By Ramin Karbasi
Edited by Sanchita Malhotra, Associate Editor, The Indian Economist
As of this week, security firm Symantec reported the incidence of a large and highly sophisticated hack on Western oil and gas companies. It’s sheer impact and lack of precedence granted the hack, which is believed to be of Russian origins, a special place in cyber security lore in that it exemplified the perennial Star Trek promise “to boldly go where no one has gone before.”
Within the realms of space exploration, such a promise teems with coveted images and thoughts of innovation and trailblazing. Conversely, within the realms of cyberspace, such a promise, though admittedly innovative, is almost assuredly harrowing in its entirety. And when such a promise threatens the political and socio-economic well-being of some of the world’s most formidable countries, it matures further into a blatantly insolent taunt.
At the risk of portraying banality by devolving the incidence into an archetypal ‘Cold War paradigm’, this hack was only a recent one in an ongoing series that has pitted the West, most notably the U.S. and Great Britain, against the Chinese and Russians. As of now, it has been reported that the hack was used to acquire documents and classified information (e.g. passwords and usernames) from the targeted companies. This, of course, does not rule out the very real possibility that the hack also gave the intruders the power to hijack controls and sabotage national energy supplies.
Security experts furthered the significance of the hack by explaining that it is very well noted for its military application and precision. ‘Energetic Bear’, as the hack and operation have come to be known, is not limited to utilization in the energy sector alone. Traces of the hackers’ work have been identified as recently as 2012, and, more importantly, have been identified within U.S. and European networks for defense contracting, health care, construction, and nuclear energy research. This would suggest that this hack should be treated with the same consideration granted to any matters of (inter)national security.
Of course, cyber security attacks are but a footnote in the long history of foreign espionage and sabotage. In an era distinguished by an immense dependence upon machines and technology to achieve respective policy goals, there is little to no confusion as to why nation-states would be so inclined to utilize cyber strategies: they are quick with results, they are unforgiving when deployed, and, if programmed just right, they are virtually undetectable.
Per an article by The Guardian dated to February 26th, 2013, Symantec, the same internet security firm that identified this recent Russian hack, released information on the infamous Stuxnet virus suggesting that it could have been fully operational as early as 2005. The virus, which is believed to have delayed Iran’s nuclear development program by years, made headlines precisely because of its ability to artistically blend together the fields of espionage and sabotage.
When considering Stuxnet’s relevance to Energetic Bear, one ought to shudder at the thought of how far cyber attack strategies have come in less than a decade’s worth of time. The fact that virtually anyone armed with the right tools for and advanced knowledge of computer programming can create a virus similar to, if not worse than, Stuxnet and Energetic Bear is unnerving enough. The discomfort is furthered by the realization that the hacks and viruses are being developed just as fast as, if not faster than, the strategies aimed at repelling them.
The policy disadvantage between the response time and the delivery time of the attack means that though the strategies could ward off future incidents, they cannot fully eliminate the threat because a significant amount of the attacks are, essentially, ‘intellectual property’. Simply put, cyber attacks are not conventional attacks – the weapon is not a tangible object that can be destroyed, nor is it difficult to construct. And while a nation-state can police and, if necessary, fully eliminate tangible weaponry, it cannot, arguably, do the same with respect to the knowledge of such weaponry. It is within the parameters of such an understanding that cyber attacks generate the most fear – one simply needs a computer and time, not a centrifuge and uranium.
These few thoughts alone should be enough to alarm policy-makers all around the world.
Moving forward, the best advice that policy-makers can receive and act upon is simple: Acceptance. Accept that the world and its regulations are evolving; accept that non-state actors are rising in security concern prominence; and accept that conventionalism is being abandoned in favor of innovation. Conventional weaponry as an effective response to cyber attacks is impractical. Bullets cannot revert progression because progression is simply an amalgamation of ideas, and “ideas are bulletproof.”
Ramin is currently a Senior Honors student at Southern Methodist University, where he majors in Political Science and Sociology. An avid student of comparative politics and economics, Ramin hopes to one day pursue post-graduate International Development studies at the London School of Economics and Political Science. As such, and acknowledging the works of Mr. Nayef Al-Rodhan, he best describes himself as a symbiotic realist. A self-ascribed Francophile, Ramin also enjoys reading works of French existential literature in his spare time.