divided everything in the world into three categories: body, mind and information. The first category encompasses the world of matter and is objective. The second category encompasses the mental states and is subjective, while the third category includes the products of our knowledge, which are the outcome of the interaction between mental (subjective) activity and the material (objective) world.
According to this classification, the types of damage may be described as follows:
Physical damage – the way the Stuxnet virus was used, for example, demonstrates this type of damage very effectively. Its result was the physical collapse of the centrifuges used to enrich uranium.
Mental/psychological damage – this category includes the activities that affect computer networks (the clips posted by ISIS on YouTube, for example) as well as a major percentage of the terrorist attacks.
Damage to data/information – this category includes stealing and disruption of data/information, denial of the ability to use information and so forth.
At First Was Intelligence
Looking back at the evolution of the cyberspace warfare concept, several prominent phases may be noted. The function of intelligence agencies is, basically, to collect information about elements that threaten the national security. For this purpose, intelligence agencies have always been engaged in espionage, monitoring, photo-surveillance and so on. The rapid development of computer technology led to a situation where the intelligence agencies were compelled to hack into computers in order to accomplish their classic mission.
The phenomenon began a few decades ago, when telephone switchboards changed from mechanical switches to computer nodes. Additionally, computer media became the primary measure for storing and handling data. Even at the personal level, we currently store our personal information, like photographs, in our computers (or even in the cloud), and no longer use such physical storage devices as photo albums. So, in order to fulfill their classic function, the intelligence agencies were compelled to adopt computer hacking techniques. On the opposite side, a new discipline we know as information security evolved for the purpose of protecting the information stored in computers.
Intelligence played a major role in warfare since the dawn of human history. However, twentieth century technology, and in particular the technology associated with computers and the communication networks linking them together, led to a dramatic increase in the importance of real-time intelligence. For the first time, it became possible to provide information collected somewhere, almost without delay, to a warfighter located elsewhere who needed that information for the actual fighting he was engaged in. The era of computerized command and control systems began, and these systems – along with the advantages they offered, created a new weakness.
In the early 1990s, computer systems reached a sufficient level of maturity. The new military doctrine formulated in those days by the USA – Revolution in Military Affairs (RMA) included a new field, designated Information Warfare. The intention of this field was to disrupt and distort the information of the other side and deny it the ability to use the information it needed in order to fight (while at the same time protecting our own information).
Also in the 1990s, Moore’s law and miniaturization led to a situation where computers became small enough to be incorporated in every weapon system or combat platform. Navigation and bombing computers were incorporated in aircraft and assumed responsibility for some of the pilot’s tasks, and the same process took place in naval vessels and tanks. The added miniaturization led to a situation where computers were even incorporated in the munitions themselves, thereby launching the era of “smart” munitions (they are smart because they have an artificial brain, namely – a computer). This development led certain armed forces (including IDF), as far back as the 1990s, to examine the feasibility of employing cyber technology (which was already sufficiently developed to be used for information gathering) as a weapon: If I wanted to neutralize enemy aircraft, for example, I could do it by hitting them kinetically (using anti-aircraft artillery or missiles), by disrupting their electronic activity (using electronic countermeasures) or by disrupting the computers on board those aircraft using viruses of one kind or another.
As strange as it may seem today, the responsibility for the development of this activity was usually assigned to the intelligence organs, as only those organs had the proficiency and knowledge required in order to hack into computers. For example, when this writer had initiated, in the early 1990s, the establishment of a unit within IDF that would use cyber warfare as a weapon, attentive ears could only be found among the intelligence organs.
From Information Security to Cyber Security
Soon enough it was realized that the ability to use cyber warfare as a weapon against military systems is not so simple to acquire or implement. As it turned out, disrupting civilian systems was easier – provided they were computer controlled. Addressing this issue led the authorities in charge of Israel’s national security to the realization that Israel itself, being the most extensively computerized country in the Middle East, could be extremely vulnerable to such attacks. This realization led the government of Israel (once again, pursuant to an initiative by several individuals, including this writer, who at that time served as Head of the Weapon System & Technological Infrastructure Research & Development Administration [MAFAT] at IMOD), to establish a new agency – the Information Security Authority within the Israel Security Agency (ISA). The function of the new agency was to supervise (with regard to cyberspace) such national critical infrastructures as electrical power production, water supply and so forth. Back then, Israel may have been the only country in the world that actually prepared for a future cybernetic war.
