In the wake of the attack on Sony Pictures in the U.S., many are trying to validate the government’s claim that it was a hack perpetuated by North Korea. If this is true it is the first highly public incident involving state-sponsored cyber espionage, and there will likely be more in the future. The incident has already led to sanctions imposed on North Korea, the first of it’s kind based on these attacks. Clearly the consequences of open cyberwar are ominous and far reaching for the entire world.
it’s been rumored that the United States has been in a prolonged cyber cold war with China for the better part of a decade, and by studying attack data there is clearly a pattern involving the two superpowers. Over the past few years, there have been numerous thefts of classified information and acts of espionage attributed to hackers working for or in collusion with both the U.S., China, and their allies. This includes the break-in at the Lawrence Livermore Labs, the hacking of RSA secure IDs in 2011, the Stuxnet virus that destroyed Iranian centrifuges, and the outing of the NSA’s wiretapping and data collection activities by Edward Snowden. All of these are clear indications that nation-states and government agencies are actively using cyberspace to engage in these operations.
The U.S. Congress has also recently expressed concerns over the import and use of telco, networking, and computing gear from Chinese companies such as Huwei and others. These companies are beholden to the Communist government and the possibility of backdoors, doomsday bombs, and other malicious functions embedded in thousands of devices and machines around the world isn’t that far fetched. This could already be happening, leading to a day when the planet’s computers and the internet are held for ransom. That’s right, that Lenovo you got at a bargain price could already be a ticking logic bomb.
So what would happen if this type of activity escalated and reached full-scale cyberwar? We’ve already seen a glimpse of this when North Korea was promptly knocked off the internet for over nine hours after it was publicly outed as the perpetrators. Technology and the web are now so ubiquitous, the loss of major parts of the internet or critical infrastructure could cause a catastrophic collapse we may never recover from. Financial meltdown or worse could be only a mouse click away and the threat is only becoming greater.
The consequences of the same thing happening to the United States could result in serious problems for the entire world. This very reason is likely why large scale and open cyberwarfare hasn’t really happened yet. It’s similar to the Cold War and the concept of mutually assured destruction; As long as each side had enough to wipe each other out several times over and destroy the world, no one dared to press the button. But as nations begin moving more toward offensive operations in cyberspace, the potential is huge for serious collateral damage to business, critical operations, and civil services.
In the event nations begin large scale cyber attacks against one another, the internet itself will be the first victim, followed by everyone who uses it. Businesses that operate online would be crippled by denial of service and war-based traffic. Even more ominous is the threat to critical infrastructure such as power and financial systems. The blow to the economy could be disastrous if key organizations or internet infrastructure were taken offline, even if they weren’t the actual targets.
In the future, this threat could lead to huge changes in the network and internet landscape. The United States could begin a technological Inward Turn, a doctrine of technology isolationism. Companies and especially government would rely only on hardware and software from those they trusted and build highly secure private networks. Greater security defenses would be created, eventually leading to more heavily guarded perimeters in cyberspace. Every country might build a Great Firewall, capable of protecting major critical infrastructure and economic resources. Not all traffic would be treated equally, and none of it would be implicitly trusted.
In the face of all out cyberwar businesses could begin the Inward Turn and rely only on trusted sources, hardening their critical systems and access to the outside world. The days of cloud-anything would become numbered, and the highly secured, walled-off private cloud would rule the landscape. The silver lining to this dystopian vision would be the rise of robust solutions and technologies that lead to more secure networks and internet. Ironically, war and the military has historically driven these kinds of revolutionary changes.
It may be worthwhile to think about what would be needed to go into this highly secure future. As unreal as it sounds, the possibility is there and the impact it could have would be astronomical. Organizations would need ways to continue to operate and protect themselves from the side effects of open warfare on the net, as well as continue operations safely and efficiently. And while mostly no one wants such a thing to come true, laying the groundwork now might pay off in a difficult future.