Ciberguerra

Ukrainian special operations forces at a consumer electronics exhibition in Kyiv, September 2019. Valentyn Ogirenko / Reuters

A somewhat conventional war is underway in Ukraine, featuring organized and professional soldiers, a chain of command, advanced weapons such as drones and tanks, and state-crafted tactics and strategy. But a parallel war is also taking place, mostly in cyberspace, fueled by foreign volunteers fighting for either Russia or Ukraine. These online volunteer forces are loosely organized and don’t have a chain of command. They have grown exponentially since the war began in February—Ukrainian authorities estimate that some 400,000 hackers from numerous countries have aided the country’s digital fight so far. Several high-profile figures have offered to join the cause: the entrepreneur Elon Musk, for instance, has challenged Russian President Vladimir Putin to a “single combat” duel to decide the fate of Ukraine.…  Seguir leyendo »

A satellite view of a Russian convoy heading south, near Velykyi Burluk, Ukraine, April 8, 2022. Maxar Technologies / Reuters

During a Senate Intelligence Committee hearing in March, Senator Angus King, an independent from Maine, pressed General Paul Nakasone, the head of U.S. Cyber Command and director of the National Security Agency, about the lack of significant cyber-operations in Russia’s war in Ukraine. After all, Russia has long been known for targeting Western countries, as well as Ukraine itself, with cyberattacks. Echoing the surprise of many Western observers, King said, “I expected to see the grid go down, communications too, and that hasn’t happened”. Indeed, although President Joe Biden and members of his administration have also warned of potential Russian cyberattacks against the United States, there were remarkably few signs of such activity during the first six weeks of the war.…  Seguir leyendo »

The Myth of the Missing Cyberwar

After Russia invaded Ukraine, many observers initially expected cyberattacks to steal the limelight as a major instrument in Russia’s arsenal. But after a month of fighting, a host of prominent scholars and analysts of cyberconflict have reached the opposite conclusion. Russia’s activities in cyberspace, they claim, have been paltry or even nonexistent. They have dismissed the role of cyber-operations, variously proposing that digital preparations for the invasion in Ukraine never occurred, were haphazard or lacked any real impact, or were mere continuations of Russia’s long-term cyber-activity against Ukraine that fell below the threshold of outright war.

This is a dangerous misdiagnosis.…  Seguir leyendo »

“Cyberwar is coming!”

For decades now, we have heard this refrain from the American defense establishment. We were warned that the next big state-on-state military confrontation could start with a flash-bang cyberattack: power outages in major cities, air traffic control going haywire, fighter jets bricked.

As Russia started amassing around 100,000 troops along its western and southern borders through 2021, Ukraine seemed to be the ideal battle space for such an apocalyptic scenario. The country has already seen some of the most brazen, shrewd and costly cyberattacks in history over the past eight years: hacks and election interference in 2014 as Russia annexed Crimea, remotely caused blackouts in 2015, devastating ransomware attacks in 2017.…  Seguir leyendo »

Putin’s invasion of Ukraine didn’t rely on cyber warfare. Here’s why

The ongoing conflict in Ukraine has perplexed observers expecting to see the cyber dimension unfold differently. When Russia began to mass troops along Ukraine’s borders, analysts predicted that cyber operations would be critical to Putin’s military strategy.

One headline offered that the Russian invasion could “redefine cyberwarfare”. Former White House cyber expert Jason Healey hypothesized that, “it will be the first time a state with real capabilities is willing to take risks and put it all on the line”.

Despite these predictions, the expected “shock and awe” Russian cyber campaign in preparation of the invasion of Ukraine never emerged. Moreover, while the conflict will undoubtedly evolve, cyber operations don’t appear to be playing a decisive role on the battlefield.…  Seguir leyendo »

Cuenta el que fuera asesor de Ronald Reagan, Thomas Reed, que en 1982, en plena Guerra Fría, un ciberataque provocó una “monumental” explosión de un gasoducto transiberiano “que fue vista desde el espacio”. Lo recoge su libro En el abismo, basado en el testimonio del exconsejero de Seguridad Nacional del Gobierno de EE UU Gus Weiss. Aunque la KGB lo negó, el caso de la llamada “bomba lógica original” es comúnmente citado como la primera ciberagresión bélica de la historia.

Desde entonces, se libra online otra Guerra Fría —la cibernética— que nunca termina. Una con tácticas más sutiles, pero graves consecuencias.…  Seguir leyendo »

Que un conflicto se salga o no de control depende de la capacidad para comprender la escala de las hostilidades y comunicarse en relación con ella. Por desgracia, cuando se trata de conflictos cibernéticos, no hay un acuerdo respecto de su escala o de cómo se relacionan con las medidas militares tradicionales. Lo que algunos consideran un juego o batalla aceptables de común acuerdo puede no parecerle lo mismo al otro lado.

