Why cyber-attacks on state critical infrastructure should be banned

Cyber-warfare is on the table of many contemporary military planners. Today they are trying to identify the role which cyber-weapons will have in wars of tomorrow. As cyber-weapons have proved to have corporeal physical effects that can be used as a means of war, it is clear that states are getting progressively concerned with their critical infrastructures (CI). For example, just recently Federal Bureau of Investigations and Department of Homeland Security in U.S. have issued warnings of possible cyber-attacks that can come from so-called “Syrian Electronic Army”, whose hackers have been targeting U.S. for sometime already. Security institutions in U.S. are thus especially concerned with situation ahead of possibility of military attack on Syria.

As states progressively depend on the intricate networks of infrastructures that provide functionality for the living frameworks such as housing, food, trade, communications, etc. the threats of the collapse of such infrastructures present challenges to national security. It has to be taken into account, that before weapons that could have damaged such infrastructures to catastrophic results required a lot of resources for their development and certain conditions for their deployment, such as for example the situation of an armed conflict. Today, the cyber-weapons are very easily procured with very limited resources and can be easily deployed without barrier of certain conditions.

What is most worrisome is the possibility of cyber-attacks on industrial control systems (ICS, or also known as SCADA systems) that can bring malfunctions in such systems as energy grids, oil and gas pipelines, critical communications of transportation, water-dams and cause their destruction with effect immediately targeting large group of civilian populations. Taking down train-control systems that will result in derailing of the locomotives are unlikely to directly target military objectives, the same can go to water-dams sabotage and the resulting flood.

As studies show SCADA systems can be very vulnerable to cyber-attacks and can be exploited to the point where the false information is inserted into the system (through so-called “worms” or other malicious software) and can have kinetic effect of collapse of the physical system within a matter of minutes if not seconds. At the same time isolation of the systems and going back approximately 30 years (when computer network systems didn’t exist) is not feasible anymore.

Described threats may be felt first of all by the oil and gas SCADA as they can be tempting targets for many politically motivated cyber-attackers. For certain states, for example, such as Turkey, Azerbaijan and Georgia (TAG) such situation should not be overlooked. Linked by the network of oil and gas pipelines of last generations these countries undoubtedly use the latest models of SCADAs. It has to be pointed out that such networks of pipelines will only grow in size and numbers according to the development plans of these states. Moreover, these countries are also linked by the Trans-Eurasian Information Super Highway (TASIM) project. TASIM is going to connect through fiber-optic line countries of Western Europe with Eastern Asia passing through TAG countries in the process making their respective cyberspaces even closer and comparable with their pipeline cooperation. The importance of the project is highlighted by the recent discussion in the UN General Assembly on September 4, 2013. With that in mind it has to be taken into account that though technological progress and integration can facilitate economic and social growth it also presents the stakeholders with certain security vulnerabilities.

It is logical then that SCADA systems should be protected. However, as undoubtedly a large number of technicians are working around the globe to boost cyber-security for industrial control systems, there always going to be a race between them and cyber-attackers. Another way of protecting SCADA systems is outlawing the attacks on such systems internationally. It is clear that such attacks will bring more damage to civilians rather that military objects and can be used more like the means of terror rather that means of war to achieve legitimate military objectives. With that in mind it is clear that such cyber-attacks should be banned as use of chemical and biological weapons, as terrorism, as illegitimate use of force. It should be done now to prevent the states from being tempted to use such cyber-attacks as covert options of “untraceable” use of force, due to the difficulties of attributing of a cyber-attack to the particular state.

Hence, there is a possibility for the group of countries like TAG to raise awareness and influence international community to the problems on cyber-attacks on CI. Through projects such as TASIM they can address the states bringing their attention to both great opportunities of integrated cyberspace as well as the need of joint action in international cyber-security.

Kamal Makili-Aliyev

Doctor of Laws (LL.D)

21.11.2013

Turkish Weekly