A hack like this could start the next world war
There’s no end in sight to cyber disruption after the latest attack on Microsoft’s email software. You need just one to start a destructive chain reaction
It may be years before we get the Franz Ferdinand hack, but one cyber attack has the potential to set off a global war the likes of which we've never seen. Think beyond power and internet outages to banking failures, food shortages and poisoned water.
In the latest offensive, Chinese-backed operatives exploited vulnerabilities in Microsoft Corp.'s Exchange Server with vibrations felt around the world, mostly among small and medium-sized enterprises. Two months ago, the U.S. administration pointed the finger at Russia for a major attack on software provider SolarWinds Inc. which appeared to target government customers.
There's no end in sight.
So far, despite dozens of cyberattacks among superpowers over the past two decades, the world has kept spinning on its axis and life for most people has continued on largely unhindered. That could change at any moment.
Trouble was already brewing in early 20th century Europe as various nations jostled for supremacy and started arming themselves accordingly. So the June 1914 assassination of Archduke Franz Ferdinand, the heir presumptive to the throne of the Austro-Hungarian empire, was the match that lit the dry tinder of regional tensions, resulting in a war of attrition that left 20 million dead.
The global war against terror too was catalyzed with a single event. By the time al-Qaeda launched its attacks on the U.S. mainland on Sept. 11, 2001, the confrontation between extremist terrorist groups and the West was already fierce — the USS Cole was bombed in October 2000. The American response would expand from Afghanistan to Iraq, with territory less of an objective than control over populations, ideology and resources.
Now we are experiencing a new type of combat. Where state and semi-state actors wage war against victims both targeted and broad, where the specific goals are unclear — perhaps disruption, possibly theft of technology and information, or even general fear, uncertainty and doubt — and the primary weapons are lines of software code. This style of battle has victims whose identities are not always known and perpetrators who hide their work.
Witness China: The speed at which Beijing denies an attack is often inverse to its likely culpability. Or the U.S., for that matter. As far back as 2005, it collaborated with Israel to unleash the Stuxnet worm which hobbled Iran's uranium enrichment program. While neither has formally admitted to their role, they also haven't been particularly vociferous in rebutting the charge.
There's a perverse parallel to be drawn between cyber weaponry and nuclear armaments. After the U.S. dropped two atomic bombs on Japan in 1945 and brought the war in the Pacific to a close, fears rose that more horrifically destructive attacks might follow as nations including the Soviet Union, the United Kingdom, France and China developed their own capabilities. Yet the reverse was true, giving rise to the concept of Mutually Assured Destruction as a reason why restraint was observed.
In the case of cyber warfare, though, nations appear unwilling to admit to their ability or deployment of such weaponry. As the New York Times wrote in 2012, then-President Barack Obama was reticent to publicize the U.S. role in the Iran attacks for fear that doing so would allow other nations, terrorists or even hackers to justify similar action. It's likely Beijing takes the same view by swiftly and repeatedly denying such offensives even when its fingerprints appear to be all over the attacks.
Indeed, Obama and Chinese leader Xi Jinping stood on the White House steps in 2015 to announce a truce on economic cyber espionage — a detente of seemingly limited scope. Yet that cessation lasted less than four years amid allegations that China renewed its attacks. The U.S. and its allies are unlikely to have refrained from hacking, either.
And so the cyber capabilities will grow and incursions continue, tit-for-tat. All you need is one such hack to have gone too far and to trigger an outsize response, one that results in a set of chain reactions with multiple and continuous cyber retaliations paralyzing power grids, data transmission, agriculture, information flow, transportation systems, and food supply chains. While it may lack the mushroom cloud of an atom bomb or explosive force of missile strikes, the devastation could be as widespread and even lead to military confrontation.
That's why the best hope may be that the cyber equivalent of nukes are developed and obtained — and publicly acknowledged — by all major powers. These would be perceived to have the potential to overwhelm and cause so much upheaval and destruction that using them would be impossible. Yet their mere existence may once again give rise to the notion — and fear — of mutually assured destruction, and its paradoxical benefit: peace.
Tim Culpan is a Bloomberg Opinion columnist covering technology. He previously covered technology for Bloomberg News.
Disclaimer: This opinion first appeared on Bloomberg, and is published by special syndication arrangement.