Hace un decenio, Estados Unidos usó acciones de cibersabotaje en vez de bombas para destruir instalaciones iraníes de enriquecimiento de uranio. Irán respondió con ciberataques que destruyeron 30 000 computadoras de Saudi Aramco y afectaron a bancos estadounidenses.…  Seguir leyendo »

Celebrations in March marking Poland's 20 years as a NATO member. Photo: Getty Images.

Under NATO’s ‘enhanced forward presence’ programme, small additional contingents from other NATO allies join the host nation’s troops in Poland and the Baltic states to bolster deterrence against any further Russian military adventurism.

These contingents have inevitably become the targets for malign Russian information activities. But so have their communities and families at home.

In the Russian view of information warfare, there is no front line and rear areas, and no non-combatants. According to Russia’s Chief of General Staff General Valeriy Gerasimov, a key feature of modern warfare in the information domain is ‘simultaneous effects to the entire depth of enemy territory’.…  Seguir leyendo »

Hace unos meses, funcionarios estadounidenses reconocieron que ciberoperaciones ofensivas de los Estados Unidos habían detenido intentos rusos de interferir en la elección legislativa de 2018. Esta clase de operaciones suele mantenerse en reserva, pero esta vez se habló de una nueva doctrina ofensiva de “combate permanente” (persistent engagement) con adversarios potenciales. ¿Funcionará?

Los partidarios del “combate permanente” lo defendieron con el argumento de que la disuasión no funciona en el ciberespacio. Pero eso es plantear una falsa antinomia: bien usada, una nueva doctrina ofensiva puede reforzar la disuasión más que reemplazarla.

Por “disuasión” (deterrence) se entiende evitar una acción del oponente convenciéndolo de que su costo superará el beneficio esperado.…  Seguir leyendo »

Tras haber presenciado las protestas populares que, desde las revoluciones de colores en la ex Unión Soviética a la Primavera Árabe, ponían en cuestión el poder de sus gobernantes, los autócratas del mundo han ido adoptando medidas legales que apuntan a incapacitar a grupos cívicos como los movimientos por la democracia y las ONG de defensa de los derechos humanos. Entre ellas, las de más amplio alcance son las que permiten a los funcionarios monitorear y castigar las iniciativas en línea de los activistas.

Aunque siguen siendo una importante preocupación las redadas abiertas de las fuerzas de seguridad, en los últimos años los regímenes autocráticos recurrido cada vez más a herramientas legales y burocráticas para obstaculizar las actividades de sus oponentes.…  Seguir leyendo »

The headquarters of Organization for the Prohibition of Chemical Weapons in The Hague. Photo: Getty Images.

The recent revelations about the cyberattacks conducted by Russian military intelligence (GRU) in several countries did not come as a surprise. The UK and its allies have been calling for public attribution of cyberattacks coupled with, when appropriate, a series of diplomatic and economic responses, and even retaliation-in-kind. The thinking behind this is that attribution, coupled with sanctions initiated by a united front of like-minded states, could create a deterring effect.

However, these revelations also play into wrangling over cyber regulation at the UN level. Russia is planning to submit two UN resolutions later this month, one on a code of conduct to regulate states behaviour in cyberspace and one on a new UN cybercrime convention.…  Seguir leyendo »

Dirigentes políticos como Leon Panetta (ex secretario de defensa de los Estados Unidos) llevan años advirtiendo del peligro de un “Pearl Harbor cibernético”. Sabemos hace algún tiempo que posibles adversarios han instalado software malicioso en nuestra red eléctrica. Existe la posibilidad de un corte de energía repentino que afecte a grandes regiones, causando trastornos económicos, caos y muertes. Rusia usó un ataque de ese tipo en diciembre de 2015 como parte de su guerra híbrida contra Ucrania, aunque sólo duró unas pocas horas. Antes de eso, en 2008, ya había usado ciberataques para obstaculizar los intentos de defensa del gobierno de Georgia contra tropas rusas.…  Seguir leyendo »

La urgencia de tomar previsiones ante posibles ciberataques

Si te preocupa el terrorismo, he aquí una amenaza más grande para perder el sueño: un ciberataque generalizado. De pronto, la oficina se queda sin electricidad. Las redes de telefonía celular y el internet también se apagan, junto con los metros y los trenes.

Los caminos están atascados porque no funcionan las luces de los semáforos. Las tarjetas de crédito son tan solo unos trozos inservibles de plástico y los cajeros automáticos no son nada más que grandes pedazos de metal. Las gasolineras no pueden bombear combustible.

Los bancos perdieron los registros de las cuentas de los depositantes. Las puertas de las presas se abren misteriosamente.…  Seguir leyendo »

Concerns were raised about the cyber vulnerability of the new HMS Queen Elizabeth. Photo: Getty Images.

