Security

Malware goes to war: Potential tools, uses, and targets of cyberweapons

Researchers look at what it means when cyberweapons have the same status as traditional weapons of war.

Image: iStock/Ilan1974

"We are dropping cyber bombs. We have never done that before."

During a February 28, 2016 interview with NPR, Defense Secretary Ashton B. Carter confirms this statement by Deputy Secretary of Defense Robert O. Work, and states the US is using cyberweapons in the battle against ISIS. The rules by which the Department of Defense (DoD) can operate in cyberspace, create cyberweapons, and use the weapons are outlined in the DoD Law of War Manual (PDF, June 2015 revision).

What constitutes cyberwar in the DoD manual centers on the legal term Jus ad bellum (Chapter 16 Cyber Operations, page 994). Simply put, if cyberweapons are used in an operation and cause an effect similar to more traditional weapons, it is considered a use of force.

SEE: Cyberwar: The smart person's guide

There is currently precious little known (for obvious reasons) about state-sponsored cyberweapons and their deployment. Two researchers at the University of Maryland, Baltimore County — Richard Forno, cybersecurity lecturer and internet researcher, and Anupam Joshi, professor, Department of Computer Science and Electrical Engineering — dug up what was available, and presented it in The Conversation article America is 'dropping cyberbombs' — but how do they work?

"The country's actual cyber capabilities are classified; we, as researchers, are limited by what has been made public," write Forno and Joshi. "However, we can analyze the underlying technologies and look at the global strategic considerations of those seeking to wage cyber warfare. That work allows us to offer ideas about cyberweapons and how they might be used."

What might be considered a cyberweapon?

Cyberweapons are not "bombs" as Deputy Secretary Work suggests. Cyberweapons consist of software and hardware, from off-the-shelf commercial offerings used by security consultants and penetration testers to sophisticated, proprietary systems used by law enforcement, defense, and intelligence communities.

The authors also mention that cyberweapons, to be effective, consist of multiple tools. "Cyberweapons are collections of computer hardware and software, with the knowledge of their potential use against online threats," explain Forno and Joshi. "Although frequently used against internet targets such as websites and forums, these tools can have real-world effects, too."

Stuxnet is considered a cyberweapon; one specifically created to cause real-world effects, which, in this case, means physical damage. The digital malware destroyed Iranian uranium centrifuges by overriding safety systems, causing the equipment to over-speed and demolish itself.

Why use cyberweapons?

Staying clear of political ideology, the authors offer technical reasons why an organization or nation-state would want to use a cyberweapon. "Sometimes, a government entity wants to monitor activity on a particular computer system in hopes of gaining additional intelligence," mention Forno and Joshi. "Other times, the goal is to place a hidden backdoor allowing the agency to take control of a system."

There is a third option that comes into play: destroying the target.

dodcyberstrategy.jpg
Image: DoD/John Kerr
The DoD's cyber strategy website offers the following reasons why cyberweapons might be released:

  • Defend DoD networks, systems, and information
  • Defend the U.S. homeland and U.S. national interests against cyber attacks of significant consequence
  • Provide cyber support to military operational and contingency plans

SEE: US military launches cyberattacks against ISIS targets (ZDNet)

Examples of potential targets

Voice and digital communications, vital in any battle, quickly become targets of opportunity. Forno and Joshi write, "Although not strictly a 'cyber' attack, 'cyberbombing' also might entail the use of decades-old electronic warfare techniques that broadcast electromagnetic energy to (among other things) disrupt an adversary's wireless communications capabilities or computer controls."

Some may not consider old-fashioned jamming "cyber" enough. As an example of an advanced cyberweapon system, the authors refer to how the Israeli military compromised Syrian air defense systems in 2007 by modifying or creating false images on Syrian radar screens.

Final thoughts

With nation states justifying their need (DoD's Law of War Manual) to protect cyberspace or use it to advance a certain agenda, Forno and Joshi offer this conclusion:

"Cyberweapons and the policies governing their use likely will remain shrouded in secrecy. However, the recent public mentions of cyber warfare by national leaders suggest that these capabilities are, and will remain, prominent and evolving ways to support intelligence and military operations when needed."

Whether cyberweapons are bombs or not, it appears the world's nation states now have one more way to make war.

Also see

About Michael Kassner

Information is my field...Writing is my passion...Coupling the two is my mission.

Editor's Picks

Free Newsletters, In your Inbox