In the Age of Cyber Warfare, states and corporations alike have redrawn the battle lines, and they are now virtual. This era began roughly 10 years ago, a computer virus called Stuxnet — changed the rules of the game. Stuxnet was the world's first cyber weapon: computer code capable of disrupting physical facilities. An epic project, estimated to have been years in development, 15,000 lines of computer code that managed to physically disrupt uranium enrichment centrifuges inside a clandestine facility in Natanz, Iran.
Framing the cyber warfare discussion as an issue for soldiers & spies misses the point: It affects us all
The Stuxnet virus was probably an extreme case, an outlier, the rare fruit of an intensive, costly and collaborative effort by several government agencies. Whistle blowers exposed the operation, codenamed Olympic Games — an attempt to covertly sabotage the Iranian nuclear program. Some say the virus took years to conceive, and develop it, and deliver to its target. Others will tell you it was Israel & the United States intelligence forces behind it. Either way you look at it: there is no denying it that Stuxnet was the dawn of a new age, one in which computer viruses, lines of code, made the leap from troublemaking but controllable to potentially unstoppable, History-changing weapons, their capabilities miles ahead of other digital attacks. Taken in the context of geopolitics, a digital weapon like Stuxnet could simply be understood as the most expedient, non-violent, and cost-efficient method to covertly disrupt a nuclear weapons program. At least, this is how politicians would see it — when contrasted with traditional war-making tools, such as fighter jets, soldiers, or bombs.
Unique as it were Stuxnet also exemplifies the complex nature of cyber threat concerning us all. It's not about securing computers, networks or web servers anymore. Cyber security impacts more than the visible World Wide Web we browse, and it goes deeper than the entire global Internet.
This is crucial, because we often think of cyber warfare as a pitched battle between two groups of fierce government trained hyper-geeks with army discipline. But the reality of cyber warfare is, we are all on the virtual battle ground. Framing the cyber warfare discussion as an issue for soldiers & spies misses the point: It affects us all. On the cyber battlefield, Regular people are the front lines — and our information, computers, credentials and digital services are the prized commodity. In other words, it's about the TRUST that we place in a modern, digital society.
In this context, Stuxnet was also important because it pioneered a new kind of cyber-attack: one that's no longer focused on stealing information, but on physical destruction and data manipulation. Some of the most notable examples could be seen in the 2015-2016 attacks on the Ukraine electricity distribution system — which were, perhaps the first time hackers were able to create power outages. And in 2017, when in the span of just two months, the world saw the two biggest disruptive malware outbreaks ever — WannaCry and Petya/ NotPetya/ EternalPetya. Specifically, the NotPetya Wiper virus, which deleted files and disrupted thousands of computer systems worldwide, was deemed the most destructive and costly cyber-attack in history by the US Government in 2018. Here's the reason why in the past years, we have seen such attacks on energy systems, transportation hubs, healthcare providers and even political campaigns. It's because cyber warfare isn't about stealing secret files or information: It's about directly influencing our way of life. And it has become the most useful tool for such adversaries who seek to sow chaos and use disruption as leverage for political machinations.
Two centuries ago, military historian Carl von Clausewitz said that "War is the continuation of Politics by other means". In the 21st century, cyber war seems to be the weapon of choice for some, a continuation of politics in other means.
So, it's time to redraw the battle lines between nation states, corporates, Cyber Criminals & friendly hacktivists, because this kind of war affects more than just military targets. We're all in this together — and no one's immune. We live in an expanding digital universe of devices that we need to be protected. With a hand on your heart, what do you have at home: More family members & pets — or more digital devices? I know the answer. And that trend is only going to continue exponentially. According to industry estimates, by the year 2025, there will be more than 75 Billion devices on planet earth — more than 9 times as many human beings!
In the 21 st century, cyber war seems to be the weapon of choice for some, a continuation of politics
With the rise of automation, IoT, Machine learning and AI, attackers and defenders are locked in an ever-evolving digital arms race. And as we all push for more innovation thousands of lines of code are being written each day. Startups are encouraged to "move fast and break things" as the Silicon Valley saying goes. But how can we make sure all of that innovative technology is secure?
The answer is we're going to need all the help we can get. We need to build a digital immune system for the information age, one that grows with us as we move to the future. In my TED 2014 Talk I introduced the idea that hackers might be the answer we need to build that immune system. As a hacker and security researcher for more than 20 years, I can tell you that most people tend to overestimate hackers' malicious motivations yet underestimate our ethics and ability to help.
It's time to rethink those assumptions and time to understand there are many friendly hackers out there. The surprising fact is that hackers can actually help build that immune system. Friendly hackers and Security researchers like me, have discovered, reported and fixed hundreds of thousands of software vulnerabilities and security failures in recent years.
That is why I believe that our future resilience in the field of cyber security will be defined not just by governments' efforts to balance technology's benefits against the risks it brings with it but also by how we build our digital immune system and evolve our paradigms about security, privacy and who controls our digital destiny — government, corporations, and hackers.
Keren Elazari is a cybersecurity analyst and senior researcher at the Interdisciplinary Center for Cyber Research at Tel Aviv University. She is CISSP-certified and has a Master's Degree in Security Studies. She founded the Community Security Research event, BSidesTLV, the largest in Israel, and is part of the global Segurity BSides movements, and of Leading Cyber Ladies, the global professional network for women in cybersecurity. Elazari is a specialist in emerging security technologies and trends, which leads to her role as an independent strategic advisor. Her TED Talk on the role of hackers was translated into 30 languages and is today one of the most viewed on the platform.