About the Nature of Cyber Warfare

What is Cyber Warfare? What is a Cyber Warfare Event? Major Gen. (Ret.) Prof. Isaac Ben-Israel in an exclusive article about the latest studies in this field that attempt to chart the medium which has evolved into a substantial element of our life

Not a day passes without some report about a cyber warfare event taking place somewhere around the globe: credit card theft, a demonstration of a car being taken over remotely, espionage and monitoring of international leaders, hacking into computers and so forth. The cyber security issue grows hotter from one day to the next and practically everyone is talking about it: from academia, through government and industry circles to social small talk. What is the right definition for this realm? What is a cyber warfare event?

As this is a relatively new medium, it comes as no surprise that the definition is flexible and changes rapidly as it evolves. After all, computers came into the world only about seventy years ago; The first computer on earth (ENIAC) was built by a Hungarian-Jewish mathematician, John von Neumann, for the US Army in 1946, based on the concepts of British mathematician Alan Turing. The major breakthrough into our life occurred only in the early 1960s, after the industry began building computers that were based on transistors instead of the older electronic vacuum tubes. From that moment on, a technological race began which is still in progress to this day – to miniaturize transistors and to place as many as possible onto a single computer chip ("Moore's Law"). A typical current computer chip contains more than one billion transistors.

The powerful computation capabilities of current computer chips, along with their small physical size, led to a situation where computer chips have been incorporated in almost every modern system, from the car we drive through our electrical home appliances to bank account management and critical infrastructure systems, like controlling electrical power generating turbines, managing water supply systems and so forth. This situation has also provided an opportunity for computer abuse: there are those who take advantage of this dependence for terrorism, crime, information theft and similar activities.

The computer revolution has been taking place concurrently with the communication revolution: everything is becoming interlinked. The combination of computation capabilities paired with fast communication, which originated with the conversion of telephone switchboards into computer servers and continued with the Internet and electronic mail revolution of the early 1990s, changed our life dramatically. But there is a fly in the ointment: more opportunities have been opened for those malevolent parties wishing to take advantage of our dependence on computers.

Interlinked computers facilitated the information revolution and have evolved into a primary tool for storing information and transferring it from one place to another. Owing to those malevolent parties, it has become necessary to protect this information. A new profession has emerged in the 1990’s – information security. 

The world found out fairly quickly that the very possibility of hacking into computers enables the hacking party not only to manipulate the information those computers contain but also to inflict physical damage on the systems they control. The entire world realized that when a malicious software was inserted into the computers that controlled the rotating speed of the centrifuges at the uranium enriching facility in Natanz, Iran. The damage inflicted was physical: the centrifuges collapsed, and the transition from information security to cyber security was born.

Meanwhile, computers have continued to evolve and the current vision, known as the "Internet of Things" (IoT) reigns supreme: all of our appliances and devices, including those in our homes, in our cars, in our offices and so forth – will be computer controlled and will "communicate" with one another with no intervention on our part. Those silent objects, along with the entire home, will attain some degree of intelligence and become "smart" owing to the artificial brain (namely – the computer) incorporated in them. All of this will not be possible without effective cyber security measures. We are currently undergoing yet another transformation: the transition from cyber security to cyber technology, which will enable the vision of the smart home, smart city and smart nation.

So what is cyber defense? All of the above leads to my suggestion to define it as protection against the dark side of computers. Just like the moon, the computer, too, has a bright side that has attracted mankind since the dawn of creation, as well as a dark side which is not visible, and unless we address it, it might devour the bright side.

Interdisciplinary Nature

Admittedly, most cyber issues have technological solutions, but the issues themselves are not at all technological: they are interdisciplinary in nature. The problems of the cyber technology world cannot be understood without taking into consideration such factors as public behavior (social sciences), personal and social psychology, economic considerations, legal and judicial limitations, inter-state relations (political science), changes in the digital world (humanities) and so forth. It is not even possible to point to the trends of the technological solution without taking into consideration the non-technological factors listed above.

