Cyber Warfare

Modern militaries rely on information technology to conduct warfare. Militaries use offensive and defensive cybersecurity tools. Civilians sometimes throw themselves into the fray.

Soldier with Laptop

Learning Objectives

You should be able to:

Discuss offensive and defensive use of information technology in war
Identify major players in cyber warfare
Discuss how civilians have played a role in cyber warfare

Information Technology in War

Modern warfare relies on technology. Reconnaissance data is gathered with sophisticated satellites, spy planes, and drones. On the ground, troops must communicate securely with each other and their commanding officers. Increasingly, autonomous and semi-autonomous weapons are deployed. The 2022 war between Russia and Ukraine saw the use of drones that could fly for miles before autonomously locking onto a target. Forces can use hacking tools to bring down critical infrastructure, such as power grids. Militaries rely on strong critical infrastructures and civilians who have secured systems.

Major United States Players

The United States Cyber Command (https://www.cybercom.mil/) works with the cyber command in each of the branches of the military:

Army Cyber Command (https://www.arcyber.army.mil/)
Fleet Cyber Command (https://www.fcc.navy.mil/)
Air Forces Cyber (https://www.16af.af.mil/)
Marine Corps Forces Cyberspace Command (https://www.marforcyber.marines.mil/)

The National Security Agency "prevents and eradicates threats to U.S. national security systems with a focus on the Defense Industrial Base and the improvement of U.S. weapons’ security." The NSA also provides guidance to the Department of Defense and other federal agencies on cybersecurity.

Historical Attacks

The following are a few real-world examples of cyber tools and techniques used in warfare.

Desert Storm

In 1990, Iraq invaded Kuwait. In response, the United States began Operation Desert Storm with the stated goal of liberating Kuwait from Iraqi occupation. The U.S. military used sophisticated tools to intercept Iraqi communications. The U.S. military could triangulate the position of Iraqi radios, making them easy targets. The U.S. could eavesdrop on Iraqi communications, or eliminate the communications equipment altogether. Eventually, the Iraqi forces realized they could not trust electronic communications. The Iraqi forces eventually resorted to delivering paper messages via trucks. That did not go well for the drivers. The ability of the U.S. to dominate the information flow was a significant factor in the success of the operation.

Listening to Radio Communications

Stuxnet

Stuxnet was a cyber weapon deployed in 2010 to cripple Iran's nuclear program. The malware targeted Siemens industrial control systems which the uranium enrichment centrifuges to spin out of control. The malware spun the centrifuges at a precise speed that would cause physical damage, though the malware reported normal operating speeds to the monitoring systems. See this excellent overview from Dave's Garage YouTube channel covering the attack. The attack took advantage of many zero-day vulnerabilities--vulnerabilities that even manufacturers were unaware of. No casual hacking group could carry out an attack of this sophistication.

Centrifuge

2022 Russia-Ukraine War

Prior to Russia's invasion of Ukraine in 2022, Russia launched attacks on banks. Most banks allow customers to open accounts online. Banks verify external account ownership by sending very small deposits and ask customers to verify the amounts. Malicious actors can earn large sums by harvesting thousands of these very small deposits. Banks consider these losses a cost of doing business--they gain more by letting customers open accounts online than they lose from fraudulent accounts. The Russian government exploited this vulnerability to change the calculus. In the beginning of 2022, Russia's hackers started opening dramatically more fraudulent accounts. The problem became so severe for banks that they stopped allowing accounts to be opened online, effectively cutting of access to the United States banking system. Shortly after, Russia invaded Ukraine. Ukrainian citizens were unable to move money effectively which allowed Russia seize assets and apply more pressure on the Ukrainian government. The attack on banks demonstrates how nation states may use cyber attacks as precursors to physical attacks.

The 2022 war between Russia and Ukraine brought to light a new phenomenon in war--civilian cybersecurity participation. On February 28, 2022, the Ukraine government issued a call for Russian vulnerabilities.

Image Source: https://twitter.com/dsszzi/status/1498245709031776258?s=20&t=eoiPUeg39zD1APV8tOAAMw

Weeks after the Ukrainian government's call for vulnerabilities, the hacker group Anonymous claims that they hacked Russia's spy satellites and recovered sensitive documents. Anonymous posted screenshots of web pages and hacked systems on Twitter, but the validity of the screenshots and claims could not be verified. Russia denied the claims.

Israeli Supply Chain Attack

In 2024, the Israeli government executed a supply-chain attack on the pagers used by Hezbollah. To begin the attack, the Israeli government had to setup a company that purported to sell pagers. But the buyers were unaware that the shell company was controlled by the Israeli government. The Israeli government implanted plastic explosives in the pagers before delivering them to Hezbollah. The Israeli government then sent a signal to the pagers, causing them to detonate. Many Hezbollah members were injured or killed in the attack. The attack also injured bystanders who happened to be near one of the pagers. Bruce Schneider, a security expert, wrote an excellent overview of the attack.

The incident raises the concerns over supply chains in general. Modern devices are made up of many components, and those components often come from different companies and countries. While supply chain attacks can be effective, they may undermine global confidence in the supply chain.

Pager Insides

Reflection

What will the cyber warfare arms race look like?
What would be the cyber version of a nuclear bomb?

Key Terms

Cyber Warfare: The use cybersecurity tools to aid in military objectives. Militaries may use sophisticated offensive and defensive cybersecurity tools.
Reconnaissance: The initial phase in a cyber attack where the attacker gathers information about the target system, network, or organization. This phase involves activities such as scanning for vulnerabilities, mapping network topology, identifying active services, and collecting data on potential entry points. Reconnaissance helps attackers plan their subsequent actions and increase the likelihood of a successful breach.