The page takes a second to load. Or doesn’t load at all. Instead, an error message pops up onscreen: the connection timed out. Page after page, none load.
Bank website? Down. Online retailer? Down. News site? Down. Government webpage? Down. Vaccine appointment system? Down. A while later, all the sites load properly.
The lights flicker and the power goes off. The heat shuts off too. It’s December and cold. Around the city, the electricity grid goes down.
The blackout lasts an hour, maybe six hours. The power comes back on.
The backup safety system for monitoring chemicals at a manufacturing plant runs unnoticed in the background. The system gives no security warnings and sends no alerts. A routine maintenance check finds that the backup system was not actually functioning.
At another manufacturing plant, a machine with a spinning centrifuge has this repeated glitch. The centrifuge will spin so fast that it spins out of control, torn apart by the force. The IT team finally identifies the issue and the machine stops spinning out of control.
Technological issues like these seem, well, unsurprising. Technology fails. Chalk the issues up to the finicky nature of the internet, to some glitch somewhere along the line.
But all of these incidents have happened before, reported Wired. And none of them were run-of-the-mill technological issues.
These issues were caused by cyberattacks.
Targeted and intentional, cyberattacks are becoming increasingly frequent, increasingly dangerous and increasingly hybrid, reported Wired.
Cyberattacks may happen online but their consequences don’t stay online. They pose real-world threats. As cyberattacks intensify, the world is pushed closer and closer toward cyber warfare — a newish type of warfare for which global society remains unprepared.
The landscape of conflict has changed.
Cyberattacks and cyberwar: The dystopian future that happened yesterday
“Let’s start from the most important beginning point: This isn’t a conversation about the future,” Joseph Steinberg, a cybersecurity expert, told to Deseret News. “These are things that are already happening on a regular basis whether people realize it or not.”
“Cyberwarfare is something that involves a computer-based attack against another computer that causes some sort of real-world repercussion,” said Steinberg.
The example of websites not loading en masse? That’s the result of a common cyberattack called a distributed delay of service, or DDoS. Hackers overload website servers with fake requests so that real requests to load the page cannot be processed. The result? The site goes down completely.
A DDoS cyberattack like this in the Eastern European country of Estonia marked the start of “Web War 1” back in 2007, reported Wired.
The centrifuge spinning out of control? The U.S. and Israel led that cyberattack against Iranian nuclear facilities beginning in 2009 but the attack wasn’t identified until 2010, per Wired. The attack, later known as Stuxnet, became the first cyberattack designed to cause physical damage. The cyberattack delayed Iran’s development of nuclear technology.
The cyberattack that caused an electricity blackout? That’s happened twice so far.
The first time, in December 2015, Russian hackers disrupted the electricity of 225,000 Ukrainian civilians for about six hours. Similarly, in 2016, Russian hackers disrupted the power grid of Ukraine’s capital Kyiv for about one hour, per Wired.
Taking out backup safety systems? That cyberattack happened in a Saudi Arabia oil refinery in 2017. The malicious code aimed to silently disable the last-ditch safety systems that warn about dangerous conditions like a temperature build-up or a gas leak, reported Wired.
The company found the hack before an explosion or gas leak occurred, but the alternative could have been deadly.
“The cyberattacks we saw earlier this year? That’s not even the tip of the iceberg — that’s the cold air coming off the tip of the iceberg,” said Steinberg, the cybersecurity expert. “The cyberattack that directly causes people to die — it’s going to happen — that’s when we hit the tip of the iceberg.”
“Some people think cyberwar won’t be violent — that’s not true,” said Steinberg. “There are real-world repercussions to cyberattacks and it’s only going to get worse.”
Inside a future cyberwar
In conventional physical warfare, international parties have agreed on the rules of a fair fight, the lines too cruel to cross and the tactics too inhumane to use.
That’s not the case for cyberwarfare. In the cyberworld, there are no ground rules. There are no traditional borders. And there is no clarity.
“What is cyberwar? What is legal cyberwarfare? What is a war crime in cyberwarfare? There is no clear definition and that’s part of the issue,” said Steinberg. “All the rules of warfare — you don’t target civilians and things like that — in the cyberworld, it’s not clear where these things stand.”
