(Translated from the original Italian)
The Mehr News Agency recently published a declaration by brigadier general Gholamreza Jalali issued during an official conference to demonstrate the military defense status of Iran.
“The US is downsizing its army for bigger cyber defense infrastructure. So countries like Iran also have to set up and upgrade their cyber defense headquarters and even [build] a cyber army.”
The Iranian military has discussed regarding the intentions to develop a very effective cyber strategy in response to the attacks which have been conducted against the country. Of course, the reference is to the cyber weapon Stuxnet, and it's clear that the virus has been developed with the purpose of doing damage to the Iranian nuclear program.
Iran's commitment to developing a cyber strategy indicates that the country is investing heavily in the sector, and this consideration must alarm the Western countries and all states considered enemies of Tehran.
As I have said many times, the effect of the use of cyber weapons could be devastating in relation to the real state of critical infrastructures that western countries have discovered are so vulnerable. Stuxnet marked a turning point in revealing all the limitations of defense capabilities even for those who presumably created the malware.
Industrial sabotage using a cyber weapon is a reality today and a military option that can be adopted on large scale against critical infrastructure. I share the same conviction that Eugene Kaspersky expressed during a recent event in Cancun (it's a shame I did not have the opportunity to hear him live):
“I’m afraid yes, because so much of our physical infrastructure is internet-connected and computer-controlled, it’s possible to stop critical equipment from working."
Cyber weapons have several advantages, mainly:
- The disclosure of such agents is silenced for the nature of the vulnerabilities that are exploited. The study of new zero-day vulnerabilities provides a real advantage to those who attack and the related risks of failure of the operations is minimal
- The anonymous nature of the offense allows countries to circumvent the approval of the world wide community in the case of a military offensive
- The costs involved in developing weapons such as these at issue are relatively low compared to other conventional weapons
We have been confronted in recent years with a new arms race for cyber weapons development, and as governments around the world compete for innovation, and a cultural revolution is occurring in nations have always have considered minor like Iran and Bangladesh, which are now nearly on par superpowers like the U.S. and China.
The only way to avoid a catastrophic event is to strengthen cooperation between states, as only by joining their cyber capabilities is it possible to guarantee mutual protection against cyber threats.
Of course, while cooperation can create new synergies on the other hand, it creates new monsters on the other. Countries from around the world now consolidate agreements in cyber space, like the China - Iran or China-North Korea alliances - and even Russia and China.
Army Lt. Gen. Ronald L. Burgess, director of the Defense Intelligence Agency, disclosed new details on China’s space weapons programs last week declaring that it includes anti-satellite missiles and cyber warfare capabilities. According Burgess, the real cyber threat is now China, which claims to be supporting civil projects but in reality is preparing a more efficient weapons program.
“China’s successfully tested a direct ascent anti-satellite weapon (ASAT) missile and is developing jammers and directed-energy weapons for ASAT missions,” he said.
“A prerequisite for ASAT attacks, China’s ability to track and identify satellites is enhanced by technologies from China’s manned and lunar programs as well as technologies and methods developed to detect and track space debris.”
Analysts estimate that with as many as two-dozen ASAT missiles, China could severely disrupt U.S. military operations through attacks on satellites. China’s Beidou global positioning system satellites will be available for regional users this year and globally by 2020.
The Chinese, Russians and also North Korea have developed capabilities to interfere with or disable U.S. space-based navigation, communications, and intelligence satellites.
There is another aspect that should lead to concern, the proliferation of these weapons and the simplicity to find them in cyberspace makes possible infiltration by criminals.
Cyber criminals are refining their techniques and turning increasingly to the technology sector for the creation of new forms of complex fraud. What could happen if using the process of reverse engineering of a cyber weapon? Criminals will be able to develop a new one.
While governments are confronted in the new cyberspace with uncontrollable forces that can break patterns and balances across borders, and all countries are unprepared.
I purposely left for last the phenomenon of hacktivism. Today we are witnessing an escalation of operations of groups like Anonymous, but I think it unlikely that these groups can really damage critical structures. I'm more afraid of those who wish we would believe it. However, the management of the threat of Anonymous involves a significant deployment of resources for their targets.
We can identify a multitude of dangers, and the technological impetus behind each infrastructure has revealed several vulnerabilities. Layers and layers of software levels or components badly developed by third parties that have not followed strict recommendations on security in the design phase, and because of the need for remote control of processes presents ever more vulnerabilities in the authentication process.
Still, malware is able to operate silently, gathering information for years for use in future attacks, like the exposure of control systems that could be impaired by any number of of methods (e.g. SLQ injection rather than DDoS), thin perimeter security, and sometimes the lack of adequate security policies.
Finally the factor of greatest risk, is the human factor. The human component is often unmanageable, be it a malicious insider or a user that accidently makes unauthorized use of storage and supports (e.g. USB tokens) or circumvents security policies.
When we talk about cyber weapons, we have to contextualize it to the typical operational scope as just described.
There is an availability of a multitude of information on each possible target. Without resorting to sophisticated OSINT techniques, attackers can simply just browse the internet to know the telemetry of a place, critical structures around it, evaluate the response time to an attack by the authorities and even know the type of exposure systems running on a network are vulnerable to and exploit them.
They can also research the companies that have access to the facility plans, can collect information by attacking contractors who are usually more vulnerable, and then the game is over. That is a cyber war scenario, its simple and dangerous.
I conclude with a reflection on our future that I find extremely significant. Nations such as China, India and Iran are investing to educate their young people about methods of cyber defense and cyber offense.
China is already suspected of using patriotic hackers and cyber militias. According to the Financial Times the Nanhao Group, a web company outside of Beijing, has departments tasked for attacks and defense, and the report mentions cyber militias in Tianjin’s Hexi District. It is a completely different the approach than that followed by the West, where in these countries this kind of information is limited to a small circle of people, the security oligarchy.
In Italy, the people involved in creating security scenarios are always the same, so there is little innovation and few investments in the future. Over a long period this attitude will lead to an unbridgeable gap, and we will face with serious problems.
Cross-posted from Security Affairs