Is strategic cyber-warfare feasible today?











up vote
18
down vote

favorite
6












Cyber attacks that target a nation's infrastructure are a documented fact and as such a danger that political and military leadership across the world needs to worry about and act proactively. These attacks can be disruptive but given the relatively few examples, I think it is valid to ask exactly how disruptive can they be.



That is, I'm wondering about the ramifications such an attack by a competent opponent can have that would allow cyber-warfare to be considered a strategic asset the military needs to incorporate to its structure.



All major armies in the world have three branches: Land Forces, Aerospace, Navy. Is the inclusion of a cyber-warfare branch or sub-command necessary in the sense that cyber-warfare can affect operations and strategic outcomes (either coerce an opponent to do as you please or destroy an opponent) to a similar extent the other three can?



In particular, I am wondering about peer-to-peer strategic cyber-warfare attacks involving the three main powers: USA, Russia and China.



USA alongside Israel did mount a successful attack against Iran using Stuxnet but Iran was a far weaker opponent and likely an unsuspecting one, caught off guard.



Just to be clear, I don't refer to attacks that seek to influence public opinion, but "hard" attacks that aim to disrupt and/or destroy networks and infrastructure virtual (e.g stock market crash) or physical (e.g. cause a nuclear plant to go critical) as extreme examples.










share|improve this question









New contributor




MathematicianByMistake is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
















  • 1




    Almost certainly feasible today. Many articles online about vulnerability of US power grid to cyber attack. A lot of banking systems likely to be similarly vulnerable.
    – paj28
    Nov 27 at 11:37






  • 7




    but given the relatively few examples there are actually quite a few examples. There's even a Wikipedia list and I would assume that the overwhelming majority of these attacks stay under the radar.
    – Tom K.
    Nov 27 at 12:19






  • 8




    us-cert.gov/ncas/alerts/TA18-074A The US is currently being attacked via our power distribution infrastructure by Russia. It is effective and they managed to compromise hundreds of utilities. It's just a matter of them doing it a little bit better and then actually breaking stuff, next time.
    – Adonalsium
    Nov 27 at 17:53






  • 1




    Have you checked Wikipedia? en.wikipedia.org/wiki/Cyberwarfare
    – Peter Papadopoulos
    Nov 28 at 9:14






  • 1




    "Let's play Global Thermonuclear War"
    – topshot
    2 days ago















up vote
18
down vote

favorite
6












Cyber attacks that target a nation's infrastructure are a documented fact and as such a danger that political and military leadership across the world needs to worry about and act proactively. These attacks can be disruptive but given the relatively few examples, I think it is valid to ask exactly how disruptive can they be.



That is, I'm wondering about the ramifications such an attack by a competent opponent can have that would allow cyber-warfare to be considered a strategic asset the military needs to incorporate to its structure.



All major armies in the world have three branches: Land Forces, Aerospace, Navy. Is the inclusion of a cyber-warfare branch or sub-command necessary in the sense that cyber-warfare can affect operations and strategic outcomes (either coerce an opponent to do as you please or destroy an opponent) to a similar extent the other three can?



In particular, I am wondering about peer-to-peer strategic cyber-warfare attacks involving the three main powers: USA, Russia and China.



USA alongside Israel did mount a successful attack against Iran using Stuxnet but Iran was a far weaker opponent and likely an unsuspecting one, caught off guard.



Just to be clear, I don't refer to attacks that seek to influence public opinion, but "hard" attacks that aim to disrupt and/or destroy networks and infrastructure virtual (e.g stock market crash) or physical (e.g. cause a nuclear plant to go critical) as extreme examples.










share|improve this question









New contributor




MathematicianByMistake is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
















  • 1




    Almost certainly feasible today. Many articles online about vulnerability of US power grid to cyber attack. A lot of banking systems likely to be similarly vulnerable.
    – paj28
    Nov 27 at 11:37






  • 7




    but given the relatively few examples there are actually quite a few examples. There's even a Wikipedia list and I would assume that the overwhelming majority of these attacks stay under the radar.
    – Tom K.
    Nov 27 at 12:19






  • 8




    us-cert.gov/ncas/alerts/TA18-074A The US is currently being attacked via our power distribution infrastructure by Russia. It is effective and they managed to compromise hundreds of utilities. It's just a matter of them doing it a little bit better and then actually breaking stuff, next time.
    – Adonalsium
    Nov 27 at 17:53






  • 1




    Have you checked Wikipedia? en.wikipedia.org/wiki/Cyberwarfare
    – Peter Papadopoulos
    Nov 28 at 9:14






  • 1




    "Let's play Global Thermonuclear War"
    – topshot
    2 days ago













up vote
18
down vote

favorite
6









up vote
18
down vote

favorite
6






6





Cyber attacks that target a nation's infrastructure are a documented fact and as such a danger that political and military leadership across the world needs to worry about and act proactively. These attacks can be disruptive but given the relatively few examples, I think it is valid to ask exactly how disruptive can they be.



That is, I'm wondering about the ramifications such an attack by a competent opponent can have that would allow cyber-warfare to be considered a strategic asset the military needs to incorporate to its structure.



All major armies in the world have three branches: Land Forces, Aerospace, Navy. Is the inclusion of a cyber-warfare branch or sub-command necessary in the sense that cyber-warfare can affect operations and strategic outcomes (either coerce an opponent to do as you please or destroy an opponent) to a similar extent the other three can?



In particular, I am wondering about peer-to-peer strategic cyber-warfare attacks involving the three main powers: USA, Russia and China.



USA alongside Israel did mount a successful attack against Iran using Stuxnet but Iran was a far weaker opponent and likely an unsuspecting one, caught off guard.



Just to be clear, I don't refer to attacks that seek to influence public opinion, but "hard" attacks that aim to disrupt and/or destroy networks and infrastructure virtual (e.g stock market crash) or physical (e.g. cause a nuclear plant to go critical) as extreme examples.










share|improve this question









New contributor




MathematicianByMistake is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











Cyber attacks that target a nation's infrastructure are a documented fact and as such a danger that political and military leadership across the world needs to worry about and act proactively. These attacks can be disruptive but given the relatively few examples, I think it is valid to ask exactly how disruptive can they be.



That is, I'm wondering about the ramifications such an attack by a competent opponent can have that would allow cyber-warfare to be considered a strategic asset the military needs to incorporate to its structure.



All major armies in the world have three branches: Land Forces, Aerospace, Navy. Is the inclusion of a cyber-warfare branch or sub-command necessary in the sense that cyber-warfare can affect operations and strategic outcomes (either coerce an opponent to do as you please or destroy an opponent) to a similar extent the other three can?



