We have spent some time in my past blogs talking about the world of Digital Pathogens, where digital code of any sort is used to infect or otherwise compromise a system. Cyber security as an industry, and you as a practitioner, made a surprisingly good analogy with the healthcare systems. As it is topical, let's expand this analogy to germ warfare.
There are various ways that pathogens infect systems. Sometimes they appear out of thin air, equating to digital bugs that show up one day. Others are purposely created to cause harm. That is the essence of digital germ warfare.
So far as we are aware, digital germ warfare has not posed a very significant threat globally. The most extensive digital germ event in recent memory was perhaps the now-infamous WannaCry ransomware attack a few years ago. For sure, it was an assault of pretty epic proportions. The pathogen's origin was a digital tool for espionage purposes, but it was quickly weaponized once leaked into much more malicious use. It was then subsequently used for what we could consider as digital germ warfare in the NotPetya attacks.
However, one thing with such attacks is that the attacker avoids direct attribution. Sometimes attackers like to attribute attacks to a group or cause, but not so much a direct one-to-one and “I did it, and my name is” type of attack. Seeking to avoid a direct attribution places restraints on the capabilities that attackers can use.
So what happens when the attacker wants you to know?
We can look back to actual wars of the past to see what happens. In an open conflict, the attackers do not need to hide the source of the destruction. That makes it possible to use much less discriminating ways to inflict damage. World War 2 culminated in a very public display of force in the form of weapons of mass destruction. It was effective, and the US certainly took credit for the attack.
Now consider the current world stage and the possibility that a nation-state leader might decide to go all out. Nuclear weapons are not likely to be the best idea. We all know where most (if not all) nuclear weapons are kept, and we all have taken significant steps globally to stop such attacks if needed. Mutually assured destruction keeps it off the table. There is no guarantee this won’t happen, but it is not likely. Of course, that is just my opinion.
Cyberwar, however, is very much on the table. If backed into a corner, a country may decide to mount a massive cyberattack on the cyber front, which may be possible. Nobody is prepared to deal with that today. Vulnerabilities are rampant, and the threat is probably at its highest ever. Highly developed countries are at a significant disadvantage due to digitalization. Governments are doing their best to shore up defenses of the critical infrastructure. Still, the lack of resources means that they can’t pay sufficient attention to the rest of the infrastructure and the people.
Now consider the first nuclear weapons attack. They did not just throw together a bomb and hope it worked. It was developed, tested, and eventually passed the test requirements. So it would be interesting to surmise that there is perhaps some testing going on.
I think it is reasonable to consider that, at this point, the threat is very imminent. So perhaps now is a good time to think about that and take some action. For those of you who can do their system testing to prepare to resist attacks, consider what might happen if many systems are hit at the same time.