The NYT report shows what the doctrine of “deep forward defense” adopted by the US Cyber Command really is: planting cyber bombs in its opponents’ infrastructure, leading to grid failures that can paralyze the country.
21 Jun 2019
Image Courtesy: The New York Times
The New York Times (NYT) recent report that the United States Cyber Command has planted “malware” – read cyber bombs – deep into the Russian grid, should worry not just the Russian people, but all of us. Taking down a country’s grid leads to blackouts, and disrupts a country’s vital infrastructure: communication networks such as metros, railways, airports, hospitals, telecommunications including cell phones; it can lead to failure of hydroelectric plants and dams causing devastating floods, nuclear plants’ outages and possible meltdown. As we have seen in India, grid failures of the kind we saw in 2012 are major events that can paralyse any country.
The US itself has signalled the importance it attaches to its electrical grid. In its Nuclear Posture Review, 2018, it made explicit that any country attacking its grid – either physically or with cyber weapons – would face US retaliation including even a nuclear response. The US Cyber Command, set up in 2017 as an independent command on par with its Strategic Command that controls its nuclear weapons, had formulated its doctrine of “deep forward defence”. The NYT report shows what the doctrine of “deep forward defence” for what it really is: planting cyber bombs in its opponents’ infrastructure.
This also gives credence to what the Venezuelan government had earlier said, that they were under cyber attack from the US during Guaido’s attempted coup, and that had led to repeated grid failures.
What exactly is a cyber bomb and what does it do to an electrical grid? Most industrial systems and electrical networks depend on what are called digital controllers for their operations. As most of these systems are highly automated, these controllers send commands to various physical equipment for their functions. This is, by the way, what happens in our lowly washing machines and in our refrigerators as well. If malicious software can be injected into these controllers, they can not only shut down such equipment, but also make them behave in ways that damage the equipment. And this damage can even cause catastrophic failures.
An example of this is the Stuxnet, now admitted to be a US-Israeli joint operations against Iran’s uranium enrichment program. This led to extensive damage of the Iranian centrifuges in their Natanz uranium enrichment plant, as the Siemens controllers which were controlling the centrifuges were attacked. In a more recent case, in a Saudi Aramco’s petrochemical plant, the Triconex safety system was infected leading to a plant shutdown.
What both these cases show is, that once state actors get involved, the level of sophistication and complexity of these weapons make protection a very difficult task. Cyber weapons are not different from physical weapons as they have the same impact; and unlike other malware, they cause physical damage and destruction.
Discussions on cyber weapons and demilitarising the cyber space has been on the United Nations’ disarmament table for quite some time. Russia and China have demanded a number of times that the world should have a treaty that bans cyber weapons and they should be treated differently from viruses, worms and other malware. In 2011, Russia and China had proposed a treaty to limit cyber weapons modelled on the 1997 Chemical Weapons Convention that outlawed chemical weapons. This was followed up by a revised proposal in 2015 by the same countries, asking for a UN discussion on how to prevent the use of cyberspace for acts of war.
The proposals were similar to what the world has already achieved in the field of chemical and biological weapons. No major country today develops such weapons, even though such weapons are easy to develop and use. And as the cult Aum Shinrikyo, in its sarin attack in Tokyo subway showed, it can be done in anybody’s backyard.
The US has stonewalled any attempt of demilitarising the cyber space. In the UN, a Group of Governmental Experts set up under the aegis of its Office of Disarmament Affairs, discussed the Russia-China proposals. The US countered the demand of demilitarising or de-weaponising the cyberspace, with a demand for free speech and a completely “open” internet with no restriction by nation states. After five such UN expert bodies were set up over years and their failure to create a consensus, the UN has ceased to be a platform for future discussions on disarming cyberspace.
The Trump administration is now moving ahead its own strategic vision of cyberspace as a contested domain, and the need to “defend forward”, presumably the basis of the decision to plant cyber bombs in the Russian grid.
This is not to argue that the US is the only player that uses or has cyber weapon capability. Once such weapons are available, every country will try and develop offensive and defensive capabilities. Almost every major country is developing these capabilities. Even non-state actors are involved in developing malware. The difference is that if a state actor gets involved in developing cyber weapons, it is almost impossible to defend against such attacks. What countries can do is only limit the attack, reduce damage and work out how to recover.
Why did the US, and it still does, refuse to demilitarise cyberspace? After all, there were the precedents of banning chemical and biological weapons; and also treaties such as demilitarising outer space. We can blame the US administration under Trump of being war mongers, but much of this period was under the Bush and Obama administration. Bruce Schneier, one of the leading security experts in the US, wrote in 2012, “There's a common belief within the U.S. military that cyberweapons treaties are not in our best interest: that we currently have a military advantage in cyberspace that we should not squander.” He went on to say that this was foolish because by its very nature cyber war is asymmetric – it is much easier to attack than to defend, and therefore the US would not only have no major advantage in defending itself from attacks, but is more vulnerable. Its infrastructure – from physical infrastructure to information and financial infrastructure – is far more networked than most other countries.
The danger to the world from cyber weapons has become worse, as the US has failed to protect its cyber weapons and malware developed by National Security Agency (NSA) and the Central Intelligence Agency (CIA). Two cache of tools – and they are two independent set of tools – are now in public domain. Shadow Brokers, a criminal group dumped NSA’s tools online. WikiLeaks posted details of another set of such tools that were created by the CIA, and that have also been hacked. These tools are far more sophisticated than what criminal groups, even sophisticated ones can develop on their own. Now criminal gangs and other state actors have all these tools available for the asking.
After the leak of NSA and CIA's cyber weapons, we should be asking the question whether nation states can really be trusted to develop such weapons? This is what certain leading companies within the industry – Microsoft, Deutsch Telekom and others – had raised in 2017, calling for a new Geneva Convention banning cyberweapons. Brad Smith, the President of Microsoft, and no peacenik or leftist wrote, “Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage...”
The climate in the world, particularly in the US is rapidly turning towards war. With Bolton and Pompeo leading the Trump administration’s charge against Russia, China and Iran, it is clear the US is unwilling to be only one among major global players and reconcile with a multipolar world. It wants to regain its position as the only global power, and a return to a unipolar world. Trump’s worldview of threats and blackmail combines with this war lobby to create a world in which the US is threatening a war on three fronts – a shooting war with Iran, a cyber war with Russia, and a tech-cum-trade war with China.
The problem is not that we have a war-mongering US administration. It is the near silence of the larger global community and the weakness of global forces for peace that is the real cause for worry. We only have a delusional US administration, which seems to live in a post-truth world, teetering on the brink of war with no real opposition.