It is not a matter of if you will be attacked, but when. No organization, be those international institutions, government agencies or small businesses can ever be 100 per cent cyberattack proof, as several examples have recently indicated. Therefore preparedness, in the form of testing cybersecurity structure via different tools for any potential attacks, is vital for minimizing cyber risks. This is as true for the maritime sector and any other, since the outcomes of such an attack may vary from loss of revenue to environmental disaster and loss of life.

Testing, as a feedback process, is required for two reasons.…  Seguir leyendo »

Pedestrians walk past a spray painted job advert for Government Communications Headquarters (GCHQ) on the pavement. Photo by LEON NEAL/AFP/Getty Images

Until 1994, GCHQ, the British signals intelligence agency, didn't officially exist. Now, it has emerged out of the shadows to take a very public role at the heart of British cybersecurity.

Public accountability for intelligence services is crucial to any democracy but, as the recent WannaCry ransomware attack showed, there are inevitable conflicts of interest between the role of intelligence services and network safety.

The past seven years have seen a dramatic change in profile for GCHQ. While the number of police officers has been cut by 14 per cent since 2010, GCHQ's staff numbers - according to the Home Office - have grown by more than ten per cent in the same period.…  Seguir leyendo »

Manger léger, courir… et protéger ses données

Le monde est en guerre. Avec 5 millions d’attaques quotidiennes répertoriées, des millions de nouveaux combattants qui se bousculent sur le front chaque semaine, l’ampleur du conflit s’avère immense. Il s’agit bien sûr de cyberattaques et de virus informatiques mais, comme la technologie structure désormais nos sociétés, l’enjeu devient vital. La vigilance doit même être augmentée au moment où la voiture autonome – susceptible d’être hackée, elle aussi – va envahir nos routes. Si un pays s’est imposé comme leader dans le secteur, c’est Israël, où prospèrent plus de 400 entreprises spécialisées, un chiffre énorme rapporté à la taille du pays.…  Seguir leyendo »

The Cyber Fusion Center at Maryville University in St. Louis, which monitors attempted computer hacking attacks around the world. Credit J.B. Forbes/St. Louis Post-Dispatch, via Associated Press

While the specifics of Russia’s interference in the 2016 American election remain unclear, no one doubts that Moscow has built a robust technological arsenal for waging cyberattacks. And as tensions between the two countries rise, there’s a good chance President Vladimir Putin will consider using them against American interests — if he hasn’t already.

A cyberwar could quickly become a real war, with real weapons and casualties. And yet for all the destructive potential of cyberwarfare, there are precious few norms regarding how such conflict should be conducted — or better yet, avoided.

Cyberweapons won’t go away and their spread can’t be controlled.…  Seguir leyendo »

En una reciente encuesta a profesionales de ciberseguridad, durante su conferencia anual celebrada en Las Vegas y denominada ‘BlackHat’, el 60% de los encuestados dijeron que creían que Estados Unidos en los próximos dos años iba a sufrir un ataque exitoso contra su infraestructura de importancia crítica. Además, la política estadounidense continúa convulsionada a causa de las secuelas de la ciberinferencia rusa en las elecciones del año 2016. En este contexto se plantea la siguiente pregunta: ¿serán los ataques cibernéticos la tendencia inevitable que sobrevendrá en el futuro, o existe la posibilidad de desarrollar normas para controlar los conflictos cibernéticos internacionales?…  Seguir leyendo »

En la sesión más discutida en Def Con, a los hackers se les permitió manipular una serie de máquinas de voto electrónico. Credit Mark Ovaska para The New York Times

Si hay alguna lección que debamos aprender de los sucesos del año pasado, podría ser esta: los hackers son gente peligrosa. Interfieren en nuestras elecciones, ponen de rodillas a corporaciones gigantes y roban contraseñas y números de tarjetas de crédito por montones. Ignoran los límites. Se deleitan al provocar caos.

Pero ¿qué tal si esa es la conclusión equivocada? ¿Y si estamos ignorando a un grupo distinto de piratas informáticos que no son renegados anárquicos, sino ciudadanos patrióticos y solidarios con el público que quieren utilizar sus habilidades técnicas para proteger a su país de ciberataques, pero que son obstaculizados por leyes obsoletas e instituciones excesivamente proteccionistas?…  Seguir leyendo »

President Xi Jinping of China, right, with President Rodrigo Duterte of the Philippines at a meeting in May in Beijing. Credit Pool photo by Etienne Oliveau

Reports this month that the United Arab Emirates orchestrated the hacking of a Qatari news agency, helping to incite a crisis in the Middle East, are as unsurprising as they are unwelcome. For years, countries — in particular Russia — have used cyberattacks and the dissemination of disinformation through social media and news outlets to provoke protests, sway elections and undermine trust in institutions. It was only a matter of time before smaller states tried their hand at these tactics.

With few accepted rules of behavior in cyberspace, countries as big as China or as small as Bahrain can be expected to use these kinds of attacks.…  Seguir leyendo »