The digital age has truly transformed all aspects of human life, including the way nations commit espionage and wage war. In our Data Breach Industry Forecast for 2017, we predicted that the nation-state digital espionage already affecting so many consumers and businesses would evolve into active conflict and possibly war between countries. Current events are bearing out many of our predictions, including:
- Cyberattacks will evolve from information-gathering tools to be wielded as offensive weapons in conflicts between nations.
- Cyberattacks will take aim at critical infrastructure, potentially affecting millions of innocent people worldwide.
- With no clear international consensus for rules of engagement in cyberspace, attacks will increase and escalate.
- The U.S. will engage in and disclose at least one major offensive cyber operation against a terrorist organization like ISIS, or in retaliation for an attack by another nation-state.
Point by point, here is the current state of cyberattacks and digital warfare:
Espionage to offense
Although cyberattacks haven’t yet escalated to the level of outright war between nations, the appointment of a special investigator to look into possible Russian influence in the presidential election is evidence cyber espionage is moving to a new level. Reports of Russian involvement in the election process illustrate the potential cyberattacks have to become powerful political and offensive weapons.
Attacks on critical infrastructure
The massive WannaCry ransomware attack that affected systems and networks in 150 countries interfered with Britain’s National Health Service, causing hospitals and emergency rooms to turn away patients and doctor’s offices to shut down. While health care is a critical component of any nation’s overall well-being, infrastructure threats are likely to further escalate this year.
In December 2016, Reuters reported the Ukrainian government is investigating whether a cyberattack was to blame for the unexpected shutdown of a power station that left the northern part of the capital city Kiev without electricity for days. That type of cyberattack against America’s power grid could have devastating effects, and cybersecurity and infrastructure experts alike agree the risk is significant.
Rules of engagement
While numerous reports indicate some world leaders have begun to think about rules of engagement for cyberwarfare, as of mid-2017, no solid rules have been proposed, reviewed or approved among world leaders. Some organizations and governments appear to be working on crafting standards, but perpetrators of cyberwarfare aren’t waiting for rules to be announced. Attacks are already in full swing, affecting millions of people around the world.
The Washington Post and NPR have both reported on a U.S. initiative to use cyberwarfare to thwart the North Korean nuclear program. According to published reports, the U.S. has been developing technology that would allow us to prevent the launch of a North Korean nuclear warhead or divert an already launched missile by hacking into its guidance system.
As nations increasingly engage in cyberwarfare, businesses will inevitably be drawn into the conflict. In order to minimize their chances of becoming collateral damage in a cyberwar between countries, businesses should be vigilant about protecting their own systems, and prepare to respond and recover if and when a cyberconflict affects them.