US Charges Russia With Cyber Attacks At Power Plants (Impacts, Attribution, “Digital Geneva Convention”)

954

In response to reports that the U.S. blames Russia for cyber attacks on energy grid , Nick Bilogorskiy, a Cybersecurity Expert at Juniper Networks commented below on attack attribution, potential impacts of such attacks, and considerations for a “Digital Geneva Convention.”

Nick Bilogorskiy, Cybersecurity Strategist at Juniper Networks:

Considering a Digital Geneva Convention:

“I think the world needs a set of rules similar to the Geneva Convention to establish the standards of law for humanitarian treatment in cyberwar. It needs to define the protections of non-combatants in and around the cyber-war zone. Certain technologies or attack scenarios should be restricted, for example DDOS-ing life-support systems. Another example could be causing civilian plane crashes through custom malware or causing explosions in industrial plants.

“In cyberwar, the primary target is information on computer systems. What we need is a new form of the fourth Geneva convention, the one that deals with the treatment of civilians and their protection during wartime. The big challenge here is to understand how to do that in the new reality of non-linear warfare. The nature of armed conflicts changed dramatically, towards hybrid warfare with some cyber and information manipulation components. For example, in Ukraine, Russia has been accused of combining military and nonmilitary means from ‘bribery of opposing public officials’ to ‘long-range artillery, microwaves, radiation, and non-lethal biological weapons.’

“The computer revolution in military affairs has impacted tactics and weapons. Terrorist and criminal groups now have abilities that used to be reserved by nation states. Cyber attacks have been used in a broader strategy of information warfare. Some examples are denial of service attacks, hacker attacks, espionage malware, dissemination of disinformation and propaganda, social media election manipulation, website or twitter defacements, persecution of cyber-dissidents and other active measures.

“Interfering with communication system computers is a part of standard military tactics. But hacking attacks that cause a direct loss of life should be considered war crimes.

“Moreover, as internet connectivity is quickly becoming a basic human right and a critical need, we could declare certain people who do humanitarian work, or who repair and configure internet connectivity as “protected persons”, in the context of cyberwarfare, where violating the protection of “protected persons” would be a war crime.

“Crafting Digital Geneva Conventions should be done by international coalition. Cybersecurity experts from private sector and the governments should work together on drafting it. Then governments of different countries would need to ratify the conventions.”

Impacts re critical infrastructure attacks:

“In the modern world, cyberwarfare can be used by a foreign entity to launch a devastating attack against the United States without a single bomb, or missile.

“Nuclear power plants, water and electric systems are the heart and internal organs of our country’s body. While they were rumored to be attacked in the past, such as  in  the “Nuclear17” incident, such cases were kept mostly out of the news on need-to-know basis.

“It is now being announced that Russian hackers penetrated US plants and yesterday, the Russian government was sanctioned for doing so. We should be very concerned about these attacks. For one, they could cause prolonged electrical outages and blackouts as our electrical grid infrastructure lacks sufficient redundancy to sustain these attacks. In the worst case scenario, cyberattacks on nuclear plants could cause them to explode and cost human lives.

“A recent example of this is the August 2017 cyberattack on Schneider’s Triconex controllers at Saudi Arabia’s plants, which was intended to cause an explosion that would have killed people and was only prevented by an error in the attack’s computer code.”

Attribution of attacks:

“Generally, cyber attacks are notoriously difficult to attribute because they often use proxies, third parties and fake artifacts in malware code to obfuscate their true origin. It is easier to understand who attacked you than it is to be able to prove it. So, officials have been reluctant in the past to call out such activity. In this case, the Department of Homeland Security and the FBI publicly condemned Russian government cyber actors, which to me means that they found significant evidence of Russian involvement.

“It is not publicly shared what this evidence is. At times in the past, the US has learned about foreign spying through something the intelligence community calls fourth-party collection – when our allies penetrate the attackers and “watch over their shoulder” as the attacks are performed and gather evidence of the attacks which they share with the US.”