In particular, I am wondering about peer-to-peer strategic cyber-warfare attacks involving the three main powers: USA, Russia and China.



USA alongside Israel did mount a successful attack against Iran using Stuxnet but Iran was a far weaker opponent and likely an unsuspecting one, caught off guard.



Just to be clear, I don't refer to attacks that seek to influence public opinion, but "hard" attacks that aim to disrupt and/or destroy networks and infrastructure virtual (e.g stock market crash) or physical (e.g. cause a nuclear plant to go critical) as extreme examples.







network attacks defense government cyber-warfare






share|improve this question









New contributor




MathematicianByMistake is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











share|improve this question









New contributor




MathematicianByMistake is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|improve this question




share|improve this question








edited Nov 27 at 22:33





















New contributor




MathematicianByMistake is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









asked Nov 27 at 10:59









MathematicianByMistake

195110




195110




New contributor




MathematicianByMistake is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





MathematicianByMistake is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






MathematicianByMistake is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.








  • 1




    Almost certainly feasible today. Many articles online about vulnerability of US power grid to cyber attack. A lot of banking systems likely to be similarly vulnerable.
    – paj28
    Nov 27 at 11:37






  • 7




    but given the relatively few examples there are actually quite a few examples. There's even a Wikipedia list and I would assume that the overwhelming majority of these attacks stay under the radar.
    – Tom K.
    Nov 27 at 12:19






  • 8




    us-cert.gov/ncas/alerts/TA18-074A The US is currently being attacked via our power distribution infrastructure by Russia. It is effective and they managed to compromise hundreds of utilities. It's just a matter of them doing it a little bit better and then actually breaking stuff, next time.
    – Adonalsium
    Nov 27 at 17:53






  • 1




    Have you checked Wikipedia? en.wikipedia.org/wiki/Cyberwarfare
    – Peter Papadopoulos
    Nov 28 at 9:14






  • 1




    "Let's play Global Thermonuclear War"
    – topshot
    2 days ago














  • 1




    Almost certainly feasible today. Many articles online about vulnerability of US power grid to cyber attack. A lot of banking systems likely to be similarly vulnerable.
    – paj28
    Nov 27 at 11:37






  • 7




    but given the relatively few examples there are actually quite a few examples. There's even a Wikipedia list and I would assume that the overwhelming majority of these attacks stay under the radar.
    – Tom K.
    Nov 27 at 12:19






  • 8




    us-cert.gov/ncas/alerts/TA18-074A The US is currently being attacked via our power distribution infrastructure by Russia. It is effective and they managed to compromise hundreds of utilities. It's just a matter of them doing it a little bit better and then actually breaking stuff, next time.
    – Adonalsium
    Nov 27 at 17:53






  • 1




    Have you checked Wikipedia? en.wikipedia.org/wiki/Cyberwarfare
    – Peter Papadopoulos
    Nov 28 at 9:14






  • 1




    "Let's play Global Thermonuclear War"
    – topshot
    2 days ago








1




1




Almost certainly feasible today. Many articles online about vulnerability of US power grid to cyber attack. A lot of banking systems likely to be similarly vulnerable.
– paj28
Nov 27 at 11:37




Almost certainly feasible today. Many articles online about vulnerability of US power grid to cyber attack. A lot of banking systems likely to be similarly vulnerable.
– paj28
Nov 27 at 11:37




7




7




but given the relatively few examples there are actually quite a few examples. There's even a Wikipedia list and I would assume that the overwhelming majority of these attacks stay under the radar.
– Tom K.
Nov 27 at 12:19




but given the relatively few examples there are actually quite a few examples. There's even a Wikipedia list and I would assume that the overwhelming majority of these attacks stay under the radar.
– Tom K.
Nov 27 at 12:19




8




8




us-cert.gov/ncas/alerts/TA18-074A The US is currently being attacked via our power distribution infrastructure by Russia. It is effective and they managed to compromise hundreds of utilities. It's just a matter of them doing it a little bit better and then actually breaking stuff, next time.
– Adonalsium
Nov 27 at 17:53




us-cert.gov/ncas/alerts/TA18-074A The US is currently being attacked via our power distribution infrastructure by Russia. It is effective and they managed to compromise hundreds of utilities. It's just a matter of them doing it a little bit better and then actually breaking stuff, next time.
– Adonalsium
Nov 27 at 17:53




1




1




Have you checked Wikipedia? en.wikipedia.org/wiki/Cyberwarfare
– Peter Papadopoulos
Nov 28 at 9:14




Have you checked Wikipedia? en.wikipedia.org/wiki/Cyberwarfare
– Peter Papadopoulos
Nov 28 at 9:14




1




1




"Let's play Global Thermonuclear War"
– topshot
2 days ago




"Let's play Global Thermonuclear War"
– topshot
2 days ago










4 Answers
4






active

oldest

votes

















up vote
26
down vote



accepted










The problem with such attacks is that neither the attacker nor the defender have any incentives to claim responsibility of the attack. As such attacks can be done with small number of people and the internet also makes it possible to conceal the source of an attack, a well resourced attacker can even make it impossible for the defender to realise that an attack happened at all. The defender on the other hand, would usually try its best to hide the fact that it's attacked, or to the fact that it had discovered the attack, so as not to alarm the attacker (to allow them to feed back false information), and to avoid embarrassment and erosion of public trust on the agency.



When a military cyber warfare department launched an attack against another nation's infrastructure, since there's no real witness and because most people are ignorant about how internet works and because attack forensic is hard even for experts, concealing such attacks is a lot easier than concealing physical wars. Even the defender might never realise that they are being sabotaged, or that they may have a really hard time proving that the sabotage was done by a nation state actor or figure out who the actors are, rather than, say, by a random Anonymous prankster. Additionally, the attackers themselves may sometimes not realise that they are acting under the direction of a nation state actor.



Infrastructures like nuclear power plant are more difficult to compromise purely by cyberwarfare. The reason being that there's a lot of physical safe guards (not computer controlled) and manual override systems. The most that an attacker can do is force nuclear plant worker to shutdown their sophisticated automatic control system and fallback to manually working the plant. The attack might reduce the efficiency of the power plant and increases the operational costs of the system, but it's unlikely that serious meltdown could occur from such attack.



Most attacks likely will be of the nature to increase costs of the victim, data espionage, and affect decision making. Increasing costs is fairly straight forward, with DDoS, sabotage, etc. Data espionage are more subtle but it's easily concealed by attacking random civilians, so that if the attack is discovered in government machines it'd hopefully be dismissed as random infection rather than a targeted attack. Affection decision making are even more subtle as it's essentially propaganda, targeted at specific decision maker or the entire populace for election.




