Cyber weapon in 21st century Part 4
Compare the two examples. One purpose of abstract the impact of cyber weapons is a software for the management of nuclear power reactor that is not connected to the actuators of the test stand. Another goal of impact is the same complex, managing the current reactor. The result of a violation of the functioning of this complex in the first case will be relatively harmless software failures. In the second case the results will vary greatly depending on the spectrum of the control circuit and methods of operation connected to the system actuators.
In a well-designed fault tolerant system software failures can be effectively paronomasia at the level of the terminal managed machines that have additional mechanical subsystem security. Therefore, purposeful impact in its planning must also consider the performance of these finite state machines, the possible ways of disabling safety systems, design flaws, etc.
From the above comparison it can be concluded that for the creation of cyber weapons the first type requires a deep knowledge and understanding of the ways of functioning of object of influence (system). Vulnerability study only the program code may be insufficient: the malfunction of the control program will not necessarily lead to fatal crashes. System restore if no fatal damages in this case can be achieved by a simple reinstallation of the software. Even more stable distributed systems, where the required level of dysfunction can only be achieved by concerted effects on multiple subsystems at the same time.
Looking ahead (there are ways to counter cyber weapons are discussed in another section), we note one more peculiarity. Cyber weapons of the first type exploits known system vulnerabilities, which can be removed by the developers if there is information about the very existence of such weapons. It is not doubt that these vulnerabilities will be eliminated compulsory upon was the use of firearms. Thus, the cyber weapons of the first type has practical value only if: ensured the secrecy of its development, concealment of the fact of its existence, and provided by the suddenness of its application. In other words, cyber weapons of the first type is almost disposable. If the fact of its use, or the mere presence of a known enemy, he will make every effort to eliminate vulnerabilities of the systems that are the target of these weapons. This characterization suggests that cyber weapons of the first type is often offensive, focused on the application of an effective first strike.
An example of the first type of cyber weapons is now widely known computer worm Stuxnet. Pay attention to the fact that his aim was a very specific system with known vulnerabilities, including the level of the final actuators. The impact of the highly selective: the worm is practically harmless for other systems, using them only as a mediator for proliferation, but rather as a method of delivery to the intended target.
But try to consider some implications of the Stuxnet precedent. The study of vulnerabilities of the target of influence could not require a deep knowledge of the principles of its functioning. From this it follows that the creation of this specific malware sample was only possible thanks to extensive (and expensive) intelligence operations. The sample Stuxnet is in this context only the tip of the iceberg: a tool developed in a single copy and used once to carry out specific sabotage. In other words, Stuxnet should be compared with custom development of the intelligence community; this weapon was never intended for mass use.
Such features cannot be recognized as characteristic for all possible samples of cyber weapons of the first type, but they should be recognized fairly typical. The high cost of developing and advanced, a onetime use, the unprecedented selectivity of the lesion and the need to ensure secrecy of design and delivery, make such samples of cyber weapons impractical for actual military use. They go to the category of special funds, the Arsenal of intelligence.
In addition, selected samples (which with high probability we can assume, although it is not disclosed in open sources) of cyber weapons of the first type can be used to neutralize critical enemy's infrastructure in order to improve the effectiveness of the first blow or weakening the abilities of the enemy to confront him. In fact, it's the same sabotage operations preceding the beginning of full scale hostilities. It is interesting to note that the massive use of such samples is similar to the structure of the first disarming nuclear strike that some consideration allows to classify such (described in the abstract) the development of strategic offensive weapons. However, unlike start, the cyber weapons of the first type has no power of deterrence. Almost instant impact, the lack of warnings in the application and the need to ensure the secrecy of the development (and the fact of the existence) displays such weapons beyond the existing agreements.
Concluding the consideration of the first type of cyber weapons, we should recognize that it is unlikely to have an impact on the ways of warfare. The niche of such weapons sabotage, including the sabotage of the strategic level. For military forces the use of such cyber weapons impractical: it requires highly skilled personnel, overly selective, cannot be applied at the tactical level, is extremely expensive in the possession and under development. Cyber weapons of the first type will probably be included in the Arsenal of special units, often it will be individual samples that are created specifically for specific tasks. For tasks of classic armed forces, more adapted to other types of cyber weapons. Their review will be presented in the next part of the article.