2009 and 2010 can be regarded as an early checkpoint in the paradigm of state-sponsored Cyberwars. The years witnessed the infamous emergence of the Stuxnet code developed covertly by US and Israel to target Iran’s nuclear enrichment centrifuges that inadvertently—and all the more worrisomely—spread and affected critical infrastructures worldwide. The events that followed in unravelling the malicious intent of the virus spurred other nations’ interest..
Nations realized that the cyber world could and would very well become a battleground frontier with hackers as the arsenal and critical infrastructures, the target, directly jeopardize citizens’ lives. Cyberwar has indeed augmented its capacity and capability for border-less attacks.
Fast forward ten years, in April 2020, the world’s worst fears regarding Cyberwarfare began to materialize as Israel and Iran started to engage in a tit-for-tat cyberattack spree which continued well into 2021 and could very likely be an ongoing undesirability going forward. These countries can be regarded as the first movers in Cyberwarfare.
How the Cyberwars are Affecting Civilian Lives
It all began in April 2020 when an Israeli water pumping station’s systems were compromised due to a cyberattack, leading to the breakdown of individual pumps. The attack source was traced to Iran. The retaliation, weeks after the incident, came from Israel-based hackers attacked towards a port in Iran.
Wired Magazine quotes Lotem Finkelstein, director of Check Point, an Israeli cybersecurity company, saying that this was the flashpoint for a new trend of Cyberwarfare where infrastructure was targeted, disrupting the daily lives of millions of people in these two Middle Eastern nations.
The Cyberwarfare intensified this year when a team of hackers belonging to Black Shadow, allegedly backed by Iran, made public the intimate details of around a million users of the widely used Israeli LGBTQ app, Atraf. Meanwhile, on October 26, 2021, over 4,300 of Iran’s gas stations were affected, reportedly by a cyberattack. The country blamed the US and Israel for this violation.
Earlier, on July 9 and 10, 2021, cybercriminals reportedly interrupted Iranian train services by posting bogus delay announcements on digital billboards that read, “Long delays due to cyber attacks. More information: 64411.” The phone number is said to be of the office of Ayatollah Ali Khamenei, the Iranian supreme leader.
The intent of all these attacks continues to be unequivocally identical, causing turmoil and disorder that adversely impact the lives of ordinary citizens and business houses.
A Warfare that Traverses Boundaries
The United States has also been bearing the brunt of state-sponsored cyberattacks. It warned Iran for attempting to hack the computers of the world’s richest nation’s crucial infrastructure networks, including hospitals and voter registration systems.
Stating that diplomacy has been better between nations in the Middle East, Esfandyar Batmanghelidj, a visiting fellow at the European Council on Foreign Relations think tank, is of the view that nations in the region, by flexing their new-found cyberwarfare muscles, are showcasing their capabilities in an attempt to create a new kind of power balance in this region.
Iranian cybercriminals are involved in nefarious activities in various Western nations. The IT security officials of the US, the UK, and Australia, on November 17, stated that the state-backed hackers had upped their activities against healthcare and transport organizations in the US and Australia since March 2021.
Why Government Organizations and Critical Infrastructures Should Consider Ramping up Their Cybersecurity
To prevent the terrifying notion of cyberwarfare from morphing into disaster, governments like US and Canada should consider keeping checks in this new and treaty-less landscape. Governments will have to consider putting regulations in place by engaging with non-state actors and taking forward diplomatic proposals with Iran.
The need of the hour for the governments—entailing offices of various functional arms and critical infrastructures— to equip themselves with solid cybersecurity defence systems so that their critical infrastructures and civilian lives aren’t disrupted. This will ensure that cybercriminals, wherever they are operating from, are given no iota of a chance to target technology that facilitates essential services.
Penetration testing could be a good place to start. Countries could embrace penetration testing while trialling advanced tools and technologies. The solution could be to partner with a cybersecurity company to attain a state-of-the-art cybersecurity infrastructure. Penetration testing helps detect threats that hold IT systems and applications to ransom and attacks from state-sponsored attacks. The testing should be in line with industry standards and must comply with several regulatory requirements, including PCI DSS 11.3.
Partnering with companies like Canada-based Packetlabs— which specializes in penetrating testing, compromise assessments and other crucial services— could be an immense value proposition for government establishments and critical infrastructures.