"Cyber Wars - Recent Hackings A Prelude To Much Worse?" Topic

So, do you think all the recent hacking of corporate and government information is an end onto itself, just to prove vulnerabilities and create fear?

Or do you think it's just the first step of something much, much bigger?

Just wondering.

Dan
PS. And could it be gamed?

It may not be a prelude, but it does indicate the capability is out there and will only become more capable in time. I think it's only a matter of when, not if, before someone carries out a cyber attack that causes real damage and not just monetary damage.

The question we still haven't dealt with is when does a cyber attack become an act of war that leads to military action?

Or do you think it's just the first step of something much, much bigger?

Hardly the first step. Cyber attack has been happening since the 1940s.

And no, it's not the first step of something bigger, it's part of a continuing whole. The "bad guys" are out to steal, compromise or destroy information. The "good guys" are trying to prevent that.

Cyber Warfare, or the 5th dimension of warfare, has already been going on. The US military will consider many forms of cyber warfare in any form of operation.

The problem for gaming is that most of what goes on in the cyber world will be happening long before and after the actual physical battle and my not affect the battle its self.

There are some boardgames that have cyber warfare. As for a miniatures game you could have the local battle net go down do to hacking or jamming. Tomorrows War sort of has this in their cards.

Cyber is a capability. It will be used just like any other capability. A (smart) military will use it for combined arms effects like any other capability. Since cyber has covert characteristics (it isn't completely so), you would be wise to use the capabilities like other covert capabilities.

… and that's where it gets ugly for us …

On the tabletop, covert capabilities are tough and often unsatisfying. For example, I want to deploy a sniper squad before the battle to shoot at the flank of my enemy … How do they know I was being fair? Heck, how do I know I was being fair? How does a tabletop interaction go if you both can't know how many snipers I have and where at the time I adjudicate the attack?

Same thing goes with cyber. I launched my first missile salvo at you. By the way, I deployed malware to your C4 system last week and activated it just as your AMD started targeting my incoming.

So, is it fair (in terms of tabletop) to spring this on you as you respond to my attack? Should we stop play, go back and give you a chance to detect and stop my malware? If you're successful, shouldn't I get a chance to try to deploy something else? Or if you are being sneaky and disabling it without removing it (and allowing it to respond to signals I send), do I get a chance to detect your counter-cyber? And so on…

Now, I like a good Kwai Chang Caine flashback as much as anyone, but … y'know?

None of those challenges is insurmountable. But they tend to lead places that don't align well with the tabletop experience. That's not necessarily bad, but you will end up with a lot of people not getting … and not liking … the flow of your game.

If you're looking for rules for cyber warfare games, try these:

There's a print and play, card and dice game on boardgamegeek.com …Jacked In. It's more of a hacker vs intrusion detection system game (think of the book Neuromancer).

For tabletop, though, I can see a game where you choose your minis. Deploy on the tabletop, then pull from a card deck. The cards would have various effects caused by a previous or on-going cyber attack. Possible effects:
Negate the card that the other player just played.
Have the other player discard 2 cards (your counter measures were just that awesome).
Lose a squad (unit?) (their comms were hacked and they never got the message to show up).
Resolve a mortar attack on your opponent (your cyber guys gave the other team's mortars the wrong co-ordinates).
Lose a mini (his medical records were falsified and the docs gave him something he was allergic to).
Lose an activation (comm problems again)
Tight ammo (logistics computers were hacked and they didn't get the correct ammo for your unit).
Negative morale effects (during the unit's last R&R, the only movie available was "It's a Wonderful Life", and they watched it over and over and over).

I think the biggest problem with all the hacking and technology advances is that it becomes so much harder for the lay-wargamer to know what is real!

Yes, and as they've been saying for a few years now, our powergrid and banking systems are very vulnerable, as are many other targets, too

There are attacks on a daily basis, and some targets get hit hundreds, or more times a day.

So, I'd say many are very vulnerable, to the point of losing all control of them, e.g. nuke powerplants, etc.

A general on the news, just a month or so ago said that we are at parity with international hackers, in terms of our capabilities to fight them in cyberspace, especially when they are created and directed by units created by foreign nations to attack us.

I'm surprised we haven't issued warnings that surprise cruise missile, or stealth bomber attacks MAY be launched without warning against such entities, especially when they try to hack sensitive targets like our electrical grid and powerplants, banking system, Pentagon, and key weapons manufacturers.

I'm also very surprised that these vulnerable entities don't have their own, separate, stand-alone controls, not linked in directly to the internet, in order to protect them. Same goes for our military, and corporations.

The Chinese hackers got the plans for the F-35 stealth fighter, apparently, but decided not to make a clone of it (at least that we know of, currently). Perhaps that says more about the F-35's capabilities than the Chinese military's ability to hack sensitive info.

I cannot confirm or deny that it is all about deniability,

This is why I am dreading the day we need a new fridge or coffee machine (or whatever household item)and all that is available are 'smart' versions.

I imagine within the next 5 years or there will be a spree of household hackings with early speculation that it is terrorist or organised crime out to do some serious harm.

Then it is discovered it is just some kids causing mischief with their phones. As long as they leave the WiFi connected gas lines alone, there should not be too much trouble caused.

Why even have dangerous infrastructure connected to the internet?

This is why I am dreading the day we need a new fridge or coffee machine (or whatever household item)and all that is available are 'smart' versions.

The simple answer to that is – don't connect it if you don't want to. Any such "smart" device that cannot run without being "connected" is not worth having.

It's what the smart coffee maker is making eyes at the smart fridge you need to worry.

There has already been a frig hacked. It sent out about 750k spam emails.

Why even have dangerous infrastructure connected to the internet?

It's cheap.

Small companies and startups gain market advantage by not having dedicated and more secure infrastructure. They gain a foothold and their market share grows faster than the threat interest (or, more accurately, the threat isn't going to go after them until there is enough money in it to make it worth not doing something else that they are doing).

Their practices spread to the rest of the market because of their "success". Soon you have a sector that is significantly dependent on a mediocre or bad idea.

It's difficult to put the genie back in the bottle, especially when that means a sharp jump in consumer prices and a noticeable delay in benefit that comes with investing in infrastructure replacement.

As long as people will complain about why "somebody" doesn't do "something" about what the big box store is doing to society/culture/domestic viability/retail workers/etc. while still shopping at Wal-Mart themselves, this is unlikely to change.

For all the "power' wielded by Hackers like Anonymous, and all their threats to topple world power bases, the fact is tapping a few buttons will never completely destroy a social or business organization.

Did Anonymous's "War on IS" manage to save the Jordanian pilot, for instance? IT people have a bloated sense of their abilities, which to be honest, we have given them.

For all the "power' wielded by Hackers like Anonymous, and all their threats to topple world power bases, the fact is tapping a few buttons will never completely destroy a social or business organization.

link
link