For this reason, the cyber research center established less than two years ago at the Tel-Aviv University, in cooperation with the National Cyber Bureau, was defined from the outset as an interdisciplinary center, as its full name indicates: the Blavatnik Interdisciplinary Cyber Research Center (ICRC). The Center employs about 250 researchers and is one of the largest not only in Israel but in the entire world. About 70% of the researchers belong in the exact/technological disciplines (e.g. computer science, mathematics and engineering), and the remaining 30% hail from such disciplines as law, social sciences, economics, psychology, humanities, business administration and so forth.

In order to illustrate the breadth of the interdisciplinary canvas of the research activity taking place at the Center, we have chosen to present, in a nutshell, a few of the studies currently being conducted at the Center: one involves the smart city concept, another involves the cars of the future, a third one involves unorthodox ways to crack passwords (known in the cryptography world as side-channel tactics) and a fourth one involves the use of economic models in order to prepare for sophisticated cyber warfare attacks.

Cyber Security & Smart Cities 

Cities around the world and in Israel are becoming smarter. The "Smart City" concept is still in its infancy, and the number of definitions equals the number of parties involved in this activity. The common denominator of the various definitions is the transition from analog infrastructure management to real-time, data-based digital management. The various municipal systems and utilities are changing. Management systems of various municipal activities, from property tax collection and parking to education and welfare are unified with such regional infrastructures as transportation, communication and electricity, and state databases, as well as private systems, are added to them. All of those elements are interlinked, interfaced and serve as the basis for the smart city. The result – the balance of power between the inhabitants and the municipal authority changes in ways that are not yet clear and need further studying. The legal rules that regulate the municipal setup, its relations with the inhabitants on the one hand and with the state – the central government – on the other hand, are not clear. This applies in particular to issues of privacy and participatory democracy at the local level. The interface between various types of public systems and private systems raises additional questions regarding the political-social setup. So, cities find themselves in charge of critical information infrastructures. These infrastructures are gradually emerging as a prime objective for cyber warfare attacks. Such attacks possess the potential of paralyzing the infrastructures and inflicting an unprecedented blow on the privacy of the city's inhabitants.

This particular study, conducted by Professor Michael Birnhack of the Law Faculty and Dr. Eran Toch of the Engineering Faculty, examines several primary dimensions of municipal cyber systems: their influence on the political-municipal fabric and the urban space in general, the flow of information through the municipal technological systems and the privacy aspects of information management. This study is interdisciplinary in nature, and aspires to illuminate the complexity of cybernetic systems in new contexts.

Cyber Technology & the Future Car

The transportation/automotive industry has been enjoying the bright light of the cybernetic era for a number of years now. Computing capabilities have invaded practically every component of modern vehicles, from the "infotainment" (information/entertainment) system which currently includes music, news, navigation and other applications, through computerized control and stabilizing systems to the assimilation of sensors and control elements in such critical safety systems as brakes, tires, airbags and so forth. If that computing wealth is not enough, car manufacturers have gone the extra mile and added countless communication and support elements that conform to a range of wireless communication standard such as NFC and BLE, as well as radio (RF) transmitters and, naturally – cellular communication that connects the vehicle to the Internet. However, behind the bright light of cyber technology lurks the dark side. In recent months we have been hearing reports about various loopholes discovered in the various computer systems installed in cars. Car manufacturer Chrysler, for example, has been forced to announce a recall in order to perform a software update on one of the vulnerable computer elements in its vehicles and the highlight has been demonstrated at the last information security conference (BlackHat) in Las Vegas: the remote takeover of a travelling vehicle that was then driven into a ditch at the roadside. This study is conducted by Professor Eran Tromer of the Computer Science School and Matan Scharf, who serves as the strategic advisor to the ICRC.

Side Channels 

In the cybernetic era, life and death are in the hands of the software that dominates the digital and physical world around us. In order to develop software quickly and reliably, application developers use development and analytics tools that operate at high levels of abstraction, such as mathematical calculations, user interfaces, databases and algorithms; this saves the grueling preoccupation with implementation details. However, there is a fly in the ointment: it is easy to forget that software, eventually, runs on computers that are, in themselves, physical and their behavior is not necessarily subject to the same convenient abstractions.

