Computer screens are about to go dark in North Korea.
That’s if Chancellor Philip Hammond is true to the promise – or threat – he made when launching the UK’s National Cyber Security Strategy last October.
“We will not only defend ourselves in cyberspace; we will strike back in kind when we are attacked,” said Hammond as he outlined Britain’s need for a digital deterrent and “offensive cyber capabilities”.
Skip forward to last week and US intelligence sources linked a global ransomware attack in May – which paralysed parts of the NHS – to North Korea’s spy agency, the Reconnaissance General Bureau (RGB).
We may never know if Hammond’s threat of retaliatory cyber-strikes saw computer systems locked in North Korean hospitals, electricity substations powered-down in Pyongyang, or the country’s trains brought to a halt by failing signals.
But the threat to Britain’s infrastructure from cyber-warfare was described as “Tier One” in the Government’s 2015 Strategic Defence Review – apparently, as significant a threat as posed by terrorism or military conflict.
The WannaCry attack was just one skirmish in ongoing cyber battles where “mutually-assured disruption” is the deterrent weapon of choice of nation states.
According to one leading academic in cyber security, Britain’s traditional strength in signals intelligence – from Bletchley Park to GCHQ and now the National Cyber Security Centre – means the UK is relatively well-prepared to defend or wage cyber-war compared to other European countries.
“But with one million variants of malware being created every day, you only need one of those to get through your defences,” said Professor Alan Woodward of the University of Surrey’s Department of Computer Science.
What the WannaCry attack underlined is that however strong national protocols and defences may be, weaker nodes in a distributed network, such as legacy IT systems in individual hospitals or doctors’ surgeries, will be vulnerable to attack.
To update and upgrade is a national imperative.
But where the private sector owns and operates part of the national infrastructure – from transport to the utilities – the government and security services can influence but not manage investment in IT systems and cyber defences.
The larger canvas painted by Professor Woodward is a complex landscape of different actors with varied motives and tactics.
Cyber-warfare is taking more subtle forms than direct efforts to shut down national infrastructure.
The cascade of revelations from Edward Snowden described US and UK involvement in mass surveillance programmes and 21st century international espionage, such as American security services eavesdropping on Angela Merkel’s mobile phone conversations and messages.
Allegations of Russian interference in elections in the US and France – even the UK’s Brexit referendum – through either hacking or the seeding and dissemination of bogus information illustrate how cyber war is being waged through attempts to influence national events.
And why switch off a rival nation’s critical systems if you can quietly degrade them – make them that little bit more inefficient or prone to breakdown – to cause ongoing economic damage? Alternatively, why not steal commercial or industrial secrets or hack banks and the financial markets to boost your country’s exchequer?
Cold War 2.0 has its proxy wars and mercenaries too; warfare waged by hackers offering “crime-as-a-service” to the highest bidder. NSA sources told the Washington Post they believe hackers known as the Lazarus Group designed the WannaCry attack for the North Korean government.
The second strand of UK action after the WannaCry disruption to the NHS will be what Hammond described as reducing the “cost and reduce the reward of cyber criminality – ensuring we can track, apprehend and prosecute those who commit cyber-crimes”. Arrest and prosecution in a British court of an international hacking syndicate may be ambitious; preventing them converting their Bitcoins to other currency is a more likely avenue of attack.
According to Professor Woodward the next phase of cyber-warfare will exploit the emerging internet of things where previously inert devices and appliances are connected and become both smart and hackable all at once.
From consumer electronics to new types of industrial control systems, the most urgent questions are who builds them, and where do they source their components?
Is malware present from the start; are devices being built with sufficiently high security?
Ironically, it seems the threat is compounded either by outdated security in old systems or questionable security in emerging new tech.
All sounds a bit paranoid? Ask the NHS patients whose appointments were cancelled last month because of keyboard warriors in North Korea.