It’s Total Defence Day in Singapore today. And for the first time in thirty-five years, there has been an update to the framework.
Introduce Digital Defence.
This was probably much called for, considering how the theatre of warfare has transcended physical space into the digital space.
The subject of digital warfare is too complicated to condense into a blog post, and I will not try to bore the reader. I will only glance through simple implications and betray their simplicity; often the simplest-sounding statements are the gravest.
Digital Warfare Transcends Geography
Most militaries in the physical domain arm themselves vis a vis the capabilities of their neighbours. Defence expenditure is dependent on the geopolitical neighbourhood and the existentialism of the threats an entity faces. Hence, a nation will arm itself up to the point of an effective deterrent vis a vis its perceived threats.
But what if we remove geography from the equation?
If we did that, defence expenditure would now become dependent on the global neighbourhood and the existentialism of the threats an entity faces regardless of location. The calculation of perceived threats will have to change. A football analogy suitable in Asia is the skills gap between being champion of the AFC Asian Cup and the World Cup. The playing field is vastly different; the footballing standard required to be AFC Asian Cup Champion is much lower than against the global giants in the World Cup.
Digital warfare is no different, and the implication behind this is that digital warfare is global. All nations will eventually need to build globally credible digital defence forces, or risk themselves being repeated victims of cyber attacks. Now, everyone is forced to play in the World Cup, with dire consequences should they not be champion.
Digital Warfare Will Cripple, Not Just Economically
Digitalisation is irreversible; not many can imagine how much we will regress should we undo all the progresses in technology. In fact, many of us will find such a life unthinkable today. However, digitalisation, done insecurely, will cripple, and in ways beyond simple monetary losses.
There are many attacks that illustrate this point, but nothing quite beats the December 2015 power grid takedown, because of its implications. As the first successful cyber attack against a power grid, it has gained attention worldwide because it forced governments to start thinking, if they had not already done so, the likelihood and impact of such critical infrastructure being disrupted. Imagine the economic, psychological and financial damage this could entail.
One can now apply the age-old adage in warfare:
“The supreme art of war is to subdue the enemy without fighting.”
Sun Tzu’s “Art of War”
How do we do so? Let us understand why a digital warfare campaign might be conducted. This can be for a variety of reasons:
- show of force
- denial of availability
- dampening trust in institutions, government or state
There will always be successful attacks that will cost. And some of these costs cannot be quantified. How do we assess the damage arising from the loss of trust and rebuild trust?
Digital Warfare Will Force Us to Be Smarter Technology Users
The average person exploits the digital world for his or her own benefit. But look beyond attractive user interfaces, and the average person may well be lost in the labyrinth of technology.
Add an evil twist to the mix. Imagine you have a friend, X, who is utterly trusting of her friends because of years of friendship. As a result, they share everything and will trust one another to keep a lookout for them. Part of their digital activity would, of course, be sharing links to promotions, shopping deals and airfare discounts. Who wouldn’t click on links from their friends, X might think.
One day, one of X’s friends receives a weaponised page that scaremongers X’s friend into clicking a PDF file, with a title that looks like clickbait (e.g. WHILE STOCKS LAST! FREE COURSE FOR FINANCIAL FREEDOM! ONLY FREE FOR SEVEN DAYS!). For instance, it could be a link with a tabloid-like headline that leads an unsuspecting victim to download a malicious PDF file, masqueraded as a premium review article available for free for only 7 days. Such time urgency is built to lure the user into clicking on the malicious file. This is one method of a client-side attack. X’s friend clicks it, triggers a payload that hijacks his Facebook account, mass-propagates this exploit to all his friends, including X. This is behaviour characteristic of a worm. X, thinking that this is from her friend, trusts this as “good advice”, and clicks on the link, furthering the worm’s propagation. X notices a slowdown of her machine’s performance, and only realises she had become the victim of a worm when another friend raises some suspicion and questions why she would send a free course on financial freedom.
Besides the obvious lessons to check before clicking, and to constantly update one’s protective software such as anti-virus, and enable 2FA on accounts, one subtle point is that many attacks exploit human weaknesses. These include unsuspecting victims who would scramble for any freebie he or she sees.
Because many attacks mass-proliferate, and are engineered to exploit human weaknesses, we have to become smarter when using our technology. We should not just blindly click on every single URL-shortened link, for instance (what’s really behind the bit.ly link?). Neither should we trust every single application on the App Store just because it looks kind of useful. Oh, and we must expect, from time to time, that some of our favourite and/or sensitive applications might become victims of data breaches. For example, a very unfortunate data breach happened to an online dating platform on… Valentine’s Day. How heartbreaking.
We must learn to be smarter, more discerning, and be accepting that things in digital space can go wrong.
That’s all, folks, for a sombre Friday reading over the weekend. Have a happy weekend. (And an additional reading which may be of interest: how might the digital landscape change — according to Quora. This one may give sleepless nights.)