In Canada, the threat of cyber warfare is just as real. In 2013, the Canadian Cyber Incident Response Center reported that Canada saw a 25 per cent increase in malware hosting websites in the first quarter of that year alone.
Rafal Rohozinski, principal of the Canadian intelligence and technology company SecDev Group says, “Your life has become digitized in ways that it never has before.”
He’s right. Our bank accounts, military, even streetlights rely on cyberspace. “With reliance come vulnerability,” explains Rohozinski.
The potential for damage only increases as we become more and more plugged-in. How long would Canadians have supported the war effort in Afghanistan if the Taliban had shut-off the heat during the winter and the AC in the summer?
Cyber warfare is here to stay, and yet few of us even know for sure what it is. It seems intuitive enough, but consider this: has anyone declared a cyber war on anything, ever? We’ve all heard about computers in Texas being used to control drones in the skies of Pakistan, but that smacks of the same kinetic warfare that we’ve seen before. Just put the jet pilot in front of a computer and the difference is negligible.
LET’S CLEAR THE AIR
Cyber warfare is not the use of computers to support traditional military action. Cyber war is the use of computers as both weapons and targets in and of themselves, for the purpose of dominating and subduing an opponent in the same way as any other form or war. The sole difference is that, instead of fighting to achieve tactical domination in the sky, land, sea, or space, we fight for control of cyberspace; that ethereal realm that links and pervades every other strategic domain.
“What we’re seeing, essentially, is another dimension of the potential battlefield,” says Jez Littlewood, an associate professor at the Norman Paterson School of International Affairs. In the same way that saboteurs might plant bombs to blow up a critical bridge, well-placed logic bombs in the nation’s power grid and communication hubs can make resisting a kinetic attack nearly impossible.
While we may not have seen that scenario play out fully in the new world of cyber warfare, we have seen the groundwork laid. In 2009, for instance, U.S. intelligence agencies detected cyber penetrations and software programs left behind in the U.S. power grid, which were later credited to China and Russia.
In 1982, Soviet spies stole a computer system from a Canadian company. What the Soviets didn’t know was that the CIA had planted a logic bomb inside the system, and allowed the Soviets to steal it. Once the Soviets installed the system into one of their Siberian oil pipelines, the logic bomb was then activated, causing the stolen system to malfunction, and blowing up the oil pipeline in a huge and fiery explosion.
Seems farfetched? It shouldn’t. In a world populated by an ever-growing number of nuclear weapons, cyber war is the name of the game, and whoever doesn’t play loses by default.
No example illustrates this better than Stuxnet. In 2010, the now well-known Kaspersky Lab — a Russia cyber security company — discovered the Stuxnet computer worm. It is credited with causing a fifth of Iranian centrifuges to malfunction. As expected, the authors of the worm have not taken credit for their work. However, given the complexity of the cyber weapon itself, most turn to the United States and Israel as probable culprits.
This event revolutionized warfare in the 21st century. “Stuxnet was clearly, purposefully designed for a specific task, as opposed to more general disruption activities,” says Littlewood.
Amidst Israeli threats to bomb targets in Iran from the air, the feasibility of using of cyber weapons to achieve traditional military objectives is no longer in question — it is a fact. No casualties, and no expensive military hardware is required. Used on a mass scale, cyber weapons have the potential to bring an adversary to their knees without knowing with certainty what, or who, hit them.
Chinese philosopher Sun Tzu said that the height of victory in war is overcoming the enemy without fighting. If there was ever a candidate to fill that role, cyber warfare would be it.
Effective, cheap, anonymous and relatively easy, cyber warfare is quickly becoming the number one tool for serious 21st century militaries. According to Rohozinski, 10 to 15 years ago Canada and its closest Anglo-Saxon allies enjoyed a significant advantage in cyberspace, but that advantage is quickly disappearing.
Why should a weaker military engage in combat with a superior defence force when it could remove the defender’s ability to defend at all? From the satellites that channel communications to computers operating radar systems, once you possess the means of acquiring and manipulating your enemy’s information, the size of the opposing army becomes a less important point.
Richard Clarke’s book, Cyber War (2010) details cyber-sabotage efforts prior to the American-led invasion of Iraq in 2003. The Americans began by compromising the closed military network of the Iraqi Defense Ministry. In addition to limiting Iraqi communication capacity, e-mails composed by the Americans were sent across the system instructing Iraqi personnel to leave tank units arranged outside their bases, and to walk away. Many units did so, and when the air campaign began, American air power had little difficulty dealing with Iraqi armour.
But how does Canada stack up in cyberspace? And why would the modern militaries of the 21st century turn their cyber weapons on us? The truth is there is a lot more behind Canada’s peacekeeping persona than meets the eye.
In June 2012, Edward Snowden — formerly an employee of both the CIA and NSA — released documents which included a power point presentation made for, and by, our very own CSEC (Communications Security Establishment Canada). Classified as Top Secret, the slides elaborate on the tool used by CSEC to hack into the Brazilian Ministry of Mines and Energy. Titled “Advanced Network Tradecraft,” the presentation details the tool called “Olympia” which would help map out the Brazilian computer and phone network.
According to the slides, CSEC intended to work with the NSA’s Tailored Access Operations (TAO) unit to ultimately monitor all communications sent out by the Ministry of Mining and Energy. Once inside the Brazilian communications network, it goes without saying that the potential for causing more damage simply increases. In 2013, Brazil was the sixth-largest source of foreign direct investment (FDI) in Canada at $18.3 billion.
What could motivate Canada to risk its relationship with Brazil? Officials have not said, but it might have something to do with the $20 billion in Canadian exports and investments directed at that country, and the needs of corporate Canada.
This is the nature of the world today. Behind the professions of economic, political, and military partnership, a silent and secret war is being waged with cyber weapons as the chief tools. China, in particular, has articulated this point well, relying on cyber war as an equalizer to balance against the power asymmetries of the United States and any other militarily superior forces.
In a book titled Unrestricted Warfare (1999), two senior PLA colonels articulate a strategy of “war beyond-limits,” which means using every tool at the disposal of the nation in the conduct of war. Every aspect of statecraft, the book argues, is ultimately a means to achieve domination. They argue that buying news outlets in the enemy nation to spread propaganda, sowing turmoil in the enemy’s economy, and of course, cyber war are prime methods through which a weaker state can overpower a stronger one.
By achieving information dominance through the use of cyber tools, a weaker state can paralyze a modern fighting force by manipulating the society around them.
For all the hype, however, we have been here before. The evolution of war has always hinged on technological innovation. Consider the way that tank developments in World War I preceded an understanding of sophisticated strategy around a full armored division, or how nuclear weapons changed strategic thought.
“We are probably in that same time frame of evolution ourselves in the cyber domain at this point in time,” says Littlewood. The fact that cyber war remains cloaked in secrecy and denial, paired with the relative lack of experience in its use, has made cyber war one of the least understood or studied military capability.
Until now, spies primarily used cyber war techniques to gather information. As the role of intelligence services shifts towards covert action and, in some cases, even replaces military strikes, it falls on the military to adapt to the new threat environment.
How well is the Canadian military adapting to the new cyber battlefield? That is a question for part two of this saga on cyber war.