Lately there has been a discussion about the possible dimensions of what some like to call Cyberwar.
Apart from the obvious connection to computer security of any brand the topic does have a political angle that only a few writers have explored so far.
Oxblood Ruffin, member of the hacker/hacktivist collective Cult of the Dead Cow, is one of those who did. His musings on the topic are summed up in this piece he wrote for the Forbes India Magazine.
While I agree with most of his conclusions I also can’t but point out a facet of the Cold War that this „Cold Infowar“ may also have and which Oxblood IMHO seems to have neglected in his analysis.
I fully subscribe to his statement that it would be suicide for China and the US to go head to head with all out cyberwar, just like a direct conflagration between the US and the USSR during the Cold War, but the following scenario is also well feasible.
Cyberwar by Proxy
The world is interconnected by much more than just the fiberoptics conduits that transport bits and bytes. Our industries increasingly rely on raw materials that only low-income countries in the Third World can provide at competetive cost.
During the Cold War between the eastern and western blocs both sides incited wars, mainly in Africa, whose main target was to interrupt the flow of certain materials to the other side’s industries, or to gain all out control of the deposites in certain parts of the continent.
In those days one needed armies for the job. Today a motivated band of hackers can wreak the same damage to the supply chain that previously required a violent conflict.
China is aggresively moving into those African countries with supplies of rare earths and other minerals that are important to its booming computer industry. Most of the shipments go through only a handful of ports, mainly in equatorial Africa to both sides of the Congo basin.
Mining, railroads and port operations are huge consumers of power. Power that in equatorial Africa comes mainly from hydro-electric installations, which in turn are controlled via SCADA systems.
Stefan Langner, a security expert specialising in Programmable Logic Controllers (PLC) once said when discussing Stuxnet, "If you can’t get at the reactor, just go after the other big thingy with much less independent safety – the turbine."
Tests have shown that a 350 Megawatt water turbine will disintegrate with the power of a small tactical nuke when incorrectly disconnected from the drive-train to the generator under high loads.
A modern 1 Gigawatt turbine will create a crater that’s visible from Earth orbit.
In order to send a message to your opposing superpower you only need a corrupt technician with a USB stick plus a bogus website of some equally bogus regional "Freedom Fighters" who claim responsibility after the incident that will most probably cripple an entire nation’s power supply and subsequently take all neighbouring mining out of business for months if not years.
Some dams serve more than one country and there isn’t a single country in Africa that doesn’t crawl with self-proclaimed "Freedom Fighters" of one denomination or the other. A fact that offers a clever handler even more ways for obfuscating the true origin of the attack.
The Glowing Path
Latin America is teaming with obscure Maoist groups with funny names like "Sendero Luminoso" (The Glowing Path), who are only too willing to do Peking’s bidding in return for continued financial support.
Many of the leaders are highly educated and trained people who are quite capable of executing a devastating cyberattack using weaponized exploits supplied by state-sponsored hackers.
They are also prepared to be disowned by their puppet masters if any hint of a connection should be unearthed.
The damage those people could do is only limited by their handler’s imagination.
Imagine catastrophic failures at 2 or 3 major refineries during Driving Season in the US.
Nobody need ever be any wiser because all refinery operators in the US have repeatedly proven that they are quite capable of blowing up their own operations, thanks to shoddy maintenance and a rampant culture of disregard for safety standards.
Who would ever know if that crucial valve failed to close because the PLC governing it had been stuxxed by the friendly Latino engineer the company had hired to make up for the lack of skilled labour in the area? And who would make the connection between that charming Peruvian green-carder and China?
Even a large scale attack on the electrical grid or the water supplies could be pulled off without major international repercussions because, given the American utilities’ derelict infrastructure, it might take years to find the true point of failure.
The Bottom Line
With a sufficiently large reservoir of zealot idiots, who are prepared to be disowned by their masters, you can pull off anything and get away with it.
The world’s superpowers orchestrated proxy wars before when it served their strategies. Why not do it in cyberspace too?
Finally, we should not forget that the biggest players in the energy and raw materials sectors have the financial power of nation states and have proven before that they are quite willing to use their money to incite regional conflicts in order to cripple their competition. Many African "tribal conflicts" were only possible because Big Mining bankrolled them.
So called Cyberwar is only a new arena, but the gladiators remain the same and I fear that they haven’t learned the historical lesson and may fall back on their old dirty tricks.
And don’t forget that Ling Chi aka The Death of a Thousand Cuts is a Chinese invention.