When it comes to the modern-day battleground, bits and bytes now accompany the bullets and bombs that have historically powered warfare. As multinational cyber arsenals continue to mature, international concerns over operational cyber espionage and warfare grow.
Perhaps most vulnerable to attack are the critical infrastructure and key resources that operate within any particular country. Critical infrastructure resources support the crucial services that generally serve as the supporting foundation for any society.
Cyber security protection
With the majority of global vital infrastructure operated by the commercial sectors, the issue of cyber security protection is weighing heavily on both industry and government. For example, in the US, 80 per cent of critical infrastructure is owned and operated by the commercial sectors.
Some critical infrastructure elements are so essential that their destruction, disruption or exploitation could have a debilitating impact on a countrys national security or economic well-being.
While critical infrastructure categorisation varies from country to country, it usually includes some combination of the following sectors from industry and government;
• Government services
• Law enforcement, fire and emergency response
• Banking and financial services
• Power including electricity, oil and gas
• Public works including water and drainage
• Internet, media and telecommunications
• Agriculture and food supply
Many countries also categorise prominent public places, national monuments and high-profile events as critical infrastructure.
Power and utility sectors
One specific area of concern is in the power and utility sectors where Supervisory Control and Data Acquisition (SCADA) industrial control systems monitor, coordinate and control process. Within the enterprise, information technology systems typically have a lifecycle of five years or less allowing for enhancements designed to mitigate the latest known security threats. By comparison, many mission critical SCADA control systems have been in production for 15 years and sometimes longer. Unfortunately, many of these systems were originally architected with little to no concern for security. Because of this, Internet-exposed SCADA-based systems and the organisations that operate them remain highly vulnerable to Internet-borne threat.
A recent article from the North America-based Council on Foreign Relations quoted a well-known economist as having estimated that a shutdown of electrical power to any sizeable region for more than 10 days would stop more than 70 per cent of all economic activity in that region. Given the costs involved to finance a traditional military attack, is it any surprise that cyber-warfare strategies are gaining attention?
Perhaps the most unique aspect of cyber-warfare is its ability to be launched from anywhere in the world. Computers that are physically located in foreign countries may also be compromised and used as a launch platform for attack making identification of any initial attack source extremely difficult.
Sign up for CIO Asia eNewsletters.