Russia, China and Cyber: what does a divided internet mean for the world? -TEISS® : Cracking Cyber Security
Plastic soldiers on a map

Cyber Warfare

Russia, China and Cyber: what does a divided internet mean for the world?

The global, borderless internet that a generation has envisaged is growing less and less global and borderless by the day. In fact, it’s becoming increasingly defined by geopolitical lines. This “balkanisation” of cyberspace takes many forms but seems immediately obvious in the recent focus of the US government on improving the integrity of its supply chain. Foreign technology providers including Huawei, ZTE and Kaspersky are just the first to find themselves in the firing line, but they certainly won’t be the last.

More recently the UK National Cyber Security Centre and the US Department of Homeland Security along with the Federal Bureau of Investigation issued a joint statement regarding malicious activities of Russian state sponsored entities. These entities are actively targeting devices running exposed Cisco Smart Install (SMI) services, allegedly in a large-scale operation to compromise and control key points on the Internet. These key points could later be used to conduct “man-in-the-middle attacks to support espionage, extract intellectual property, maintain persistent access to victim networks, and potentially lay a foundation for future offensive operations”.

Is this the beginning of a form of cyber-Cold War? The world’s superpowers are moving to occupy strategic territory in cyberspace by exploiting vulnerable systems. Those companies and countries caught in the middle will have to decide on which side to stake their allegiance. In this rapidly fragmenting world, technology and cyber capability will increasingly define the prosperity of nations.

Not just their problem

Another example of this splintering of cyberspace is China’s fearsomely successful efforts to segregate its own bit of virtual land from the rest of the world. The “Great Firewall” demonstrates how political will can leverage technology in a terrifyingly effective way. The “Chinternet” (as it is sometimes called), has effectively cut off over one billion people from the rest of the world — helping to foment mutual distrust and divide the world. The Putin regime is taking this as an example which Russia should follow, joining China at the UN in calling for a model of cyber-governance based around “internet sovereignty”; a byword for censorship and balkanisation. In April this year, Russia's telecoms watchdog obtained permission from a Moscow court to block the popular messaging app Telegram after a bitter dispute around access to encryption keys, resulting in large ranges of US giant Amazon’s IP addresses being cut off from within Russian territory.

The fear is that certain Western countries may be softening their own opposition to this model. Theresa May’s government has already stated its desire to regulate and control the internet in the UK.

A threat to integrity

Balkanisation is happening not just at a network and government level, but also practically in terms of software and systems. It is increasingly impacting the critical notion of integrity.

As many in the cybersecurity space will know, the widely accepted “CIA” security model consists of confidentiality, integrity and availability. Confidentiality here is linked to the threat of data theft, while availability could be seen in context of the DDoS and ransomware attacks increasingly submerging IT teams around the world. Integrity hasn’t quite had the same press as the first two concepts, yet it plays a vital role in any effective security strategy and is increasingly the goal of nation-on-nation cyber-attacks. It therefore warrants some consideration in this context.

It is widely believed that US and Israeli-backed state hackers developed the Stuxnet worm, for example, to slow Iran’s nuclear programme. It was done by targeting not just the centrifuges at the Natanz facility but also the telemetry systems used by engineers to manage and troubleshoot systems. It compromised a contractor’s computer and injected malware into the legitimate code he was writing to run on the Siemens control system. By infecting the integrity of the telemetry systems, the attackers made it incredibly difficult to determine the root cause of the problem.

The exploitation of vulnerabilities in the supply chain could have even more severe repercussions. A report Chatham House published early this year claimed that cyber-attacks on nuclear systems could undermine integrity, “leading to increased uncertainty in decision-making” and potentially even the inadvertent use of nuclear weapons. If the likes of US government leaker Daniel Ellsberg are to be believed, even the slightest failure of integrity of nuclear weapons control systems could and probably would have genuinely catastrophic consequences for the entire planet, making this a risk that cannot be ignored, no matter how improbable we may consider it to be.

Integrity is hinged on credible, accurate, and trustworthy information and systems. If you damage that, you create significant problems. Attacks on the integrity in cyberspace often support the policy and political agendas cyber campaigns seek to achieve. The US and Israel found a way to do it at Natanz. What does it mean if it also happens to nuclear weapons or other critical systems?

The silent cyber war

Geopolitical boundaries have little meaning in cyberspace. Traditional warfare requires crossing into a country’s airspace, across its land border, or maritime limits. What is happening in cyberspace today amounts to a similar kind of territorial occupation by the world’s superpowers. This time they’re not sending in troops to occupy key strategic geographical positions but exploiting vulnerabilities in critical infrastructure, occupying strategically important networks and collecting intelligence for possible use at a later date. Unfortunately, the inevitable consequence is that the companies running these systems will be hit, and their customers and partners will be impacted. The cyber battle is being fought on our streets and in our buildings with tools no civilian can hope to pick up and use.

Stuxnet and NotPetya are great examples of what can happen when nation states attack. In the latter case especially, there was a huge impact on customers and citizens around the world as businesses were locked down and services impacted. WannaCry, meanwhile, showed what can happen when state-developed exploits — most notably the NSA’s EternalBlue tool — are leaked and abused by others. The NHS was forced to cancel an estimated 19,000 operations and appointments.

Yet the governments of most major powers are still investing billions into offensive cyber efforts. The US government has flagged the Chinese military’s major focus on this as a way to gain an advantage. There have even been reports that US cyber-spies may have scuppered North Korean missile launches in the past, in a Stuxnet-like plot. This might not concern most people, at least those lucky enough to live in one of the world’s cyber-superpowers. But it does present some tricky issues of survival for smaller, less technologically adept states, who are generally well connected, but not well protected on the Internet. It’s likely that for many smaller nations, key systems and Critical National Infrastructure may already have been compromised by bigger players.

What happens to your own credibility as a nation when the integrity of your systems is effectively built on compromised systems? One click and your national sovereignty is washed away. Allying with a superpower could be the only way forward to maintaining that all-important integrity in key systems. It might be a kind of digital feudalism, but it could be the least bad option for smaller nations facing these threats and it further exacerbates the growing threat of global balkanisation.

The possible illusion of choice

The balkanisation of cyberspace is still happening, though no one can quite predict how it might ultimately impact the world in which we live. But on one level it certainly threatens the internet freedoms and unhindered flow of global data around which much of our digital lives revolve. It also threatens the development of global, enforceable, and helpful cyber security laws.

However, in the end organisations and government may not really have that much of a choice as to who to fall behind. In this new breed of Cold War, there is a choice, and at the same time there is no choice, as to who to support. Those caught in the middle have the unenviable position of being moulded to a form that best benefits those who seek to further control the internet and the freedoms found within.

Charl van der Walt, Chief Security Strategy Officer, SecureData