Is the inclusion of a cyberwarfare branch or subcommand necessary in the sense that Cyberwarfare can affect operations and strategic outcomes




I think it's safe to say that most countries already do have Cybersecurity and Cyberwarfare capabilities.




Stock market crash




It's very difficult to say if this kind of attack are happening because stock prices are essentially decided by investors sentiments. A campaign of misinformation could potentially affect investors decision making. Spreading fake news about an upcoming political or economical instability could cause less observant investors to panic and push the market to a certain direction. This might actually trigger an actual meltdown as the initial fake wave can potentially turn into a real one.






share|improve this answer



















  • 4




    I think there are many automated systems in the stock market which could be manipulated directly via a cyber attack, no need to loop humans into it via fake news to cause major harm
    – user2813274
    Nov 27 at 15:37










  • @user2813274 Such systems often are linked to social media (news based trading), so spreading fake news could well cause major fluctuations, especially if, say, a state leader helped to make them public and the HFT systems act upon it immediately with no human intelligence to stop them in time. Another point to consider is that it's very difficult to determine whether such situations were the result of malicious actors or poor programming as the algorithms are usually industrial secrets - it took the SEC the best part of 5 months to track down the cause of the May 6th 2010 Flash Crash.
    – MrLore
    2 days ago




















up vote
11
down vote













Yes. The Russian government appears to be using attacks to destabilise the Ukraine - for some years now.



There's a well researched Wired article that has a lot of details:



https://www.wired.com/story/russian-hackers-attack-ukraine/



Then there's also NotPetya (which, you may remember, got a little out of hand):



https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/






share|improve this answer























  • Comments are not for extended discussion; this conversation has been moved to chat.
    – Rory Alsop
    2 days ago










  • Hm, missed the edit time. Further, I may have been guilty of 'unthinking racism', as I was perhaps guilty of using the common trope of conflating the 'country' with 'the country's gov't'. As I say, it was not my intention, and perhaps I should be a bit more careful making such statements on the internet in future.
    – Ian
    yesterday


















up vote
2
down vote













I cannot quantify for you, but it can certainly be said that strategic cyber-warfare is increasingly feasible - with whole swathes of vital national infrastructure now completely dependent on digital integrity. It could be argued that the feasibility of strategic cyber-warfare is increasing with exponential.



Especially so with the emergence of everyday devices which are becoming 'too smart for their own good'. They may become pawns in future warfare, especially if these devices are connected to high bandwidth. Home security is about to take on a whole new dimension.



A newish example (and possibly being forcefully deployed in an area near you) is the 'smart meter'. https://www.information-age.com/smart-metres-vulnerable-cyber-attacks-123470837/



Some intelligence agencies appear (on the surface) to be very wary of the vulnerabilities this can introduce, and rightly so.






share|improve this answer








New contributor




PCARR is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

























    up vote
    2
    down vote













    The term "Cyber Warfare" is largely nonsense. There just isn't enough there to make a prolonged exchange of hostilities likely, not on the order of magnitude that you could call a "war".



    However, as we have seen already, there is quite a bit of critical infrastructure reachable (directly or indirectly) through the Internet. If an actual war would break out between any non-3rd-world countries, it is quite possible that the initial strikes would include cyber attacks to disable as much of that as possible.



    At the current level of tech actually deployed (i.e. ignoring fancy future dreams about everything-IoT, etc.) that would mostly be it. There is a very simple countermeasure against cyberattacks: Go offline. Most critical infrastructure can run without Internet connection. Of all the various companies in this area that I've done security work for in the past decade or so, none would stop working without Internet. Sure, it would be a big hassle, but power stations would run, fuel would still run, traffic systems would run, trains would run, the airport would still be open. All at reduced capacity, all with major operational trouble, but they would run.



    The most affected part would be supply chains, which rely strongly on data exchange today, but there are still enough old people in the business to switch back to older methods (phone, fax, and if you have to, couriers).



    You could damage a countries economy as a lot of consumer stuff and B2C trade relies on the Internet today. But we also have a vast parallel infrastructure of supermarkets, shopping centers and such, so the damage would be manageable.



    That is not to say that there would be no damage. Entire companies would go out of business without Internet, and the impact on daily life would be quite severe, especially regarding communication which has moved so much to the Internet that most of us don't even have the phone numbers of a lot of our friends, only their various online contact details (e-mail, FB, Twitter, etc.). Is WhatsApp still using phone numbers as usernames? That might save your social network. But for anyone outside the immediate circle, including any business that you're not a very frequent customer to, most of us today look up the phone number online if we have to call them, and it's been a long time since I saw a phone book anywhere.



    But in the context of an actual war, the cyber aspect would be a negliegable factor, and when you worry about nukes falling, Amazon and Google going out of business would not be frontpage news.





    That said, why do we have "cyber commands"? First, for publicity and to attract more nerds to the military. The military understands smart people. Second, because all of this is changing and when you think about the future, not the quarterly-report future of the business world, but the 10-years, 20-years type of future, then certainly the Internet as well as IT security in general will only become more important, so start being ready today. Third, you want to protect your own infrastructure against such attacks. Even if you don't believe (like me) that any cyber attack would be more the equivalent of sabotage than that of warfare, it is still something worth protecting against. If you look at the budgets of those "cyber commands" and compare them to the cost of, say, a new aircraft carrier or a couple fighter jets, you see the real priority of "cyber warfare" quite clearly.






    share|improve this answer





















      Your Answer








      StackExchange.ready(function() {
      var channelOptions = {
      tags: "".split(" "),
      id: "162"
      };
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function() {
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled) {
      StackExchange.using("snippets", function() {
      createEditor();
      });
      }
      else {
      createEditor();
      }
      });

      function createEditor() {
      StackExchange.prepareEditor({
      heartbeatType: 'answer',
      convertImagesToLinks: false,
      noModals: true,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: null,
      bindNavPrevention: true,
      postfix: "",
      imageUploader: {
      brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
      contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
      allowUrls: true
      },
      noCode: true, onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      });


      }
      });






      MathematicianByMistake is a new contributor. Be nice, and check out our Code of Conduct.










      draft saved

      draft discarded


















      StackExchange.ready(
      function () {
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f198500%2fis-strategic-cyber-warfare-feasible-today%23new-answer', 'question_page');
      }
      );

      Post as a guest















      Required, but never shown

























      4 Answers
      4






      active

      oldest

      votes








      4 Answers
      4






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes








      up vote
      26
      down vote



      accepted










      The problem with such attacks is that neither the attacker nor the defender have any incentives to claim responsibility of the attack. As such attacks can be done with small number of people and the internet also makes it possible to conceal the source of an attack, a well resourced attacker can even make it impossible for the defender to realise that an attack happened at all. The defender on the other hand, would usually try its best to hide the fact that it's attacked, or to the fact that it had discovered the attack, so as not to alarm the attacker (to allow them to feed back false information), and to avoid embarrassment and erosion of public trust on the agency.



