In this digital age, it’s hard to consider the technology we have at our disposal as primitive or underdeveloped, but when it comes to cybersecurity and cyberattacks, we’re still just starting to understand the scope of what havoc technology can wreak.
Two-time Pulitzer Prize winner and New York Times national security correspondent David Sanger spoke Monday at Lander University as part of the school’s Larry A. Jackson lecture series. Having written multiple books on the development and deployment of cyberattacks, Sanger said today’s understanding of cyber is comparable to how well the Wright brothers understood how the airplane would be used.
When the Wright brothers first pitched the idea of a manned flying device to the U.S. Military in 1909, no one considered arming the plane. Instead, it would be used for surveillance. By World War I, planes were an important tactical weapon, and by World War II they were the vehicle for two of the deadliest weapons ever deployed by mankind.
“We have to enter the cyber age with the humility of thinking we have no idea what the warhead is going to look like,” Sanger said. “We know the delivery vehicle — the networks that connect all of us — but we don’t really know what the weapon will look like in 30 years any more than the Wright brothers knew that in 1909.”
But what is cyber?
Cyber attacks make use of the world’s increasingly connected digital networks to accomplish some goal. Some cyberattacks are done for the purpose of espionage, to manipulate data or to seize control of real-world systems that are connected to a network.
An early example of a cyber weapon is the American and Israeli-designed Stuxnet, a malicious computer program that in 2007 was used to target Iranian nuclear facilities. Stuxnet would go into the computer systems that controlled the speed of centrifuges used to enrich uranium and subtly change the speed of the centrifuges, eventually destroying 1,000 centrifuges and slowing uranium production.
“This is a weapon that was born in Silicon Valley, but has gone far beyond,” Sanger said. “Since Stuxnet, the world has witnessed a cyber race in which state and non-state actors continually develop new cyber tools which can be aimed at an infinite array of targets.”
The advent of the internet was supposed to bring the world together, Sanger said, uniting people through interconnected networks providing unprecedented access to information on a global scale. In 2007, the annual National Threat Assessment made by the nation’s intelligence communities made no mention of cyber at all. Months later, the release of the first iPhone from Apple put network-connected computers in people’s pockets, and the continued development of internet-connected devices has only created more doors through which hackers and perpetrators of cyber attacks can get into private networks. Now for the past six years, the National Threat Assessment has listed cyber as one of the nation’s top threats, Sanger said.
“If I can break into your iPhone, or your Fitbit or any of the other internet-connected devices you now walk around with, I can live in the confidence that you will walk me into your network,” he said.
One of the reasons why cyber attacks are such a prominent threat, Sanger said, is because for a long time they weren’t punished. Governments believed many cyber attacks were espionage efforts, and if America acknowledged and sanctioned other nations for performing espionage, it would face counterarguments that America has been using cyber for espionage purposes since Stuxnet.
“We live in the glassiest of glasshouses, and they’ve got all the stones,” he said. “Today, we know the power of the internet has been marshaled by some of the greatest authoritarian powers of our time.”
Now attacks against America are targeting citizens’ confidence and ability to discern the truth. Russian cyberattacks are recruiting Americans who have legitimate Facebook accounts to bypass the website’s filters and post Russian-made propaganda and misinformation aimed at driving a wedge between people in American communities, Sanger said. Russians have also infiltrated Iran’s cyber warfare unit, so future attacks will be harder to track, as it won’t be clear if the attack came from Iran or Russia.
It’s hard to know how to respond to cyberattacks because while strategists understand a concept of deterrence for things like nuclear weapons, there isn’t a working model for deterring cyberattacks, Sanger said. In 2018, President Donald Trump signed a still-secret order giving the NSA and U.S. Cyber Command the go-ahead to go into foreign networks without needing presidential approval, along with making clandestine cyber operations part of traditional military operations. But as global use of cyber attacks and incursions increase, Sanger said there’s reason to be hesitant.
“I think it’s a dangerous place to be because we’re using this weapon and escalating before we’ve had any discussion on whether we want to use it,” he said.