In fact, this was the outcome of an understanding that was more profound than anything visible “on the surface”: as it turned out, the dependence of critical systems on computer control was so complete that by disrupting the controllers of such systems it was possible to actually inflict physical damage – not just damage to the data/information. To all intents and purposes, the era of information security ended and the era of cyber security began.
The cumulative cyber security experience of such organizations as the Israel Electric Corporation led to another development in Israeli cyber thinking. As it turned out, it was nearly impossible to ”wrap” a stand-alone computer or server, or the organizational layout of computers and servers, with a protective system that would isolate it from hacking. Just like with any other defensive system (even against physical attacks), it was necessary to break forth and catch the attacker on the way to the target, or better still – at his base of departure. Unfortunately, however, the various types of computer viruses do not fly through the air and contaminate the target computer directly. Instead, they pass through its communication channels to other computers. In order to achieve effective protection it was, therefore, necessary to monitor the entire communication layout – and that turned out to be a national undertaking.
Moreover, it was becoming clear that the way to hack the target computers is not only through the Internet or through any other computer communication network; hacking can be accomplished physically, too: using a portable USB (disk-on-key) drive or a printer, for example. The supervision effort should, therefore, address not just the communication networks but the entire supply chain.
In 2011, this writer submitted a report to the Israeli Prime Minister, who had appointed him, a year earlier, to head a multidisciplinary team of about eighty specialists. The report contained the team’s recommendations as to what should be done at the national level in order to be prepared for the future cyber warfare threats. The team examined the issue from a very broad perspective and addressed a more generalized question: what should be done in order to build a living, breathing system that would constantly monitor the evolution of the technology and the threats, generate solutions “automatically” and so forth.
For this purpose, we were required to recommend steps that pertained not just to technology but to the build-up of power as well; to the cooperation between industry, academia and the national security organs; to education at the school system; to the establishment of excellence centers within the academic system; to the resolution of exportation issues; to the establishment of critical national infrastructures (like supercomputers and simulators); to regulation and so forth. All of these evolved into a government resolution in 2011, and the National Cyber Bureau was established at the Prime Minister’s Officer to supervise, plan and conduct the entire effort.
Balancing National Security with Privacy
The government’s resolution of 2011 left one problem unresolved: how to balance between effective protection on the one hand, which necessitates monitoring of communication networks and systems throughout the civilian space, and the need to protect the privacy of the individual citizens?
For this purpose, another team headed by this writer was established, and its recommendation evolved into a government resolution in January 2015. In principle, it involves the establishment of a new national authority for defending the civilian cyberspace, which would not be subordinated to the intelligence services (including ISA). This authority, too, will be a part of the Prime Minister’s Office and it is currently being organized.
What does the future hold? Computer technology never stops evolving. Moore’s law continues to work, and it will not be too long before we execute the next leap – this time to quantum computing technology (working prototypes of such computers are already in operation at some laboratories) – which would improve computer performance by a factor that is difficult to comprehend (times 1030).
Trade literature (and the world of technology) are hard at work designing smart homes, the Internet of Things (IoT) and so forth. The idea is simple: let us turn every appliance or device in our life (refrigerator, vehicle, washing machine, etc.) into a computer-controlled device and connect all of these devices together through a communication network that would form the “Internet of Things”. This will enable us to remotely control any object. For example, we will be able to turn on the immersion heater by sending a command from our mobile phone a few hours before we return from overseas, or ventilate the house in a similar manner, etc. More ardent proponents do not settle for the scenario outlined above and speak instead about a smart city and even a smart country. All of this will not be possible without a minimum level of security. If we left any security loopholes unattended, evil elements (who will always be around) would be able to exploit all of these developments for terrorism, crime, for inflicting irreversible damage and so forth.
So, the future necessitates a minimum level of security to enable all of those innovations. We are facing an era where cyber security (namely – the effort to secure everything that is computer controlled) will no longer be an objective in itself. In fact, it will be an enabler technology without which we would not be able to advance in the desirable direction. For this reason, even the term “cyber security” seems to be outdated, and should be replaced by “cyber technology”.
Maj. Gen. (res.) Professor Yitzhak Ben-Israel is the Head of the Blavatnik Interdisciplinary Cyber Research Center (ICRC) at Tel-Aviv University.