      When a military cyber warfare department launched an attack against another nation's infrastructure, since there's no real witness and because most people are ignorant about how internet works and because attack forensic is hard even for experts, concealing such attacks is a lot easier than concealing physical wars. Even the defender might never realise that they are being sabotaged, or that they may have a really hard time proving that the sabotage was done by a nation state actor or figure out who the actors are, rather than, say, by a random Anonymous prankster. Additionally, the attackers themselves may sometimes not realise that they are acting under the direction of a nation state actor.



      Infrastructures like nuclear power plant are more difficult to compromise purely by cyberwarfare. The reason being that there's a lot of physical safe guards (not computer controlled) and manual override systems. The most that an attacker can do is force nuclear plant worker to shutdown their sophisticated automatic control system and fallback to manually working the plant. The attack might reduce the efficiency of the power plant and increases the operational costs of the system, but it's unlikely that serious meltdown could occur from such attack.



      Most attacks likely will be of the nature to increase costs of the victim, data espionage, and affect decision making. Increasing costs is fairly straight forward, with DDoS, sabotage, etc. Data espionage are more subtle but it's easily concealed by attacking random civilians, so that if the attack is discovered in government machines it'd hopefully be dismissed as random infection rather than a targeted attack. Affection decision making are even more subtle as it's essentially propaganda, targeted at specific decision maker or the entire populace for election.




      Is the inclusion of a cyberwarfare branch or subcommand necessary in the sense that Cyberwarfare can affect operations and strategic outcomes




      I think it's safe to say that most countries already do have Cybersecurity and Cyberwarfare capabilities.




      Stock market crash




      It's very difficult to say if this kind of attack are happening because stock prices are essentially decided by investors sentiments. A campaign of misinformation could potentially affect investors decision making. Spreading fake news about an upcoming political or economical instability could cause less observant investors to panic and push the market to a certain direction. This might actually trigger an actual meltdown as the initial fake wave can potentially turn into a real one.






      share|improve this answer



















      • 4




        I think there are many automated systems in the stock market which could be manipulated directly via a cyber attack, no need to loop humans into it via fake news to cause major harm
        – user2813274
        Nov 27 at 15:37










      • @user2813274 Such systems often are linked to social media (news based trading), so spreading fake news could well cause major fluctuations, especially if, say, a state leader helped to make them public and the HFT systems act upon it immediately with no human intelligence to stop them in time. Another point to consider is that it's very difficult to determine whether such situations were the result of malicious actors or poor programming as the algorithms are usually industrial secrets - it took the SEC the best part of 5 months to track down the cause of the May 6th 2010 Flash Crash.
        – MrLore
        2 days ago

















      up vote
      26
      down vote



      accepted










      The problem with such attacks is that neither the attacker nor the defender have any incentives to claim responsibility of the attack. As such attacks can be done with small number of people and the internet also makes it possible to conceal the source of an attack, a well resourced attacker can even make it impossible for the defender to realise that an attack happened at all. The defender on the other hand, would usually try its best to hide the fact that it's attacked, or to the fact that it had discovered the attack, so as not to alarm the attacker (to allow them to feed back false information), and to avoid embarrassment and erosion of public trust on the agency.



      When a military cyber warfare department launched an attack against another nation's infrastructure, since there's no real witness and because most people are ignorant about how internet works and because attack forensic is hard even for experts, concealing such attacks is a lot easier than concealing physical wars. Even the defender might never realise that they are being sabotaged, or that they may have a really hard time proving that the sabotage was done by a nation state actor or figure out who the actors are, rather than, say, by a random Anonymous prankster. Additionally, the attackers themselves may sometimes not realise that they are acting under the direction of a nation state actor.



      Infrastructures like nuclear power plant are more difficult to compromise purely by cyberwarfare. The reason being that there's a lot of physical safe guards (not computer controlled) and manual override systems. The most that an attacker can do is force nuclear plant worker to shutdown their sophisticated automatic control system and fallback to manually working the plant. The attack might reduce the efficiency of the power plant and increases the operational costs of the system, but it's unlikely that serious meltdown could occur from such attack.



      Most attacks likely will be of the nature to increase costs of the victim, data espionage, and affect decision making. Increasing costs is fairly straight forward, with DDoS, sabotage, etc. Data espionage are more subtle but it's easily concealed by attacking random civilians, so that if the attack is discovered in government machines it'd hopefully be dismissed as random infection rather than a targeted attack. Affection decision making are even more subtle as it's essentially propaganda, targeted at specific decision maker or the entire populace for election.




      Is the inclusion of a cyberwarfare branch or subcommand necessary in the sense that Cyberwarfare can affect operations and strategic outcomes




      I think it's safe to say that most countries already do have Cybersecurity and Cyberwarfare capabilities.




      Stock market crash




      It's very difficult to say if this kind of attack are happening because stock prices are essentially decided by investors sentiments. A campaign of misinformation could potentially affect investors decision making. Spreading fake news about an upcoming political or economical instability could cause less observant investors to panic and push the market to a certain direction. This might actually trigger an actual meltdown as the initial fake wave can potentially turn into a real one.






      share|improve this answer



















      • 4




        I think there are many automated systems in the stock market which could be manipulated directly via a cyber attack, no need to loop humans into it via fake news to cause major harm
        – user2813274
        Nov 27 at 15:37










      • @user2813274 Such systems often are linked to social media (news based trading), so spreading fake news could well cause major fluctuations, especially if, say, a state leader helped to make them public and the HFT systems act upon it immediately with no human intelligence to stop them in time. Another point to consider is that it's very difficult to determine whether such situations were the result of malicious actors or poor programming as the algorithms are usually industrial secrets - it took the SEC the best part of 5 months to track down the cause of the May 6th 2010 Flash Crash.
        – MrLore
        2 days ago















      up vote
      26
      down vote



      accepted







      up vote
      26
      down vote



      accepted






      The problem with such attacks is that neither the attacker nor the defender have any incentives to claim responsibility of the attack. As such attacks can be done with small number of people and the internet also makes it possible to conceal the source of an attack, a well resourced attacker can even make it impossible for the defender to realise that an attack happened at all. The defender on the other hand, would usually try its best to hide the fact that it's attacked, or to the fact that it had discovered the attack, so as not to alarm the attacker (to allow them to feed back false information), and to avoid embarrassment and erosion of public trust on the agency.