And cyberwar may not target just the military. Cyberattacks could strike “water distribution systems, financial systems, gas pipelines, hospitals — perhaps even combined with a mass-casualty physical attack,” said Wired.
These civilian sectors remain particularly vulnerable to cyberattacks because their systems tend to be “out of date, poorly maintained, ill-understood, and often unpatchable, “ reported Foreign Policy.
And worse still, not all cyberattacks will even have a physical target like these critical service sectors. That’s where cyberespionage comes in.
“Cyberespionage is going on all the time,” said Steinberg. Like cyberattacks, cyberespionage could have military or civilian targets. It could look like stolen military equipment plans or close monitoring of foreign citizens of interest.
“The person who’s going to be president in 30 years or 50 years, they’re posting all sorts of information in online media that may or may not be useful to an adversary,” said Steinberg.
Cyberespionage could inform cyberattacks targeting such individuals.
But the target could also be the entire public. Cyberattacks could manipulate public opinion before elections through online campaigns, targeted advertising and realistic “deep fake” videos of candidates or world leaders, reported Foreign Policy.
After all, there are no ground rules in the cyberworld — and even just one cyberattack could be too much.
“Even if we’re the superpower from offensive and defensive positions, other entities could get one or two or 10 or a small percentage of attacks and we’re not capable of stopping 100% of it,” explained Steinberg. “If someone is weaker but can get one attack through, then they can cause massive damage.”
What will a scorched earth policy look like in a cyber warfare context?— Ayush Kanaujia (@_ayushkanaujia) March 5, 2021
Imagine the impact on our modern civilisation of a full blown cyber war between state actors.
Since most businesses and government services are technology driven nowadays, the impacts could be disastrous.
Behind the scenes of a future cyberwar
Say all of these cyberattacks happen. Does that mean we’re in a cyberwar? Well, maybe, but maybe not. Once again, there’s no clear line.
Assigning responsibility for cyberattacks gets incredibly complicated incredibly quickly. In the recent case of vaccination systems going down — was the attack led by a group of teenagers opposed to vaccines? Or was the attack led by professional state-sponsored actors that wanted to interrupt Italy’s health care system?
Because of proxy servers and other methods of erasing the assailant’s digital footprint, it’s hard to know for sure, reported Foreign Policy.
“There’s also plausible deniability,” explains Steinberg. “No one admits to doing it.”
But this lack of certainty around the party responsible for a cyberattack does not stop entities from cyberattacking back and creating a cycle of escalation, per Foreign Policy.
“We could stumble into a war that neither side wants because of the feeling that you have to retaliate,” said Amy Zegart, a cyberwarfare expert at the Hoover Institution and Stanford professor, per The New Yorker.
“We don’t understand escalation in cyberspace,” said Zegart.
Physical lockdown is one thing, Cyber-lockdown will be the next thing.— Mikael (@mikael_jibril) February 26, 2021
Preventing a future cyberwar
This is science fiction turned science nonfiction. And cyberattacks we’ve seen so far?
“You want to call it the tip of the iceberg or the cold air coming off? This is nothing compared with what could happen if we don’t address these issues,” said Steinberg. “People are going to have to be more careful online because your computer could be used for an attack.”
To protect yourself and those you’re digitally connected to from cyberattacks, Steinberg recommends not using public Wi-Fi for sensitive tasks, avoiding risky downloads in emails or on websites, backing up your data often, following proper password guidelines, and using some sort of security software.
“We’re only as strong as our weakest link,” said Homeland Security Secretary Alejandro Mayorkas, per ABC News, “because everything is connected. The vulnerability of one can become the vulnerability of many.”
And when it comes to cyberwar, we are all vulnerable because there are no ground rules in the cyberworld. That’s why many cybersecurity experts have begun pushing for a Digital Geneva Convention or some other global treaty to establish the go and no-go zones of cyberwarfare, reported Wired.
“Because this is a real threat and it’s not the future,” said Steinberg. “This is not a theory. This is not paranoia. It’s the world we live in.”