Total Pageviews

Saturday, 8 July 2017

When will a cyber war become an act of war?

On 6 July 2017, Bloomberg and the NY Times report that "Since May [2017], hackers have been penetrating the computer networks of companies that operate nuclear power stations and other energy facilities, as well as manufacturing plants in the United States and other countries."

NYT: "[The] urgent joint report issued by the Department of Homeland Security and the Federal Bureau of Investigation [] did not indicate whether the cyberattacks were an attempt at espionage — such as stealing industrial secrets — or part of a plan to cause destruction. There is no indication that hackers were able to jump from their victims’ computers into the control systems of the facilities, nor is it clear how many facilities were breached."

Actually, I am glad that the Dutch Interior Ministry cancelled its project to build an online database carrying all information about all Dutchmen. On 5 July 2017, the responsible Minister claimed the project was "not feasible" (VK). A remarkable conclusion after 15 years. I suspect however that the current sophisticated level of cyber attacks made this project too vulnerable. 

History should have taught us by now that the combination of viruses and interconnectedness is a lethal one. One of the most devastating pandemics was the Black Death, killing over 75 to 200 million people in Asia and Europe from 1346-1353, possibly 25% of the world population. Computer systems and computer viruses mirror human population and infectious viruses.

Interconnectedness is a natural concept (eg, ecosystem). The Technological Revolution of 1800-2100 enabled humans to mirror interconnectedness into human systems. These systems are primarily rooted in efficiency and effectiveness to boost overall system performance. Removing internal safety and security measures, should however be compensated by external ones (eg, access control, (dual) authentication, user profiles, front and back end computing). 

Unfortunately, safety and security often conflict with efficiency and effectiveness. Severe accidents must happen before Enterprise Risk Management is fully understood throughout an organisation. Since several years, biometrics authentication (eg, finger, iris) is being used to combine all 4 aspects. Also see my 2015 blog on cloud computing and hacking.

The current response to cyber attacks is countering the attack and repairing the damage. Given the ageing of computer legacy systems, prevention is not always a feasible option. The increase in cyber attacks (eg, damage, disruption, targets, volume), raises the question when a cyber attack will constitute the world's first casus belli - or act of war.

In a recent GeoPolitical Futures' article, George Friedman separates (few) systemic from (many) political wars. The 21st century has brought a 3rd type of war: cyber wars. Its actors may come from anywhere, its mastermind may only be suspected and never be legally proven.

Allegedly, the USA has developed "implants" or "digital bombs" that can destroy parts of an entire economy (eg, my 2015 blogRob de Wijk in Trouw, USA Today, WP). Using these "implants" or "digital bombs" would certainly constitute an act of war.

Two Tribes (1984) - 2014 Video Destructo Mix - by Frankie Goes to Hollywood