In the week following the downing of a US drone in June, the United States Cyber Command, acting on what Trump administration officials described as a previously crafted contingency plan to physical strikes, launched cyberattacks against Iran's missile systems and a group adjacent to the Iranian Revolutionary Guard. Cyber-espionage intrusions into national utilities and industries have taken on a more normalized role for the military forces of the world’s leading powers. Technical and practical concerns are compounding in the current political climate to push the tactic further toward enabling a major military provocation.
A detailed report on the effect of the recent cyberattack has not been released by US Cyber Command. One of the most difficult aspects for cybersecurity professionals analyzing the implications of digital espionage is the ease of obfuscating the impacts of any given incursion. The Department of Homeland Security has warned US industries to be vigilant for potential retaliatory attacks in response to the cyberattack, but no major disruptions have yet been observed. The government has also warned US businesses to be aware of a standard Iranian cyber warfare tactic: purging data directly from computer systems after infiltration via phishing emails. The goal is damage and disruption rather than theft.
As observed with the success of North Korean cyberattacks, digital expenditures offer a much faster leveling of the playing field for militarily weaker nations. Targeting the commercial sectors of any country generally involves attacking a collection of assets that are much more vulnerable than military operations due to cost-saving practices in security for the private sector. With long term planning, a developed cybercommand in any country could cause major economic disruption if not damage to or suspension of basic utilities.
While cyberattacks resulting in civilian casualties are almost unheard of aside from isolated strikes, such as the targeting of Palestinian hackers by the Israeli Defense Forces during hostilities in May of 2019, a new era of constant threat and flirtation with electoral and civil disruption is dawning. Cyberattacks by state actors are often interpreted largely by other state actors after the fact. Attacks meant to instill caution or signal digital capability can easily be misinterpreted as attempts to impair national sovereignty or soften a target for conventional attack. Generally speaking, industries continue after expensive recovery from attacks. Real damage is at stake however, and cyber warfare is not as precise as it can seem.
Forensic investigation can be of great help in establishing the culprit of any given cyberattack but there are no clear indicators of fault. Detective work uncovering the guilty party of a given incursion takes time, something that is in shorter and shorter supply the more aggressively an attack unfolds and the higher its damage toll climbs. Cyberattacks are relatively precise and often executed after great research and planning but cascading failures in systems and compounding outages can escalate the consequences of an attack far outside of the intended targets. The apparent precision, safety and return on investment of cyber warfare have rewarded countries that invest a great deal in such offensive capabilities.
Caution is needed. The more developed and useful offensive systems are, the more tempting they are to use in an era with distressingly little precedent on appropriate retaliation. Many major governments openly practice cyber warfare but very little resembling a framework such as the Geneva Convention has been assembled for cyberattacks. More and more power has been given to military commands whose objectives are purely tactical. The international community has no precedent for how far is too far when power grids eventually begin going offline or election results become widely viewed as untrustworthy. The tactical pressure to respond has been established and the capability has been constructed. Cyber warfare is an accepted military investment in autocratically inclined countries where the need to appear strong in retaliation for attacks may incentivize escalation.
Cyber warfare has been pushed into a vital position in the arsenal of modern states because of its constant usability and effectiveness. That effectiveness has been achieved partly due to the ease of hiding the effects of any given operation. Cyber espionage is not the deployment of spies or satellite surveillance but rather an offensive capability that can and eventually will be used to hamper the delivery of vital systems or destroy the faith of citizens in their government. The tactical destruction and wanton cruelty of poison gas and bacterial warfare lead to mutual agreements to limit their use. The deployment of chemical weapons against civilians in Syria created a global outcry. When Russia tested its national cyber capabilities by crashing power grids in Ukraine in the winter of 2015, no such international outcry was raised. This precedent is one of the most toxic taking shape in contemporary military tactics.
Direct casualties have yet to result from a cyberattack. At present, the willingness of military commanders to initiate attacks against hospitals or attacks that appear to target major military or nuclear capabilities seems limited. With no doctrine to decide blame or provide measurement metrics to the international community cyber warfare will be normalized without control. When casualties do result, the pressure to respond in kind will be incredible and it must be constrained before it becomes a potential trigger for wider conflict. Disabling the missile systems of an adversary is preferable to casualties from an air strike, but the methodology is not one that should go unchallenged.