Johannesburg, 20 Nov 2013
In early September 2013, the Carmel Tunnels toll road, which is in the northern Israeli city of Haifa and is a major artery in Israel's national road network, was shut down for two successive days. This shutdown was not only highly disruptive in terms of creating traffic congestion and frustratingly long delays - on the second day it occurred during morning rush hour and lasted for eight hours - but it also caused hundreds of thousands of dollars in damages.
While Carmelton, the company that oversees the toll road, blamed the incident on a "communications glitch", an anonymous source later revealed the shutdown and subsequent lockdown of the road was caused by a malicious computer attack, and that this Trojan horse was responsible for knocking out key operations and for bringing down the security camera system inside the Carmel Tunnels toll road on 8 September.
"This is a good example of how cyber attacks are already being used to cause havoc beyond emptying out our bank accounts and spreading viruses that steal information and disable our computer networks," says Richard Firth, serial entrepreneur and CEO of MIP Holdings. "There are some people who still feel that the risks of cyber warfare are wildly exaggerated, but this incident in Israel clearly demonstrates that the threat is real and rapidly escalating."
Firth says it is because these days, anyone with a computer, an Internet connection and decent hacking skills can launch a cyber attack that can cause widespread damage, disruption and even loss of life in the real world. "Much of the world's infrastructure - from traffic light signals to electricity grids - is already being controlled via Supervisory Control and Data Acquisition (Scada) systems. So you can imagine the catastrophic consequences if someone with malicious intent were able to access those and manipulate it according to their own free will."
In fact, using technology to disrupt traffic is nothing new. Back in 2005 already, the US reportedly already outlawed the unauthorised use of traffic override devices - like those installed in many police cars and ambulances - after unscrupulous drivers began using it to turn traffic lights from red to green.
"It is evident that the arms race of the present and the future is technology," Firth says. "The Syrian Electronic Army (SEA) is a group of hackers - suspected to consist mainly of nine college students living in Syria - who support the regime of Syrian President Bashar al-Assad. By employing distributed denial of service (DDOS) attacks in which a Web site is bombarded with so many page views that the servers are overwhelmed and the site thus knocked offline, as well as phishing, in which official-looking e-mails and Web sites are created with the goal of luring people to click on rogue links and divulge their personal login information to fraudsters, the group has been responsible for hacking a number of government and well-known media Web sites, including the New York Times and The Washington Post, in response to reports or editorials the group deemed anti-Assad. The most recent government that saw several of its Web sites fall prey to SEA's hack attacks is Qatar."
He adds the US government has been not only cognisant of the threat posed by cyber terrorists, but has dabbled itself in using the Internet in strategic cyber combat simulations. "In 'Currency Wars: The Making of the Next Global Crisis', the author, James Rickards, mentions that as far back as 2009, the Pentagon engaged in war games using only the Internet to disrupt currencies and capital markets."
That the situation will soon go beyond hacking, cyber crime, industrial espionage and identity theft is even the opinion of former CIA director Leon Panetta. During a speech at the McAfee Focus 2013 conference in August, he noted that 90% of the US's critical infrastructure is in the hands of the private sector, and that the possibility of a cyber-Pearl Harbour type of event therefore wiping out huge swaths of it and virtually paralysing America is incredibly high. Panetta was urging US Congress to pass a law that would indemnify companies that share information with the US government and protect them from being sued by their customers. He also suggested that, to further reduce the risk of cyber warfare, countries should sign a bilateral cyber warfare agreement similar to today's non-nuclear proliferation treaties.
"After all, cyber warfare has already proven that it can affect and even compromise the military system of a country too. In 2010, Stuxnet, the malware digital attack which was deployed to disrupt Iran's Natanz nuclear enrichment facilities, managed to temporarily put 1 000 of the 5 000 uranium enrichment centrifuges that Iran was using to create nuclear weapons, out of commission," Firth says. "It is estimated that Stuxnet may have pushed back Iran's nuclear ambitions by as much as two years."
Reports show that there are currently 46 countries with military cyber programmes, and 12 countries admitting to having offensive cyber capabilities in 2012 - an increase from four in 2011.
Firth points out that the main problem is that the Internet was built to be freely accessible to everyone. "The Web is not governed by one nation. It was not built to be secure, but in order to freely exchange and share information and ideas. The very thing that makes it such a wonderful and essential tool is also the very thing that now makes it so vulnerable and such a target, because in this global information age, we have come to depend on it for almost every aspect of our lives."
Firth concludes by saying the solution might very well be, as several industry experts have already suggested, to indeed create something similar to the Non-Proliferation Treaty that will oversee and manage the use of any kind of cyber military action or warfare. "With technology being such a powerful weapon, you certainly want it to be controlled."
Share