      When a military cyber warfare department launched an attack against another nation's infrastructure, since there's no real witness and because most people are ignorant about how internet works and because attack forensic is hard even for experts, concealing such attacks is a lot easier than concealing physical wars. Even the defender might never realise that they are being sabotaged, or that they may have a really hard time proving that the sabotage was done by a nation state actor or figure out who the actors are, rather than, say, by a random Anonymous prankster. Additionally, the attackers themselves may sometimes not realise that they are acting under the direction of a nation state actor.



      Infrastructures like nuclear power plant are more difficult to compromise purely by cyberwarfare. The reason being that there's a lot of physical safe guards (not computer controlled) and manual override systems. The most that an attacker can do is force nuclear plant worker to shutdown their sophisticated automatic control system and fallback to manually working the plant. The attack might reduce the efficiency of the power plant and increases the operational costs of the system, but it's unlikely that serious meltdown could occur from such attack.



      Most attacks likely will be of the nature to increase costs of the victim, data espionage, and affect decision making. Increasing costs is fairly straight forward, with DDoS, sabotage, etc. Data espionage are more subtle but it's easily concealed by attacking random civilians, so that if the attack is discovered in government machines it'd hopefully be dismissed as random infection rather than a targeted attack. Affection decision making are even more subtle as it's essentially propaganda, targeted at specific decision maker or the entire populace for election.




      Is the inclusion of a cyberwarfare branch or subcommand necessary in the sense that Cyberwarfare can affect operations and strategic outcomes




      I think it's safe to say that most countries already do have Cybersecurity and Cyberwarfare capabilities.




      Stock market crash




      It's very difficult to say if this kind of attack are happening because stock prices are essentially decided by investors sentiments. A campaign of misinformation could potentially affect investors decision making. Spreading fake news about an upcoming political or economical instability could cause less observant investors to panic and push the market to a certain direction. This might actually trigger an actual meltdown as the initial fake wave can potentially turn into a real one.






      share|improve this answer














      The problem with such attacks is that neither the attacker nor the defender have any incentives to claim responsibility of the attack. As such attacks can be done with small number of people and the internet also makes it possible to conceal the source of an attack, a well resourced attacker can even make it impossible for the defender to realise that an attack happened at all. The defender on the other hand, would usually try its best to hide the fact that it's attacked, or to the fact that it had discovered the attack, so as not to alarm the attacker (to allow them to feed back false information), and to avoid embarrassment and erosion of public trust on the agency.



      When a military cyber warfare department launched an attack against another nation's infrastructure, since there's no real witness and because most people are ignorant about how internet works and because attack forensic is hard even for experts, concealing such attacks is a lot easier than concealing physical wars. Even the defender might never realise that they are being sabotaged, or that they may have a really hard time proving that the sabotage was done by a nation state actor or figure out who the actors are, rather than, say, by a random Anonymous prankster. Additionally, the attackers themselves may sometimes not realise that they are acting under the direction of a nation state actor.



      Infrastructures like nuclear power plant are more difficult to compromise purely by cyberwarfare. The reason being that there's a lot of physical safe guards (not computer controlled) and manual override systems. The most that an attacker can do is force nuclear plant worker to shutdown their sophisticated automatic control system and fallback to manually working the plant. The attack might reduce the efficiency of the power plant and increases the operational costs of the system, but it's unlikely that serious meltdown could occur from such attack.



      Most attacks likely will be of the nature to increase costs of the victim, data espionage, and affect decision making. Increasing costs is fairly straight forward, with DDoS, sabotage, etc. Data espionage are more subtle but it's easily concealed by attacking random civilians, so that if the attack is discovered in government machines it'd hopefully be dismissed as random infection rather than a targeted attack. Affection decision making are even more subtle as it's essentially propaganda, targeted at specific decision maker or the entire populace for election.




      Is the inclusion of a cyberwarfare branch or subcommand necessary in the sense that Cyberwarfare can affect operations and strategic outcomes




      I think it's safe to say that most countries already do have Cybersecurity and Cyberwarfare capabilities.




      Stock market crash




      It's very difficult to say if this kind of attack are happening because stock prices are essentially decided by investors sentiments. A campaign of misinformation could potentially affect investors decision making. Spreading fake news about an upcoming political or economical instability could cause less observant investors to panic and push the market to a certain direction. This might actually trigger an actual meltdown as the initial fake wave can potentially turn into a real one.







      share|improve this answer














      share|improve this answer



      share|improve this answer








      edited Nov 27 at 12:54









      Maarten Bodewes

      3,3591122




      3,3591122










      answered Nov 27 at 12:21









      Lie Ryan

      21.7k24674




      21.7k24674








      • 4




        I think there are many automated systems in the stock market which could be manipulated directly via a cyber attack, no need to loop humans into it via fake news to cause major harm
        – user2813274
        Nov 27 at 15:37










      • @user2813274 Such systems often are linked to social media (news based trading), so spreading fake news could well cause major fluctuations, especially if, say, a state leader helped to make them public and the HFT systems act upon it immediately with no human intelligence to stop them in time. Another point to consider is that it's very difficult to determine whether such situations were the result of malicious actors or poor programming as the algorithms are usually industrial secrets - it took the SEC the best part of 5 months to track down the cause of the May 6th 2010 Flash Crash.
        – MrLore
        2 days ago
















      • 4




        I think there are many automated systems in the stock market which could be manipulated directly via a cyber attack, no need to loop humans into it via fake news to cause major harm
        – user2813274
        Nov 27 at 15:37










      • @user2813274 Such systems often are linked to social media (news based trading), so spreading fake news could well cause major fluctuations, especially if, say, a state leader helped to make them public and the HFT systems act upon it immediately with no human intelligence to stop them in time. Another point to consider is that it's very difficult to determine whether such situations were the result of malicious actors or poor programming as the algorithms are usually industrial secrets - it took the SEC the best part of 5 months to track down the cause of the May 6th 2010 Flash Crash.
        – MrLore
        2 days ago










      4




      4




      I think there are many automated systems in the stock market which could be manipulated directly via a cyber attack, no need to loop humans into it via fake news to cause major harm
      – user2813274
      Nov 27 at 15:37




      I think there are many automated systems in the stock market which could be manipulated directly via a cyber attack, no need to loop humans into it via fake news to cause major harm
      – user2813274
      Nov 27 at 15:37












      @user2813274 Such systems often are linked to social media (news based trading), so spreading fake news could well cause major fluctuations, especially if, say, a state leader helped to make them public and the HFT systems act upon it immediately with no human intelligence to stop them in time. Another point to consider is that it's very difficult to determine whether such situations were the result of malicious actors or poor programming as the algorithms are usually industrial secrets - it took the SEC the best part of 5 months to track down the cause of the May 6th 2010 Flash Crash.
      – MrLore
      2 days ago






      @user2813274 Such systems often are linked to social media (news based trading), so spreading fake news could well cause major fluctuations, especially if, say, a state leader helped to make them public and the HFT systems act upon it immediately with no human intelligence to stop them in time. Another point to consider is that it's very difficult to determine whether such situations were the result of malicious actors or poor programming as the algorithms are usually industrial secrets - it took the SEC the best part of 5 months to track down the cause of the May 6th 2010 Flash Crash.
      – MrLore
      2 days ago














      up vote
      11
      down vote













      Yes. The Russian government appears to be using attacks to destabilise the Ukraine - for some years now.



