A group of Russian cybersecurity experts debate the likelihood of a cyberwar involving the U.S., Russia or China.

Can cyberwars become a reality? Photo: PhotoXPress

Although it may sound like a science fiction scenario, the prospect of a cyberwar involving the U.S. and Russia is becoming a subject of debate amongst both Western and Russian cybersecurity experts. As new cyberweapons are integrated into coordinated global cyberattacks (such as Stuxnet, Red October and TeamSpy), there is growing indication that cyberspace might become a very likely platform for a future cyberwar.

The sheer number of cyberattacks also proves that the Internet is becoming a very dangerous place. In the first quarter of 2013, Kaspersky Lab (Russia’s leading information security company) detected and neutralized more than 1.3 billion malware objects.

Russia Direct interviewed a number of leading cybersecurity experts to find out if cyberwars are possible between countries and if they are, what consequences they may bring about.    

Oleg Demidov, Project Coordinator, International Information Security and Global Internet Governance at The Russian Center for Policy Studies (PIR Center). In 2011, he participated in the Working Group on Cybersecurity of the Council for Security Cooperation in the Asia-Pacific (CSCAP)

Are cyberwars possible? The answer is rather clear. After Stuxnet – the worm that destroyed thousands of centrifuges in an Iranian nuclear plant – there are no longer any doubts that a piece of computer code can seriously damage a state’s crucial infrastructure and interests. This is what a key component of a cyberwar means: the purposeful destruction of the critically important infrastructure of the enemy via computer methods.  

Today, the U.S., China, Russia, Israel, France and other European countries can play such games. Two of them – Washington and Beijing – have the most powerful cyber potential and, in addition, see each other as potential rivals in the case of intergovernmental cyberconflict. American military strategies and experts have been working on possible scenarios of U.S.-China confrontation in cyberspace.     

For example, cyberweapons might be used in the escalating regional conflict in Taiwan and in the South China Sea over the next few years, maybe as early as 2015. This would potentially involve the U.S. as well. Diplomatic solutions are failing; military conflict is too risky while a cyberweapon is becoming a tempting option for resolving the standoff.  

Chinese cyberattacks are rumored to have the ability to paralyze air and rail transportation in some states of the U.S., switch off the New York Stock Exchange or erase databases of the biggest American banks, provoking a global financial chaos. In response, Pentagon could take Chinese satellites out of their orbits and provoke blackouts of multimillion megalopolises.  

Nobody dies but these attacks result in damages of billions of dollars. Besides, a “cyberduel” between countries may have “kinetic” consequences and lead to consequences for third-party countries.   

The White House’s 2011 cybersecurity international strategy doesn’t rule out the possibility of responding to a cyberattack with missile and warheads.

Remarkably, today more than 50 countries have been developing cyberweapons programs and this figure will be only rising. The world’s powers are mindful about the danger of “the cyberwar against all” and aim to come up with preventive agreements and rules of conducting cyberwarfare to inform each other about possible incidents.  

Infographic by Natalia Milkhailenko. Source: Kaspersky Lab

Pavel Sharikov, Head of the Center for Applied Research at the Institute for U.S. and Canadian Studies at the Russian Academy of Sciences. He is the author of more than 30 research articles about cybersecurity and international security

Cyberwar is a very complex issue. I know that the United States and many other countries rejected [that it’s possible] because there are not such things like cyberwars. Instead, there might be cyberattacks or information operations that support a traditional war. So what can happen is actually an adversarial attack from a non-state actor that can be somehow related to a nation-state.

For example, any citizen from any country who has a computer can use off-the-shelf technologies to initiate an attack and to inflict very serious damage. I doubt that many people would be killed. He may hack an electrical station or he may inflict some damage on transportation stations. All these have already happened – take the Stuxnet attack on the Iranian nuclear facilities a couple of years ago that essentially shut down the Iranian nuclear program.

So, cyberwars between great nations are unlikely, but cyberattacks from whoever is very likely possible.

Andrew Romanov, Deputy Director at the Coordination Center for Top Level Domain (TLD) RU.

Should we expect cyberwars between great powers? I don’t think that they will turn into open cyberconflicts and result in serious damage of infrastructure. It seems to me this may end up with a confrontation in the field of technology. Eventually, this will only result in increasing the potential of countries to develop their own offensive cybercapabilities. Whom can we call superpowers? Do you really think that they are the U.S. and China?     

Vitaly Kamluk, Chief Malware Expert, Russian Global Research & Analysis Team, Kaspersky Lab.  In 2009 he was appointed Director of the EEMEA Research Center. In 2010, Kamluk worked in Japan as a Chief Malware Expert, leading a group of local researchers

If I were to assess the likelihood [of cyberwars between great powers] on a scale from 0 to 1, I would say one. Here’s my subjective opinion as an expert: cyberwars are already being waged.

It’s just that they have one distinguishing quality in comparison with wars in the real world: they’re waged in secret. In one sense this is their advantage: they’re waged anonymously, so there’s no need to declare the start of a cyberwar. No one can ever know who was behind a particular cyberattack.

In my view, the risk lies more in the fact that not all disasters are adequately investigated. We very often hear about various tragedies, accidents and disasters, and often it turns out that something somewhere didn’t work properly, some mechanism or system failed. But why did it fail? We don’t manage to get to the bottom of it.

Our world today is so computerized that the consequences of a cyberattack can be as powerful as a physical attack. And today it’s not possible for us to know whether or not these kinds of incidents and accidents are connected to cyberattacks.