By Charles Miller
Since Russia invaded Ukraine in late February, I have received many emails from readers worried about the unrest in the world that could lead to war and asking me to address the subject of what to do in the event of a cyberwar. To say that this is way outside my area of expertise is an understatement, but here goes.
The world we live in is incredibly interconnected, with everything from our electrical grids, water systems, communications, banking, transportation, manufacturing, supply chain, and much more all connected by internet-based communications. All of this could be a target in the event of war, and all of this could be unintended collateral damage because of any hostilities.
When it comes to cyber warfare, I personally hope that the “uh-oh” factor will serve as a deterrent to both sides. The “uh-oh” factor is when a designer or engineer says, “Uh-oh, I didn’t know THAT was going to happen.”
Taking a lesson from the last time the whole world went to war, the U.S. Navy’s experience with its Mark 14 torpedo is an interesting case study. Starting in 1931, the Bureau of Ordnance developed a sophisticated design incorporating magnetic proximity detonator and guidance controlled by an analog computer. Thousands of the new design were manufactured, but, incredibly, the Navy never tested the design in live-fire exercises. The reasons for that were mostly budgetary; it was during the Great Depression. In any case, the Navy went into WWII with a new weapon that had never been tested. As soon as the war started and the torpedoes were used, only then were many problems discovered. One of the more serious issues for the submariners was that if the guidance computer malfunctioned, the torpedo could circle around and target the submarine that had launched it. “Uh-oh.”
Today’s cyber warfare experts must be acutely aware that this kind of thing could happen to them. There is no way to test a massive cyberattack to know conclusively what the result will be. Cyberattacks frequently work by exploiting previously unknown vulnerabilities in software. Once a cyberattack exploiting a weakness is launched, that vulnerability is no longer unknown and can be quickly patched, making it useless for a second attack. Software makers are constantly discovering and patching holes in the security of their products. In other words, cyber warfare weapons often can be used only once and therefore realistically cannot be tested.
Some news out of Ukraine that gives me hope is that Russia has not shut down the internet or done great damage to the telecommunications infrastructure there. There was a lot of such damage done when Russia invaded Crimea in 2014, and that took years to repair. This time the cellular and internet networks in Ukraine remain largely functional, and that could be because the Russians realize they also need to use those resources. So, I remain hopeful and cautiously optimistic that a cyberwar will not happen.
Charles Miller is a freelance computer consultant, a frequent visitor to San Miguel since 1981, and now practically a full-time resident. He may be contacted at 415 101 8528 or email FAQ8@SMAguru.com.