Global cyberwarfare is civilization's greatest threat

The depths to which cyberwarfare has grown is one of the most controlled and guarded secrets in most of the major governments around the world. The United States, China, Israel, Russia, England, Japan, Iran, Germany – these are just some of the countries that have been revealed to be researching and participating in “cyberops” over the last few years. It can be assumed that what we know doesn’t even scratch the surface.

A recent revelation that the NSA’s “Perfect Citizen” program is designed to explore both defensive and offensive tactics surrounding energy infrastructure and the cyberattacks that can cripple them gives us an idea about a single direction that global cyberwarfare are heading. They understand that the vulnerabilities are countless. What they don’t tell us directly in the heavily redacted 190-page document that the Electronic Privacy Information Center (EPIC) obtained through the Freedom of Information Act is that their greatest fear isn’t what hackers could do through internet connections but what average US citizens employed at the facilities could inadvertently do to bring a crippling worm into a sensitive computer system.

It’s hard enough to find the culprits. What’s worse is that anyone with a smartphone or a flash drive could help take down a portion of the electric grid, for example, without even knowing what they had done. Iran learned this the hard way when the US and Israel infected the software driving over 1000 centrifuges with Stuxnet.

Herding cats: the impossibility of real safeguards

The biggest problem facing agencies like the NSA, the US military’s Cyber Command, and their counterparts around the world isn’t in understanding how to protect against cyberattacks. It’s that the systems on which nearly everything has been built are antiquated and vulnerable, making it a logistics nightmare to put in the proper safeguards. There are simply too many points of entry available right now for a clever individual to cry havoc and let slip the worms of cyberwar, let alone what organizations or government agencies could do.

In October, President Obama signed a secret document known as Presidential Policy Directive 20. It outlines a the procedures for clearance and gives a guideline for the protocols that can be followed in different situations where the security of both government and private networks are at risk of breach. It covers both defensive and offensive operations; they have the power to not only act within the networks but to also “cut the lines” when a breach is imminent or in progress.

“What it does, really for the first time, is it explicitly talks about how we will use cyber-operations,” a senior administration official said. “Network defense is what you’re doing inside your own networks. . .  Cyber-operations is stuff outside that space, and recognizing that you could be doing that for what might be called defensive purposes.”

If Stuxnet proved anything, it’s that anything is vulnerable. A similar attack could be carried out on the electric grid, water purification plants, air traffic control systems, and any number of high-value targets that have less security and more access points than Iran’s nuclear program. To close all points of entry into critical systems is nearly impossible for small areas such as cities, let alone for entire countries.

The dominoes of chaos

For better or for worse, the world is plugged in. The people in most developed nations have become reliant on certain levels of infrastructure. For example, when hurricane Sandy pummeled the east coast and caused widespread power outages, it took efforts from across the country and around the world to maintain order and assure that the long term toll was minimized.

Imagine what a sustained power outage across several states would do.

Sandy was anticipated. We saw it coming days before it hit. With a cyberattack, infrastructure can be crippled instantly. The one thing that keeps outages caused by known natural events from escalating to chaos is preparation of some sort by most who will be affected. Imagine if an area is hit and nobody saw it coming. Imagine if the hit is so severe that restoring the infrastructure component isn’t a matter of days or even weeks, but months. These are all very real potential scenarios.

In such an circumstance, the dominoes of chaos would likely kick in. As people in the affected area start to realize that their situation is not going to improve, they will resort to measures of self-preservation. They may leave and cause a swelling of need in unaffected areas. They may stay and either participate in or become the victim of crimes that spawn from perceived needs.

Fear would take hold in the unaffected areas. What if they were next?

In The Dark Knight, the Joker said something that could possibly ring true if a major cyberattack was enacted on a large area in a developed country. “They’re only as good as the world allows them to be. I’ll show you; when the chips are down these uh, these civilized people; they’ll eat each other.”

More than the threat of nuclear attacks during the height of the cold war, more than an outbreak of a deadly super virus, more than meteor strikes or alien invasions or biological attacks, cyberwarfare looms as the single greatest threat to the current state of civilization. Technology has helped us to overcome many of the challenges that our forefathers faced, but it has also made us vulnerable to man-made disasters in the various grids that support our lives.