Cyber ​​Warfare, critical scenarios and current risks

(To Andrea Puligheddu)

More and more the conflicts and consequences of the terrorist acts carried out generate repercussions or even new hostile actions in the cybernetic context, and it is transformed more often in the ideal field of battle on which to bring into being offensive and tactically and strategically relevant operations, both from the point of view of the effects generated than of the nature of the objectives struck. The key to defending from such acts of hostility lies in the protection set up for the sensitive infrastructures of the States, in the procedures for crisis management and for securing information and technological resources: in other words cyber security.

But what are the currently most significant threats and which are the main interpreters in the field?

For reasons of synthesis it is not possible to proceed with a complete list, but it is worth focusing on some of the main protagonists of the current scenario, which are elements that the international community will always have to monitor more in order to foresee the evolution of strategic variables on the global chessboard, and intervene as soon as possible if they from potential threats evolve into a real danger in the theater of cyberspace.

The first actor to be taken into consideration is also the most mediatically exposed: ISIS, otherwise known as the Islamic State or Daesh. The prominence acquired by this terrorist organization among the mass media has exponentially grown up to reach its peak with the tragic events of Charlie Hebdo and the massacre of November 2015 at the Bataclan theater in Paris.

Such visibility translates into terms of web reputation, even in a massive presence within the digital media with a role that is no longer merely passive but of active propaganda and the search for followers of the cause. In fact, the use of IT tools by ISIS for the pursuit of its terrorist purposes is in itself a peculiarity to be taken into account. In this regard, we can identify a double line of action followed: on the one hand there is an indirect operation that takes place through specific propaganda actions (cdmarketing terrorism"), Which aim to achieve consensus through the most popular social networks (Twitter is undoubtedly the vehicle most favored by them) and to receive funding with a real system of fundrising self-managed through the use of BitCoins, a virtual currency whose structure allows donors and recipients to manage the relationship with greater discretion and away from ordinary traceability; on the other hand there is an innumerable swarm of operators, characterized by a considerable fragmentation of cells and impossible to map adequately, enabled to perform typical cyber attacks on the sensitive infrastructures of countries hostile to ISIS. It is precisely on this last point that the US-based response implemented in a joint operation still in progress between the NSA (National Security Agency) and DISA (Defense information System Agency) in order to prevent and eliminate, with a view to managing the objectives, the propaganda structure of the Islamic State and the cybernetic skirmishes carried out by it. It is interesting to note that, also in consideration of the structure that the operation is acquiring, it is the first real one cyber war which sees the response of a regular army to offensives and potential threats put in place by a terrorist organization.

Among the powers of the constituted states, regardless of their pure recognition in terms of international law, two situations emerge that will undoubtedly need to be monitored in the present and more and more in the future, namely Iran and North Korea.

Iran, in terms of managing cyberspace, finds itself in a dominant position compared to all the other countries of the Middle East. First of all because of the organizational and technological stratification that led it to develop over the years a major nuclear program (and in some respects dangerousness). Secondly, the cybernetic territory is certainly a place in which since the 2012 with the establishment of the SCC (Supreme Council of Cyberspace) the Islamic Republic of Iran had placed some important perspectives, and on which it already experienced the first steps also at the operational level. With the advent of Rouhani (photo) to the presidency, it has also witnessed a dizzying increase in funds dedicated to cyber security: if indeed in June 2013 (ie when the current President of Iran was elected) the fund dedicated to computer security was around 3,4 million dollars, in just three years it reached the threshold of 19,8 million, with an increase in the dedicated budget equal to 1200%. Such a fact is more than significant, considering that technological capacity and the use of force are an increasingly inseparable pair in the relationship between Iran and the international community, both in terms of deterrence and in terms of potential conflict action . Iran is therefore fully among the list of technologically advanced powers, whose future role in the scenario of the cyberwarfare it is still all to be written. The balance between the need to be recognized as a diplomatic interlocutor by the United States and the variable hostility of relations with them (even within cyberspace) will be factors of certain strategic impact.

North Korea also represents a particularly interesting case to examine. The cyber space is not at all a new concept for it: already from the 2009 two governmental bodies had been established, the General Staff Department of the Korean army and the Reconnaissance General Bureau, respectively with the function of organization and management, among other proxies, also of offensive and defensive IT infrastructures. However, the paradox lies in the fact that, despite the resources and the dedicated units, the strategy adopted aims at maintaining a low computerization profile of the cardinal systems of the State, so as not to generate sensitive objectives and to manage access to the centralized internet network at national level with ample room for maneuver. The regime is not inactive anyway in terms of cyber threats: the 2014 attack on Sony, carried on a large scale and which generated a loss for the company that fluctuates between the 3 and the 10 billions of dollars, has been on several fronts accused to a direct order of the supreme leader Kim Jong Un, despite his denial. Beyond the effective operation on the cybernetic front, one fact remains evident, namely the leading role played by deterrence in the North Korean conception of the use of force. A mixture of the two elements is what seems to have happened in extremely recent times. At the beginning of March 2016 in fact, the supreme leader had threatened the United States and South Korea with possible offensive retaliation. The triggering object was a series of joint exercises between the US and South Korean military denominated War Games, structured in a first part of about 12 days focused on cyber terrorism prevention (Key Resolve) and a second one focused on the operations of the operating units (Foal Eagle). The 11 March was reported in a closed-door meeting between government bodies and South Korean intelligence services, which took place data breach on mobile phones of 40 National Security Officers, immediately blocked by the cyber security infrastructure of Seoul. There is no direct and explicit correlation between the attack received and the threats made by the PyongYang regime; however such an act would certainly fall within the perspective of the provocative and limited offensives put in place by North Korea, avoiding as far as possible a direct escalation and difficult to control. Certainly, according to South Korean government sources, the threat posed by North Korea should not be underestimated, compared to an estimate of approximately 6800 operational units ready to move cyber attacks and manage critical infrastructures eventually controlled.

 (photo: US DoD / web / IRNA)