It is, therefore, possible for a software that protects sensitive information using encryption that is implemented safely from a mathematical point of view, to expose the information indirectly, owing to unexpected effects this software has on the physical characteristics of the computer running it. For example, as it turned out, GPG – a very popular software used in encrypted E-Mail communication using an RSA algorithm, causes the computers that run it to emit an audible noise (owing to the vibrations of electronic components in the voltage stabilizer of the processor), at frequencies that are dependent on the secret decryption key.

A group of researchers headed by Professor Eran Tromer of the Computer Science School at the Tel-Aviv University demonstrated that this effect can be exploited to steal the secret key by measuring the noise generated by the computer during decryption, even from many meters away. They also found and demonstrated information leaks and key stealing options through many other channels, such as through a casual contact with the computer case or the shielding of some cable connected to it, or by measuring the electromagnetic radiation using an easy-to-secret device.

Similar phenomena can be measured and exploited using software, and may therefore be used for stealing information between different clients of cloud computing services. The attacks work not only when the victim is a basic, slow computing device, but even on high-speed personal computers incorporating highly complex hardware and software or on mobile phone applications. Researchers at the Blavatnik Interdisciplinary Cyber Research Center (ICRC) of the Tel-Aviv University are currently attempting to identify such side channels and to understand their potential strengths and limitations when utilized by an attacker. Through this understanding, they will develop protective mechanisms against such attacks, using encryption or scrambling of information while it is being used in computation processes. Basic defenses developed in cooperation with those researchers are already employed by millions of users worldwide, and the researchers are currently developing advanced defenses against more complex side-channel leaks and even against intentional disruption of computation processes.

Cyber Security in the World of Business

One of the latest phenomena in the modern cyber warfare world is the emergence of strategic attackers – organizations and states that possess substantial resources. Some of the objectives of these attackers may be of strategic-substantial importance to the side being attacked (like the computer systems of critical infrastructures), or of symbolic importance (the cyber warfare attack experienced by Sony Pictures was conceived by many as a challenge to the freedom of speech of the USA and the western world). These attacks are executed over time and enable the attacker to methodically study the layout of the network and the security measures as well as to develop dedicated attack measures. For example, a sophisticated attacker can advance from one computer to the next within the computer network (using spyware, a Trojan horse or a "worm"), and while doing so – to chart the infrastructures of the organization being attacked and advance into computers of strategic importance. This study is conducted by Dr. Ohad Barzilay of the School of Business Administration and Amitai Gilad, who is an ICRC Research Fellow.

A Defensive Doctrine 

Defending against strategic attacks calls for the adoption of a defensive doctrine that is radically different from the standard defensive discipline. In fact, according to many specialists, many of the defensive doctrines currently in use will collapse on the modern cyber warfare battleground, and we must, therefore, develop alternative theories and practices that would provide a solution to the new threats. In a series of study projects currently being conducted at the School of Management of the Tel-Aviv University and supported by the Cyber Center, we attempt to use methods from Game Theory and from network analysis in order to come up with analytical tools for evaluating and coping with the threats posed by strategic attackers. For example, in the context of a doctoral thesis project at the School of Management, Amitai Gilad is currently developing a model for the allocation of defensive measures in a complex organizational network. Along with Professor Asher Tishler and Dr. Ohad Barzilay, they analyze the implications of the employment of two categories of defensive measures: detection measures and blocking measures. Under-employment of these measures will expose the organization to various cyber warfare threats. On the other hand, excessive employment will involve direct costs (like the cost of software licenses) as well as indirect costs, such as a decrease in employee productivity and the cost of handling false alarms. Under the assumption that the attacking party is a strategic attacker who possesses extensive resources, the strategies for allocating defensive measures change, as the attacker could develop countermeasures for hacking and overcoming the blocking measures. Moreover, unintelligent employment of blocking measures (as opposed to detection measures) might lead to an "arms race", which, in an environment of multiple attackers possessing strategic capabilities, will make it very difficult for the defending side to cope with the attacks in the long run.  

The following contributed to this article: Prof. Michael Birnhack – the Buchman Faculty of Law, Dr. Eran Toch – the Department of Industrial Engineering, Prof. Eran Tromer – the Blavatnik School of Computer Science, Matan Scharf – Strategic Advisor to the ICRC, Dr. Ohad Barzilay –  School of Management and Amitai Gilad – ICRC Researcher.