In hacker jargon, it’s called a “cyber-to-physical effect.” It’s when a hacker reaches out from the virtual world into the real one—often with catastrophic consequences. The Americans and Israelis pioneered the technique back in 2009 when the Stuxnet program infiltrated Iranian computer systems and wrecked thousands of uranium-enriching centrifuges. But now other players—especially the Russians and Chinese—are getting into the game of remotely using computer networks to destroy infrastructure and threaten human lives. Last year, according to a report by Germany’s Federal Office for Information Security, a blast furnace melted down in an unnamed industrial city in Germany after a digital attack on its control systems, causing “massive damage.”
It nearly happened in the United States too, when unknown hackers succeeded in penetrating U.S. electrical, water and fuel distribution systems early in 2014. While old-fashioned, relatively low-tech data hacks make headlines—for instance, high-profile break-ins over the last 12 months to the email systems and databases of the White House, State Department, Department of Homeland Security, Department of Defense and Sony Pictures Inc.—what has security officials seriously worried is the new and dangerous world of cyber-to-physical infrastructure attacks.
“This is not theoretical,” National Security Agency Director Admiral Michael Rogers told the U.S. House of Representatives’ Intelligence Committee recently. Hacking attacks on the U.S. and its allies are “costing us hundreds of billions of dollars,” Rogers warned, and will result in “truly significant, almost catastrophic failures if we don’t take action.”
According to Alexander Klimburg, an affiliate of the Harvard Kennedy School of Government’s Belfer Center and senior research fellow at the Hague Centre for Strategic Studies, “cyberspace today is like Europe in 1914, before World War I. Governments are like sleepwalkers. They do not comprehend the power of new technology and the consequences of misunderstanding each other’s activities.”
According to the U.S. Intelligence Community’s 2015 “Worldwide Threat Assessment” report, Russia and China are the “most sophisticated nation-state actors” in the new generation of cyberwarfare, and Russian hackers lead in terms of sophistication, programming power and inventiveness. “The threat from China is overinflated, while the threat from Russia is underestimated,” says Jeffrey Carr, head of Web security consultancy Taia Global and author of the book Inside Cyber Warfare. “The Russians are the most technically proficient. For instance, we believe that Russian hackers-for-hire were responsible for the Sony attack.”
Picture: Rijan (Own work) [CC BY-SA 3.0 (http://creativecommons.org/licenses/by-sa/3.0)%5D, via Wikimedia Commons