By Air Marshal Dhiraj Kukreja (Retd)
“I have the power, the capability, sitting in my home with my computer and my modem…to wage war”: James Adams (CEO, Infrastructure Defence, Inc.) in “Information Warfare: Challenge and Opportunity”
Cyber warfare, as defined by Richard A. Clarke, a US government security expert, in his book ‘Cyber War’ (May 2010), is “actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption.”
‘The Economist’ (July 01, 2010) describes cyber warfare as “the fifth domain of warfare”, and William J. Lynn III, erstwhile US Deputy Secretary of Defence (2009-2011) with Barack Obama, includes it as a “doctrinal matter, the Pentagon has formally recognized cyberspace as a new domain in warfare… just as critical to military operations as land, sea, air, and space.” Today, its criticality has increased when coupled with Artificial Intelligence (AI).
The US Cyber Command was formed in 2010, to protect the country’s military networks and attack other countries’ systems. The government infrastructure is defended by the Department of Homeland Security while corporate networks by protected by private companies; a similar infrastructure exists in the UK. Earlier, in May 2009, shortly after assuming office, President Barack Obama had declared America’s digital infrastructure to be a “strategic national asset”.
‘The Economist’ writes that China has plans of “winning informationised wars by the mid-21st century”; many other nations are prepared for cyber war and they include Russia, Israel and North Korea. While Iran boasts of having the world’s second-largest cyber-army, it has also been victim to repeated cyber-attacks; the Stuxnet worm affected more than 15 nuclear facilities, which included Natanz, a key facility, once again attacked in early April this year. Hacker attacks on countries and Internet-based terrorism have firmly established themselves as part of the real world.
Just as WW I marked the launch of new weaponry and modern combat techniques in the 20th century, the information age is now revolutionizing warfare for the Twenty-first. Technological advances in cyber-space and outer-space are continuously redefining the conduct of waging war, blurring the line between economic competition and warfare. Around the world, information technology has increasingly encompassed weapons systems, defence infrastructure, and national economies. As a result, cyberspace and outer-space have become the new battle-space.
For those who have the technological capability, here is the opportunity to wage war—not by deploying soldiers in a conventional sense on a battlefield, with many thousands dying, or, indeed, even deploying missiles in the conventional way—but instead, launching bits and bytes through cyberspace that can effectually destroy or cripple a potential aggressor, well before the mobilisation of troops. Such an action could include shutting down the power grid across a region, turning off the water supply, causing a failure of waste-water treatment plants, stopping the banking/ATM systems, disrupting exchange market operations, in short, affecting the very fabric of today’s lifestyle. A very effective misinformation campaign can be launched by the interruption of information flow in a country, while inserting one’s own information flow, all a very plausible scenario.
Cyber warfare, hence, is not just about degrading the C2 structure of the military or its information systems—it is much more!
Such disruptive attacks need not be from within the confines of one’s borders; the source can be made to appear from somewhere far distant, making it extremely testing to pinpoint the actual location. Even if the source is discovered, it’s very complicated then to launch a retaliatory strike. What are you striking and why are you doing so? What public response, public support, will there be for the actions that the victim nation is contemplating, if thousands of people are going to die? How does a government actually persuade its people of the righteousness of its actions, when there is no evidence to cite?
In the new setting of an intangible war-zone, all citizens of a nation are on the front line. The crux of the issue, therefore, is how does a nation defend and protect itself in such an environment where an attack on it is labelled as an act of aggression, yet, cannot retaliate as it also is a social issue with ethical and legal implications?
The proliferation of computers and micro-chip aided devices, some of which are now coupled with artificial intelligence (AI) and the ubiquity of using these devices to facilitate the running of military and non-military businesses, has raised concerns about the security of data and the tools. When is, therefore, a cyber-attack justified? Is a cyber-attack an act of war? What if thousands of civilian lives are at stake? This is a dilemma that faces not just the military, but also the decision-makers!
The coupling of cyber warfare with AI, is making it much simpler for a country to reach far beyond its physical borders, making cyberspace another battlefield of limitless threats. Extremely huge amounts of data can be collected through AI algorithms, which can monitor rules or patterns of the victim networks. The possibilities of an AI-supported cyber-attack, is very real, notwithstanding the high technology required for a nation to use it.
To enumerate the many capabilities of AI is beyond the scope of this piece, but it needs to be underscored that AI systems have surpassed expectations, so much so that experts and scientists now fear its disruptive powers; the systems have displayed their uniqueness in several areas by proving better than humans.
Many global enterprises are using AI and they include IBM and Microsoft; their machine learning programmes have been performing tasks much faster, beating the humans in thoroughness and depth in research. However, these very capabilities, it is feared, can also be its vulnerability to a cyber-attack.
Cyber weapons are already using AI and could, in the future, cause more damage. AI-based systems can see through firewalls and detect breaches due to unsecured centralised servers, thus creating simplest of open passages for the hackers to obtain data in bulk and cause greater overall destruction, be it to an individual, businesses, government or the military, and hence, to national security.
The concept of autonomous AI weapons and AI robotics has scared many a founder of these systems to the extent so as to urge the UN to ban them by saying: “Once developed, they will permit armed conflict to be fought at a scale greater than ever, and at timescales faster than humans can comprehend.” (How Artificial Intelligence and Quantum Computing are Evolving Cyber Warfare – Kline, Salvo & Johnson, Institute of World Politics, March 2019).
The introduction of AI in the cyber domain has presented challenges in international geo-politics affecting relations, and will continue to do so. The already tense relations between USA, Russia and China have further stressed. Lt Gen Liu Gozhi, director of the Science and Technology Commission of China’s Central Military Commission (CMC), is of the belief that AI-based systems would alter military units programming and thus, lead to a multifaceted military revolution (Air Marshal Anil Chopra, Asian Defence Review 2020-Centre for Air Power Studies). AI-based cyber weaponry could exploit vulnerabilities or even create new vulnerabilities by transforming information warfare into intelligent warfare!
Notorious contemporary malware, Emotet Trojan—also known as Heodo or the WannaCry Ransomware—is a prime example of AI-based attacks. Emotet stole data from infected victims through malicious phishing emails, modifying the language and pattern depending upon the users’ habits and leveraging AI; WannaCry ransomware, on the other hand, is an example of offensive use of AI, marking a new era of cyber-attacks. The use of AI in such a manner can affect battle-space in the following manner: Firstly, by impersonation of trusted users; Secondly, by merging and lying dormant in the background only to emerge at a pre-determined time; and Lastly, the speed of the attack.
Connected networks, today, are a part of highly connected digital ecosystems. An attack on any ecosystem, civil or military, would shatter the confidence, which is the mainstay of cohesion. To prevent such a situation, capabilities to safeguard data is the need of the hour, for which, investment in new technology to use AI to combat its malicious use, as it becomes a part of the hacker’s toolkit, is essential.
The old adage, “All good comes with bad”, can be termed as true. AI can be construed as the most disruptive application in this pandemic-affected world. Nations wanting to establish their supremacy can cause massive destruction with a scary accuracy and precision, without human interference. AI can change the world, but technology can be good or bad, depending upon what purpose it is used for!
–The writer is an IAF veteran. Views expressed are personal and do not necessarily reflect the views of Raksha Anirveda