Above: A diagram of how various attack methods work. The left diagram shows a scanning attack where a single attack host scans a number of victims. The right diagram shows a distributed denial of service attack, in which an attacker uses a number of compromised hosts (bots) to attack a victim.i (Source: Sailesh Kumar, “Survey of Current Network Intrusion Detection Techniques,” Washington University of St. Louis – Computer Science Department, December, 2007, accessed January 20, 2015, http://www1.cse.wustl.edu/~jain/cse571-07/ftp/ids/index.html.)
Part I of a Series
Cyberattacks are politically and / or socially motivated attacks carried out through the internet via fake websites, infected computers (bots), and malicious programs such as Trojan horses, viruses, and worms).ii They have become an increasing risk for nuclear facilities due to the ease in which cyberattacks can compromise the facility’s integrity and ability to carry out its intended tasksiii. Whereas traditional attacks required the use of weaponry and armies, cyberattacks merely require a willing patron with a vendetta, a hacker (or hackers), a few computers, and as little as $100iv. However, the outcome can be just as devastating to a state’s infrastructure. Although a cyberattack may not be measured in “human casualties”, the ability to dismantle a state’s nuclear infrastructure through informal methods means that cyberattacks can be used not only as a weapon of war, but also as a means of maintaining small states’ compliance towards hegemonic interests.
The informal relationships that exist between the attacking state, organization(s), and “hackers-for-hire”v, allow for a state to deny the attack has taken place and investigations begin. This is because attacking states and organizations will often claim “plausible denial”vi, in which investigating states and organizations are unable to conclusively tie the attack to its presumed “point of origin”vii, thus protecting the alleged offender from reprisal by the international community.
Cyberattacks have already been used against nuclear power plants in Iran in order to disrupt their nuclear infrastructureviii. Stuxnet, a joint operation launched in 2010 by (presumably) the United States and Israel, was intended to preemptively dismantle Iran’s nuclear infrastructure on the basis that their nuclear enrichment program was being used to produce weaponsix. However, such attacks can have unintended consequences. Stuxnet’s appearance on the International Space Station (ISS) in November, 2013, as a result of a rogue USB drive,x demonstrates how easily an attack can be caused, or continued.
Although the Council of Europe has had the European Convention on Cybercrime (ECC) in force since 2001xi, the United Nations has not been able to come to a consensus regarding what constitutes a cyberattack due to the differing interpretations of “cyberattack” held by various statesxii. Thus, smaller states engage in technological specializations and “sell their services” to larger states as a means of generating revenue and gaining protection from larger statesxiii, while providing larger states the technologies needed to build their Computer Emergency Readiness / Response Teams (CERTs)xiv Although an imperfect solution, until the United Nations comes to a consensus on how to deal with cyberattacks, the current “best practices” are through mutually beneficial economic treaties whose viability exists only so long as both parties need each others’ existence to survive.
i Sailesh Kumar, “Survey of Current Network Intrusion Detection Techniques,” Washington University of St. Louis – Computer Science Department, December, 2007, accessed January 20, 2015, http://www1.cse.wustl.edu/~jain/cse571-07/ftp/ids/index.html.
ii“What Constitutes a Cyber Attack,” NEC, accessed January 16, 2015, http://www.nec.com/en/global/solutions/safety/info_management/cyberattack.html.
iiiPaul K. Kerr, John Rollins, and Catherine A. Theohary, “The Stuxnet Computer Worm: Harbinger of an Emerging Warfare Capability,”Congressional Record Service 7-5700, no. R41524 (December 9, 2010): 5.
iv Matthew Goldstein, “Need Some Espionage Done? Hackers Are for Hire Online,” New York Times, January 15, 2015, accessed January 16, 2015, http://dealbook.nytimes.com/2015/01/15/need-some-espionage-done-hackers-are-for-hire-online/.
v Goldstein New York Times
vii Danny Bradbury, “Testing the Defences of Bulletproof Hosting Services,”Network Security 2014, no. 6 (June, 2014): 9-10.
viii Robert McMillan, “Was Stuxnet Built to Attack Iran’s Nuclear Program?,” PCWorld, September 21, 2010, accessed January 16, 2015, http://www.pcworld.com/article/205827/was_stuxnet_built_to_attack_irans_nuclear_program.html.
ix Kerr et al, 3-5
x David Gilbert, “International Space Station Infected With USB Stick Malware Carried on Board by Russian Astronauts,” International Business Times (London), November 11, 2013, accessed January 16, 2015, http://www.ibtimes.co.uk/international-space-station-infected-malware-russian-astronaut-521246.
xi “European Convention On Cybercrime,” Council of Europe, November 23, 2001, accessed January 16, 2015, http://conventions.coe.int/Treaty/en/Treaties/Html/185.htm.
xii Anna-Maria Talliharm, “Towards Cyberpeace: Managing Cyberwar through International Cooperation,” UN Chronicle, August, 2013, under “”International Cooperation,“,”http://unchronicle.un.org/article/towards-cyberpeace-managing-cyberwar-through-international-cooperation/.
xiii Liina Areng, Lilliputian States in Digital Affairs and Cyber Security (Tallinn, Estonia: NATO Cooperative Cyber Defense Centre of Excellence, 2014), 4-5, accessed January 16, 2015, http://ccdcoe.org/multimedia/lilliputian-states-digital-affairs-and-cyber-security.html.