      There's a well researched Wired article that has a lot of details:



      https://www.wired.com/story/russian-hackers-attack-ukraine/



      Then there's also NotPetya (which, you may remember, got a little out of hand):



      https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/






      share|improve this answer























      • Comments are not for extended discussion; this conversation has been moved to chat.
        – Rory Alsop
        2 days ago










      • Hm, missed the edit time. Further, I may have been guilty of 'unthinking racism', as I was perhaps guilty of using the common trope of conflating the 'country' with 'the country's gov't'. As I say, it was not my intention, and perhaps I should be a bit more careful making such statements on the internet in future.
        – Ian
        yesterday















      up vote
      11
      down vote













      Yes. The Russian government appears to be using attacks to destabilise the Ukraine - for some years now.



      There's a well researched Wired article that has a lot of details:



      https://www.wired.com/story/russian-hackers-attack-ukraine/



      Then there's also NotPetya (which, you may remember, got a little out of hand):



      https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/






      share|improve this answer























      • Comments are not for extended discussion; this conversation has been moved to chat.
        – Rory Alsop
        2 days ago










      • Hm, missed the edit time. Further, I may have been guilty of 'unthinking racism', as I was perhaps guilty of using the common trope of conflating the 'country' with 'the country's gov't'. As I say, it was not my intention, and perhaps I should be a bit more careful making such statements on the internet in future.
        – Ian
        yesterday













      up vote
      11
      down vote










      up vote
      11
      down vote









      Yes. The Russian government appears to be using attacks to destabilise the Ukraine - for some years now.



      There's a well researched Wired article that has a lot of details:



      https://www.wired.com/story/russian-hackers-attack-ukraine/



      Then there's also NotPetya (which, you may remember, got a little out of hand):



      https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/






      share|improve this answer














      Yes. The Russian government appears to be using attacks to destabilise the Ukraine - for some years now.



      There's a well researched Wired article that has a lot of details:



      https://www.wired.com/story/russian-hackers-attack-ukraine/



      Then there's also NotPetya (which, you may remember, got a little out of hand):



      https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/







      share|improve this answer














      share|improve this answer



      share|improve this answer








      edited Nov 28 at 7:58









      forest

      27.8k1385101




      27.8k1385101










      answered Nov 27 at 11:36









      Ian

      45929




      45929












      • Comments are not for extended discussion; this conversation has been moved to chat.
        – Rory Alsop
        2 days ago










      • Hm, missed the edit time. Further, I may have been guilty of 'unthinking racism', as I was perhaps guilty of using the common trope of conflating the 'country' with 'the country's gov't'. As I say, it was not my intention, and perhaps I should be a bit more careful making such statements on the internet in future.
        – Ian
        yesterday


















      • Comments are not for extended discussion; this conversation has been moved to chat.
        – Rory Alsop
        2 days ago










      • Hm, missed the edit time. Further, I may have been guilty of 'unthinking racism', as I was perhaps guilty of using the common trope of conflating the 'country' with 'the country's gov't'. As I say, it was not my intention, and perhaps I should be a bit more careful making such statements on the internet in future.
        – Ian
        yesterday
















      Comments are not for extended discussion; this conversation has been moved to chat.
      – Rory Alsop
      2 days ago




      Comments are not for extended discussion; this conversation has been moved to chat.
      – Rory Alsop
      2 days ago












      Hm, missed the edit time. Further, I may have been guilty of 'unthinking racism', as I was perhaps guilty of using the common trope of conflating the 'country' with 'the country's gov't'. As I say, it was not my intention, and perhaps I should be a bit more careful making such statements on the internet in future.
      – Ian
      yesterday




      Hm, missed the edit time. Further, I may have been guilty of 'unthinking racism', as I was perhaps guilty of using the common trope of conflating the 'country' with 'the country's gov't'. As I say, it was not my intention, and perhaps I should be a bit more careful making such statements on the internet in future.
      – Ian
      yesterday










      up vote
      2
      down vote













      I cannot quantify for you, but it can certainly be said that strategic cyber-warfare is increasingly feasible - with whole swathes of vital national infrastructure now completely dependent on digital integrity. It could be argued that the feasibility of strategic cyber-warfare is increasing with exponential.



      Especially so with the emergence of everyday devices which are becoming 'too smart for their own good'. They may become pawns in future warfare, especially if these devices are connected to high bandwidth. Home security is about to take on a whole new dimension.



      A newish example (and possibly being forcefully deployed in an area near you) is the 'smart meter'. https://www.information-age.com/smart-metres-vulnerable-cyber-attacks-123470837/



      Some intelligence agencies appear (on the surface) to be very wary of the vulnerabilities this can introduce, and rightly so.






      share|improve this answer








      New contributor




      PCARR is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






















        up vote
        2
        down vote













        I cannot quantify for you, but it can certainly be said that strategic cyber-warfare is increasingly feasible - with whole swathes of vital national infrastructure now completely dependent on digital integrity. It could be argued that the feasibility of strategic cyber-warfare is increasing with exponential.



        Especially so with the emergence of everyday devices which are becoming 'too smart for their own good'. They may become pawns in future warfare, especially if these devices are connected to high bandwidth. Home security is about to take on a whole new dimension.



        A newish example (and possibly being forcefully deployed in an area near you) is the 'smart meter'. https://www.information-age.com/smart-metres-vulnerable-cyber-attacks-123470837/



        Some intelligence agencies appear (on the surface) to be very wary of the vulnerabilities this can introduce, and rightly so.






        share|improve this answer








        New contributor




        PCARR is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.




















          up vote
          2
          down vote










          up vote
          2
          down vote









          I cannot quantify for you, but it can certainly be said that strategic cyber-warfare is increasingly feasible - with whole swathes of vital national infrastructure now completely dependent on digital integrity. It could be argued that the feasibility of strategic cyber-warfare is increasing with exponential.



          Especially so with the emergence of everyday devices which are becoming 'too smart for their own good'. They may become pawns in future warfare, especially if these devices are connected to high bandwidth. Home security is about to take on a whole new dimension.



