Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
It began as a series of regular beeps and buzzes. Within seconds, there was a sound as of fireworks going off, followed by agonised wails of pain and panic.
In a massive breach, the pagers and walkie-talkies of assumed Hezbollah members exploded in a series of tiny blasts in Lebanon last month. The explosions continued over two days, and left an estimated 32 dead and 3,000 injured, including bystanders and civilians.
The pro-Iran militant group has since pointed a finger at Israel, claiming that its spy agency Mossad had the devices modified at the time of manufacture. Israel has declined comment.
This is what cyber warfare can look like.
Earlier this year, a 38-year-old named Andres Freund, a software engineer with Microsoft, found unknown code sitting within a network of Linux software modules. The code had been introduced into these systems gradually, over years. It is still not clear by whom.
Unchecked, the code could eventually have compromised systems at a range of establishments, from hospitals and banks to government agencies around the world. The vigilance of a single person prevented that.
This is what cyber warfare can look like too.
“Warfare has become asymmetrical, given the new digital frontiers,” says technology analyst Kashyap Kompella. “Communication networks, consumer devices and critical industrial infrastructure have weak links which can be leveraged by adversaries as Trojan horses or backdoors.”
The most direct method is infiltration. But other methods are evolving.
Whispers on the internet — that are credible but cannot be verified, Kompella says — suggest that CCTV camera systems in one part of the world are interacting with power grids in another part of the world, as a result of malware buried in both, by a shadowy third State.
When hints of such infiltration occur in say, the US or India, it is said that Iran or China is at work. When the attacks occur in Iran, the US or Israel or both are often blamed.
So, in 2010, when the Stuxnet virus targeted Iran’s Natanz nuclear facility, causing its centrifuges to spin out of control, while all the plants monitors reflected normal activity, Iran alleged a joint US-Israel operation.
This is also what cyberwarfare can look like.
Shielding against bugs can only be part of the solution, in such a world, Kompella says.
The most important step, from a national security point of view, is to pragmatically reconfigure industrial supply chains, he adds. “We need to identify what can be locally manufactured, and what can be sourced from friendly countries rather than those who may potentially be adversaries.”
Future-casting
Whether online or offline, then, a backup system should hinge on three approaches: decentralisation, prediction and preparedness.
“The first rule should be: Don’t put all your eggs in one basket,” says Kompella. “The second rule: create an ability to switch to manual operations, at least for critical infrastructure.”
Given the possibility of GPS disruption, for instance, the Australian military already offers training in celestial navigation. UK Royal Navy vessels carry a nautical almanac for this reason.
On the prediction front, US’s computer model DAGGER (formally, Deep Learning Geomagnetic Perturbation) uses AI and other algorithms to analyse solar wind and predict geomagnetic disturbances worldwide, at least 30 minutes before they occur.
DAGGER was created at the Frontier Development Lab, a public-private partnership of researchers from the US National Aeronautics and Space Administration (NASA), US Geological Survey, US Department of Energy, Google Cloud and Nvidia.
Half an hour’s warning, it is said, could provide just enough time to prevent severe impacts on power grids and other critical infrastructure. With its open-source code, DAGGER can also be adopted by power grids, satellite controllers and telecommunications companies elsewhere.
Ready or not…
In a best-case scenario, collaboration and vigilance of this kind allow for systems to be shielded and retooled bit by bit, and the big backup plan remains just a failsafe.
It was so with the millennium bug Y2K, predicted to strike at midnight as 1999 gave way to the year 2000.
New laws were passed by the US government, compliance and readiness plans were shared around the world. Hardware and software were replaced. Programs were rewritten.
Barring a few disruptions (most of them relating to miscalculated dates), the new millennium dawned smoothly. But the research firm Gartner estimated that the worldwide effort cost a staggering $300 billion to $600 billion.
That’s what preparedness can look like.
The 9/11 attacks of 2001 and, more recently, the pandemic have since offered new lessons in what it can take to have adequate backup, to run on minimal service, and to be prepared for a different version of the world.
“In India, barring the odd exception, we are not as rigorous as we should be in having backup plans,” Kompella says. Business continuity plans (BCPs) and disaster recovery plans tend to be maintained only when international clients mandate it.
“This is probably because the price one pays for not having a BCP becomes apparent only when a disaster strikes. The cost of implementing this level of preparedness is far more tangible.”
One has to ask, though: Is that really the best deal?
English