Security Experts:

Shall We Play a Game?

With Increasingly Automated and Connected Infrastructure, the Ability for an Enemy to Target These Systems Digitally Has Increased

I’ve been driving critical infrastructure cyber security for over a decade now, and I rarely frame the risks in terms of cyber warfare, cyber terror, and similar terms. That’s because, as a technologist, I tend to focus on the Critical System Infrastructure (industrial networks, process control, etc.) rather than the Critical National Infrastructure (industries and services such as energy, agriculture, and transportation) that these system support. To me, “cyber war” always seemed something rooted in cold-war era Hollywood movies, where “the only winning move is not to play.”

However, in light of recent research on online organized cyber-crime, I’m starting to shift my attention away from process control exploits towards broader political and economical issues. This new perspective highlights the architectural needs, to be certain, but it also illuminates the true scope of the issue. 

Wargames: Shall We Play a Game?Brian Contos, VP and Chief Information Security Officer within Blue Coat’s Advanced Threat Protection Group, addressed these issues with eloquence at the 8th annual American Petroleum Institute Cyber Security conference several weeks ago, and I’ve been mulling over it ever since.

As Contos put it, “There was once a time, not that long ago, when even the term ‘information warfare’ was highly contested. Does it exist – yes, no, maybe so? The reality is, according to the FBI, over 100 countries possess the ability to conduct information warfare and, according to Gartner, a major G20 nation will suffer a significant attack in the short term. Espionage and sabotage are two primary examples of how nations can mount a successful, inexpensive, and damaging attack.”

Again, I’m a technologist, and so I’m guilty of too-often looking forward, straining to see what the next new thing might be. However, Contos got me thinking the other way around.  What we struggle to understand today is often a lesson that has already been taught—sometimes blatantly—in the annals history. Take the subject of cyberwar: to some it’s contemporary, to many it’s still science fiction, but in reality it’s history.

Contos points out that the Internet as we know it began in around 1988, and in that very same year the first computer worm, Morse, was unleashed. The digital landscape ushered in an era of immediacy, where threats emerge and evolve in real-time.  The Internet has evolved since then, as malware. Has evolved with it.  Morse led to Code Red.  Code Red was surpassed by Slammer, which spread quickly and pervasively. Slammer still poses a threat today, but it pales in comparison to new generations of malware such as Stuxnet, Flame, Shamoon and other recent threats—all of which use relatively large amounts of code to provide adaptive and mutating threats.

Skeptics will say that the existence of a military-grade malware, on its own, isn’t proof of a war. Again, history can enlighten us. “Hacking” existed from the introduction of the first computers, and was weaponized when used to intercept or manipulate enemy communications, beginning as far back as WWI. In WWII, cypher combat was pivotal.  In the cold war, the worlds of espionage and hacking converged to the detriment of a Soviet pipeline in 1982, allegedly destroyed by a CIA logic bomb. Physically destroyed. So while the existence of military-grade malware doesn’t prove cyberwar per se, but it does prove that we are getting better at it every day.

The point of these history lessons? Contos, in his typically entertaining manner, described the convergence of the Cyber threat and the Kinetic threat. The kinetic threat hasn’t changed much—we are all still bound by the laws of physics, and conventional weapons and conventional warfare use those laws to explosive effect—but the cyber threat has changed considerably. Everything from our personal relationships, state and national economies, and global critical infrastructures have become digitized and connected. We’ve already seen preliminary cyber strikes take out an enemy’s detection capability, making physical attacks more successful. We’ve also seen cyber attacks take out enemy response capability by destroying power, transportation and communications systems, maximizing the impact of an attack while minimizing the threat of resistance. Coordinated attacks using both methods have now been seen across the globe.

Is critical infrastructure a target of cyber?  Enemy infrastructure is and always has been an important military target. The difference is that with increasingly automated and connected infrastructure, the ability for an enemy to target these systems digitally has increased, putting these systems at greater risk. It’s something that exists today. Now. It is real. It’s not speculation, it’s history.   This isn’t an industry or sector-specific problem, or even a national one—it is a global issue, spanning technological and sociopolitical boundaries alike.  Let’s hope that when future generations write our history, it doesn’t read like a horror novel

view counter
Eric D. Knapp (@ericdknapp) is a recognized expert in industrial control systems cyber security, and continues to drive the adoption of new security technology in order to promote safer and more reliable automation infrastructures. Eric is currently the Director of Cyber Security Solutions and Technology for Honeywell, and is the Chief Technical Advisor, North America for the Industrial Cybersecurity Center. He is also the author of “Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA and Other Industrial Control Systems.” His new book, “Applied Cyber Security for Smart Grids” was co-authored with Raj Samani, McAfee CTO EMEA. The opinions expressed here represent Eric's own and are not those of his employer.