Cyber warfare or ‘How to win a war without fighting’

Cyber attacks allow those who employ them to keep threat levels low while dealing disproportionate damage

Aftabul Hasan December 09, 2019
Sun Tzu’s first rule in his famous treatise ‘The Art of War’ was to win, if possible, without fighting at all. Since his time, warfare has evolved through many generations – where first generation warfare saw brave generals and their forces fight face to face in pitched battles, second generation warfare ushered in the age of indirect fire and combat between adversaries who could not even see each other. The second generation morphed into the third generation as adversaries attempted to infiltrate each other’s lines to create havoc among their counterparts’ ranks, and it then gave way to fourth generation warfare, which amalgamated war and politics and blurred demarcation between combatants and non-combatants. In the present day, we are witnessing the emergence of the fifth generation of warfare, as battle spaces shift from tangible domains like land, sea and air to media, cyberspace and national institutions. In a way, things are coming full circle to Sun Tzu’s rule of winning without fighting.

With much of each nation’s war fighting capabilities dependent on ever-advancing smart technologies, cyber warfare has emerged at the forefront of fifth generation warfare. Cyber warfare implies the capability of a state to attack an adversaries electronics, network, IT and communication infrastructure to impair its ability to coordinate its actions or even permanently cripple it. It can include everything from cyber espionage to steal state secrets to sabotage activity like cyber-attacks and cyber crimes.
The story of Stuxnet, the world’s first weapon of digital destruction, is perhaps the best example of cyber warfare in action that provides a blueprint for winning without firing a single bullet. The US government allowed its agencies to carry out Operation Olympic Games as non-violent alternative to Israel’s insistence on carrying out air strikes against Iranian nuclear facilities.

Using Stuxnet, US agencies launched a cyber attack on Iran’s Natanz nuclear facility, damaging centrifuges and reducing the country’s ability to make fissile material. Some reports claimed the attack set Iran’s nuclear programme back decades without triggering military conflict. The Israeli alternative would have led to certain war.
Anonymity is perhaps the most potent aspect of using cyber weapons. Whereas even indirect attacks, like launching ballistic missiles, can be traced using traditional defence systems, cyber warfare almost perfectly conceals perpetrators.

On November 4 this year, the Nuclear Power Corporation of India Limited (NPCIL) confirmed that there was a cyber attack on the Kudankulam Nuclear Power Plant (KKNPP) in Tamil Nadu, the country’s biggest nuclear plant. A malware infected the plant’s administrative network and was homing on to a ‘serious target’ within the facility. Fortunately, it was detected and no serious incident took place.

Even so, the malware stole a large amount of data from te KKNPP administrative network and sent it back to its point of origin. In a worst-case scenario, the malware could have caused reactor meltdown and in a densely populated area, could have led to a staggering loss of life.
Till date, the source of the malware is unknown, although some suggest the attack was carried out by the North Korea-based Lazarus group. Other reports suggest the malware simply adopted the Lazarus modus operandi to hide the attacker’s actual identity.

Not all cyber attacks cause damage to infrastructure. Some are used for economic benefit. The ‘Bangladesh Bank Cyber Heist’ was one such brazen attempt to steal almost $1 billion from the Federal Reserve Bank of New York – money which belonged to the Bangladesh Central Bank. Only a spelling error stopped the heist as bankers grew suspicious about a spelling error in the withdrawal request made by the attackers. The Federal Reserve stopped the transaction but not before the attackers transferred $101 million.
Initially, the Bangladesh Bank was unsure about who to blame. Only with assistance from World Informatix Cyber Security, a US-based firm, the ‘footprints’ of the malware and the hackers behind it were traced and a possible link between the government of North Korea and the theft was established.

North Korea has a ‘cyber army’ more than 6,000 personnel strong which is constantly improving its capability to target Western institutions. It is estimated North Korea is generating as much as $1 billion a year from ransomware, digital bank heists and bitcoin exchanges. Hundreds of digital ‘implants’ originating from North Korea were discovered in the ATMs of several Indian banks. Dubbed as ‘DTrack’, the malware could read and store the data of any card inserted into the machine.

US whistleblower Edward Snowden also revealed how the NSA and other American intelligence agencies actively spy on the citizens, governments and institutions of various countries by breaking into smart devices. An online episode dubbed ‘Vault 7’ revealed many of these cyber weapons, such as the ‘Weeping Angel’ which hacks into smart TVs and can turn on cameras and microphones without the user’s knowledge. At the expense of privacy and other basic human rights, such tools allow users to collect all manner of intelligence on any individual.

Turning citizens against their country’s institutions, steering their decisions in elections and creating agitation using social media and fake news is used to impact on country’s politics and state affairs is another emerging aspect of cyber warfare. Claims were made during the 2016 US presidential election that fake news and targeted social media campaigns attempted to influence voters against certain presidential nominees. The reports led to Facebook banning data analytics company Cambridge Analytica from using its platform.
As artificial intelligence (AI) develops further, cyber warfare is becoming even more dangerous. The idea of a botnet or a malware that has its own thinking and decision-making capability is terrifying and has been echoed many times by the leading thinkers of our time. Stephen Hawking once told BBC that
"The development of full artificial intelligence could spell the end of the human race."

Elon Musk, the chief executive of rocket-maker Space X and electric vehicles Tesla, has also voiced fears against using AI as a weapon. Imagine a cyber weapon that decides to launch a global strike on nuclear facilities because it thinks that is the right thing to do! Even so, many governments are actively working on creating cyber weapons that can learn and adapt on their own.

Still, it is easy to dismiss cyber warfare from the lay perspective. After all, is it not better wars be fought online with little actual physical harm than in a more tangible realm? For now, the world is in a state of adjustment as this new domain of warfare takes shape. And while its potency may not be evident immediately, as more and more of our civic systems rely on cyberspace, particularly in developing nations like Pakistan, remaining alert to cyber-threats will become ever more important.

Cyber warfare is also perhaps a new equaliser for nations with limited conventional capabilities when facing militarily superior adversaries. Given their low cost and high degree of plausible deniability, for now cyber attacks present an option that allows those who employ them to keep threat levels low while dealing disproportionate damage that may not be immediately apparent. That said, perhaps it is only a matter of time before cyber warfare too begins to elicit a rather heavy-handed response. In either case, both policymakers and common citizens can ignore this emerging battle space at their own peril.
Aftabul Hasan The writer is a student of conflict studies with a keen interest in military history
The views expressed by the writer and the reader comments do not necassarily reflect the views and policies of the Express Tribune.

Facebook Conversations


Replying to X

Comments are moderated and generally will be posted if they are on-topic and not abusive.

For more information, please see our Comments FAQ