          A newish example (and possibly being forcefully deployed in an area near you) is the 'smart meter'. https://www.information-age.com/smart-metres-vulnerable-cyber-attacks-123470837/



          Some intelligence agencies appear (on the surface) to be very wary of the vulnerabilities this can introduce, and rightly so.






          share|improve this answer








          New contributor




          PCARR is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
          Check out our Code of Conduct.









          I cannot quantify for you, but it can certainly be said that strategic cyber-warfare is increasingly feasible - with whole swathes of vital national infrastructure now completely dependent on digital integrity. It could be argued that the feasibility of strategic cyber-warfare is increasing with exponential.



          Especially so with the emergence of everyday devices which are becoming 'too smart for their own good'. They may become pawns in future warfare, especially if these devices are connected to high bandwidth. Home security is about to take on a whole new dimension.



          A newish example (and possibly being forcefully deployed in an area near you) is the 'smart meter'. https://www.information-age.com/smart-metres-vulnerable-cyber-attacks-123470837/



          Some intelligence agencies appear (on the surface) to be very wary of the vulnerabilities this can introduce, and rightly so.







          share|improve this answer








          New contributor




          PCARR is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
          Check out our Code of Conduct.









          share|improve this answer



          share|improve this answer






          New contributor




          PCARR is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
          Check out our Code of Conduct.









          answered Nov 27 at 20:45









          PCARR

          1214




          1214




          New contributor




          PCARR is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
          Check out our Code of Conduct.





          New contributor





          PCARR is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
          Check out our Code of Conduct.






          PCARR is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
          Check out our Code of Conduct.






















              up vote
              2
              down vote













              The term "Cyber Warfare" is largely nonsense. There just isn't enough there to make a prolonged exchange of hostilities likely, not on the order of magnitude that you could call a "war".



              However, as we have seen already, there is quite a bit of critical infrastructure reachable (directly or indirectly) through the Internet. If an actual war would break out between any non-3rd-world countries, it is quite possible that the initial strikes would include cyber attacks to disable as much of that as possible.



              At the current level of tech actually deployed (i.e. ignoring fancy future dreams about everything-IoT, etc.) that would mostly be it. There is a very simple countermeasure against cyberattacks: Go offline. Most critical infrastructure can run without Internet connection. Of all the various companies in this area that I've done security work for in the past decade or so, none would stop working without Internet. Sure, it would be a big hassle, but power stations would run, fuel would still run, traffic systems would run, trains would run, the airport would still be open. All at reduced capacity, all with major operational trouble, but they would run.



              The most affected part would be supply chains, which rely strongly on data exchange today, but there are still enough old people in the business to switch back to older methods (phone, fax, and if you have to, couriers).



              You could damage a countries economy as a lot of consumer stuff and B2C trade relies on the Internet today. But we also have a vast parallel infrastructure of supermarkets, shopping centers and such, so the damage would be manageable.



              That is not to say that there would be no damage. Entire companies would go out of business without Internet, and the impact on daily life would be quite severe, especially regarding communication which has moved so much to the Internet that most of us don't even have the phone numbers of a lot of our friends, only their various online contact details (e-mail, FB, Twitter, etc.). Is WhatsApp still using phone numbers as usernames? That might save your social network. But for anyone outside the immediate circle, including any business that you're not a very frequent customer to, most of us today look up the phone number online if we have to call them, and it's been a long time since I saw a phone book anywhere.



              But in the context of an actual war, the cyber aspect would be a negliegable factor, and when you worry about nukes falling, Amazon and Google going out of business would not be frontpage news.





              That said, why do we have "cyber commands"? First, for publicity and to attract more nerds to the military. The military understands smart people. Second, because all of this is changing and when you think about the future, not the quarterly-report future of the business world, but the 10-years, 20-years type of future, then certainly the Internet as well as IT security in general will only become more important, so start being ready today. Third, you want to protect your own infrastructure against such attacks. Even if you don't believe (like me) that any cyber attack would be more the equivalent of sabotage than that of warfare, it is still something worth protecting against. If you look at the budgets of those "cyber commands" and compare them to the cost of, say, a new aircraft carrier or a couple fighter jets, you see the real priority of "cyber warfare" quite clearly.






              share|improve this answer

























                up vote
                2
                down vote













                The term "Cyber Warfare" is largely nonsense. There just isn't enough there to make a prolonged exchange of hostilities likely, not on the order of magnitude that you could call a "war".



                However, as we have seen already, there is quite a bit of critical infrastructure reachable (directly or indirectly) through the Internet. If an actual war would break out between any non-3rd-world countries, it is quite possible that the initial strikes would include cyber attacks to disable as much of that as possible.



                At the current level of tech actually deployed (i.e. ignoring fancy future dreams about everything-IoT, etc.) that would mostly be it. There is a very simple countermeasure against cyberattacks: Go offline. Most critical infrastructure can run without Internet connection. Of all the various companies in this area that I've done security work for in the past decade or so, none would stop working without Internet. Sure, it would be a big hassle, but power stations would run, fuel would still run, traffic systems would run, trains would run, the airport would still be open. All at reduced capacity, all with major operational trouble, but they would run.



                The most affected part would be supply chains, which rely strongly on data exchange today, but there are still enough old people in the business to switch back to older methods (phone, fax, and if you have to, couriers).



                You could damage a countries economy as a lot of consumer stuff and B2C trade relies on the Internet today. But we also have a vast parallel infrastructure of supermarkets, shopping centers and such, so the damage would be manageable.



                That is not to say that there would be no damage. Entire companies would go out of business without Internet, and the impact on daily life would be quite severe, especially regarding communication which has moved so much to the Internet that most of us don't even have the phone numbers of a lot of our friends, only their various online contact details (e-mail, FB, Twitter, etc.). Is WhatsApp still using phone numbers as usernames? That might save your social network. But for anyone outside the immediate circle, including any business that you're not a very frequent customer to, most of us today look up the phone number online if we have to call them, and it's been a long time since I saw a phone book anywhere.



                But in the context of an actual war, the cyber aspect would be a negliegable factor, and when you worry about nukes falling, Amazon and Google going out of business would not be frontpage news.





                That said, why do we have "cyber commands"? First, for publicity and to attract more nerds to the military. The military understands smart people. Second, because all of this is changing and when you think about the future, not the quarterly-report future of the business world, but the 10-years, 20-years type of future, then certainly the Internet as well as IT security in general will only become more important, so start being ready today. Third, you want to protect your own infrastructure against such attacks. Even if you don't believe (like me) that any cyber attack would be more the equivalent of sabotage than that of warfare, it is still something worth protecting against. If you look at the budgets of those "cyber commands" and compare them to the cost of, say, a new aircraft carrier or a couple fighter jets, you see the real priority of "cyber warfare" quite clearly.






                share|improve this answer























                  up vote
                  2
                  down vote










                  up vote
                  2
                  down vote









                  The term "Cyber Warfare" is largely nonsense. There just isn't enough there to make a prolonged exchange of hostilities likely, not on the order of magnitude that you could call a "war".



                  However, as we have seen already, there is quite a bit of critical infrastructure reachable (directly or indirectly) through the Internet. If an actual war would break out between any non-3rd-world countries, it is quite possible that the initial strikes would include cyber attacks to disable as much of that as possible.



                  At the current level of tech actually deployed (i.e. ignoring fancy future dreams about everything-IoT, etc.) that would mostly be it. There is a very simple countermeasure against cyberattacks: Go offline. Most critical infrastructure can run without Internet connection. Of all the various companies in this area that I've done security work for in the past decade or so, none would stop working without Internet. Sure, it would be a big hassle, but power stations would run, fuel would still run, traffic systems would run, trains would run, the airport would still be open. All at reduced capacity, all with major operational trouble, but they would run.



                  The most affected part would be supply chains, which rely strongly on data exchange today, but there are still enough old people in the business to switch back to older methods (phone, fax, and if you have to, couriers).



                  You could damage a countries economy as a lot of consumer stuff and B2C trade relies on the Internet today. But we also have a vast parallel infrastructure of supermarkets, shopping centers and such, so the damage would be manageable.



                  That is not to say that there would be no damage. Entire companies would go out of business without Internet, and the impact on daily life would be quite severe, especially regarding communication which has moved so much to the Internet that most of us don't even have the phone numbers of a lot of our friends, only their various online contact details (e-mail, FB, Twitter, etc.). Is WhatsApp still using phone numbers as usernames? That might save your social network. But for anyone outside the immediate circle, including any business that you're not a very frequent customer to, most of us today look up the phone number online if we have to call them, and it's been a long time since I saw a phone book anywhere.



                  But in the context of an actual war, the cyber aspect would be a negliegable factor, and when you worry about nukes falling, Amazon and Google going out of business would not be frontpage news.





                  That said, why do we have "cyber commands"? First, for publicity and to attract more nerds to the military. The military understands smart people. Second, because all of this is changing and when you think about the future, not the quarterly-report future of the business world, but the 10-years, 20-years type of future, then certainly the Internet as well as IT security in general will only become more important, so start being ready today. Third, you want to protect your own infrastructure against such attacks. Even if you don't believe (like me) that any cyber attack would be more the equivalent of sabotage than that of warfare, it is still something worth protecting against. If you look at the budgets of those "cyber commands" and compare them to the cost of, say, a new aircraft carrier or a couple fighter jets, you see the real priority of "cyber warfare" quite clearly.






                  share|improve this answer












                  The term "Cyber Warfare" is largely nonsense. There just isn't enough there to make a prolonged exchange of hostilities likely, not on the order of magnitude that you could call a "war".



                  However, as we have seen already, there is quite a bit of critical infrastructure reachable (directly or indirectly) through the Internet. If an actual war would break out between any non-3rd-world countries, it is quite possible that the initial strikes would include cyber attacks to disable as much of that as possible.



                  At the current level of tech actually deployed (i.e. ignoring fancy future dreams about everything-IoT, etc.) that would mostly be it. There is a very simple countermeasure against cyberattacks: Go offline. Most critical infrastructure can run without Internet connection. Of all the various companies in this area that I've done security work for in the past decade or so, none would stop working without Internet. Sure, it would be a big hassle, but power stations would run, fuel would still run, traffic systems would run, trains would run, the airport would still be open. All at reduced capacity, all with major operational trouble, but they would run.



                  The most affected part would be supply chains, which rely strongly on data exchange today, but there are still enough old people in the business to switch back to older methods (phone, fax, and if you have to, couriers).



                  You could damage a countries economy as a lot of consumer stuff and B2C trade relies on the Internet today. But we also have a vast parallel infrastructure of supermarkets, shopping centers and such, so the damage would be manageable.



                  That is not to say that there would be no damage. Entire companies would go out of business without Internet, and the impact on daily life would be quite severe, especially regarding communication which has moved so much to the Internet that most of us don't even have the phone numbers of a lot of our friends, only their various online contact details (e-mail, FB, Twitter, etc.). Is WhatsApp still using phone numbers as usernames? That might save your social network. But for anyone outside the immediate circle, including any business that you're not a very frequent customer to, most of us today look up the phone number online if we have to call them, and it's been a long time since I saw a phone book anywhere.



                  But in the context of an actual war, the cyber aspect would be a negliegable factor, and when you worry about nukes falling, Amazon and Google going out of business would not be frontpage news.





                  That said, why do we have "cyber commands"? First, for publicity and to attract more nerds to the military. The military understands smart people. Second, because all of this is changing and when you think about the future, not the quarterly-report future of the business world, but the 10-years, 20-years type of future, then certainly the Internet as well as IT security in general will only become more important, so start being ready today. Third, you want to protect your own infrastructure against such attacks. Even if you don't believe (like me) that any cyber attack would be more the equivalent of sabotage than that of warfare, it is still something worth protecting against. If you look at the budgets of those "cyber commands" and compare them to the cost of, say, a new aircraft carrier or a couple fighter jets, you see the real priority of "cyber warfare" quite clearly.







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Nov 28 at 6:36









                  Tom

                  4,379628




                  4,379628






















                      MathematicianByMistake is a new contributor. Be nice, and check out our Code of Conduct.










                      draft saved

                      draft discarded


















                      MathematicianByMistake is a new contributor. Be nice, and check out our Code of Conduct.













                      MathematicianByMistake is a new contributor. Be nice, and check out our Code of Conduct.












                      MathematicianByMistake is a new contributor. Be nice, and check out our Code of Conduct.
















                      Thanks for contributing an answer to Information Security Stack Exchange!


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid



                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.


                      To learn more, see our tips on writing great answers.





                      Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


                      Please pay close attention to the following guidance:


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid



                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.


                      To learn more, see our tips on writing great answers.




                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function () {
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f198500%2fis-strategic-cyber-warfare-feasible-today%23new-answer', 'question_page');
                      }
                      );

                      Post as a guest















                      Required, but never shown





















































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown

































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown







                      Popular posts from this blog

                      AnyDesk - Fatal Program Failure

                      How to calibrate 16:9 built-in touch-screen to a 4:3 resolution?

                      QoS: MAC-Priority for clients behind a repeater