The scenarios I read about cyberwar have always struck me as crude and more than a little bit pointless.
At various times in my career I tried to point out that cyberwar attacks don’t make any sense at all unless they are part of a strategic program that is likely to confer some benefit on the attacker. The last decade of “OMG! The evil Chinese might shut down our power grid!” has been embarrassing; it shows how poor American security practitioners’ (most particularly in the policy centers and intelligence community) strategic vision appears to be. Why would China collapse the US power grid? One does not simply do such things for entertainment, nor does one allow one’s target to know such a capability exists, unless it’s the right time and place to do so. The kind of unsubtle, brute-force, cyberwar scenarios we’ve been treated to – they’re simplistic.
Let’s look at a cyberattack scenario that’s the kind of thing a strategic genius would come up with. It did not happen, but it could have. And (and this is the point!) if it did, knowing for sure would be very difficult. The STUXNET attacks on the Iranian nuclear reactor at Bushehr, and the centrifuge cascade at Natanz, would have been attacks of similar subtlety if the US had been able to keep from publicly gloating over it. One of the problems I used to point out about cyberwar is what I called the “who would win, anyway” problem – it is a bad idea to launch attacks against a state that you can’t defeat if they retaliate by attacking conventionally. Put differently: Russia may launch cyberattacks on Estonia, but Estonia would be making a very ill-advised move if they launched cyberattacks on Russia. This leads to cyberwar becoming what I call a “weapon of privilege” – I can use it on you, but if you use it on me in a dream you’d better wake up and apologize.
It would be fun to fictionalize this a bit – I can imagine Martin Cruz Smith turning this into one of his subtle, murky, downbeat and grungy spy stories, like Polar Star. I can totally see Arkady Renko being tasked with figuring out what happened. And, in the end it turns out to be a tale of mere drunkenness and poor maintenance, not cyberwar. If any of you are good fiction-writers, thinking you’d like to pitch a made-for-TV series on cyberwar – it’s a timely topic indeed; there is a ghostly world that exists below the level we usually see, in which governments inflict extremely expensive damage on each other as a way of influencing their foreign policy. The Department of Spoiler Operations lives.
So, I want you to imagine that this was deliberate. Someone hooked their claws into the system that controls some electric motors that drive some pumps, so that they could be remotely kill-switched. In today’s hardware environment, with all the CPUs containing backdoors, and all the motherboards BIOS compromised, it could be any computer, really. There’s a guy who works at the docks, he goes to a bar and sits outside at a table, drinking a couple of beers. Another guy sits down and asks him how his wife is doing, “She’s put on a lot of weight” he says. “Oh, really?” says the second guy, “that’s … interesting.” Then the first guys says, “but that is nothing. My mother-in-law is coming to visit and will stay for several months.” The second guy sits back on the rear legs of his chair and thinks for a while, “Maybe we can plan something for her.”
Details remain limited and are likely to change, but what we do know is that one of the world’s largest floating dry docks, known as PD-50, has sunk while Russia’s aircraft carrier Admiral Kuznetsov was aboard. According to reports, the dry dock began to sink suddenly, collapsing cranes onto the carrier’s deck and sending shipyard workers scrambling for their lives.
The updated story is that the electrical motors that drove the pumps that kept the water out – failed. The drydock began taking on water and sunk, pulling cranes down onto the Kuznetsov and tearing a great big hole in the deck and the side. Unfortunately, several people were killed.
The official story, at least as it sits now, is that the pump system that controls the dry dock’s buoyancy suddenly lost power causing its ballast tanks to flood with water far past the intended point. As the dry dock quickly submerged, cranes came crashing down onto the Kuznetsov’s deck (see below). Supposedly all this happened during a refloating operation for the carrier.
Initially it sounded like the Kuznetsov came through the experience more or less intact, but later it came out that a “5 meter long gash” was torn in the hull near the water-line. Since the drydock was sinking, it probably means that an amount of water came into the aircraft carrier, suddenly.
But then the story evolved further. Technical accidents with large things the size of an aircraft carrier are often much more complicated than they seem at first. You’ve got an aircraft carrier attached to a sunken dry dock, you can’t just waft it out of there like a summer breeze. Meanwhile every day that goes by does more damage to the ship and the dock.
The cyberwar scenario also involves target and supply-chain analysis. What if the attacker realized that the Russians only have one dry-dock of sufficient size? Suddenly, they have their finger on a weak spot in an entire supply chain: you can cause a failure in one point that has a ripple effect that is huge. I’ve heard similar hypotheses for how the US electrical grid’s supply chain could be vulnerable to resource exhaustion attacks – they only have a very small number of generators/parts for generators of size “gigantic” and, if something bad happened to 3 or 4 simultaneously, it might take months to replace them. That sounds like code for: “we’d have to buy them from China and boat them over” – which would be a problem if the Chinese say, “no, sorry. #tradewar. no generators for you!”
Apparently the situation is sinking in: [ars]
Russian officials have now acknowledged that the October 29 accident involving Russia’s only aircraft carrier and largest floating dry dock has made continuing the refit of the ship impossible. The dry dock, the PD-50, was the only one available capable of accommodating the 55,000 ton Admiral Kuznetsov. As a result, the completion of the refit of the ship is now delayed indefinitely.
The PD-50, built by a Swedish shipyard in 1980 for the Soviet Union, sank in an uncontrolled “launch” of the Kuznetsov and came to rest on the sloping bottom of the harbor at Murmansk. Two cranes collapsed during the sinking, with one crashing onto the Kuznetsov and leaving a large gash in its hull. And recovering and repairing the PD-50 could take as long as a year.
For want of a nail the shoe was lost.
For want of a shoe the horse was lost.
For want of a horse the rider was lost.
For want of a rider the message was lost.
For want of a message the battle was lost.
For want of a battle the kingdom was lost.
And all for the want of a horseshoe nail.
Causality’s complicated stuff, especially if someone is manipulating yours down near the root of your event-tree.
Here’s a spoiler for Season 2’s main plot-line: we discover that a foreign power designed the F-35 program to suck up a huge chunk of the US and NATO allied economy. It was never supposed to work, it was just supposed to be expensive.
(I will track this story and will check up on the Kuznetsov next year. Prediction: the “one year” estimate is face-saving. The ship is toast.)
There’s a lot going on here. We could be looking at the death of big navies and the first stage of transition to missile-boat fleets. In the current battle environment, ships like the Kuznetsov are just juicy targets. I believe the British Royal Navy – formerly the world’s premier navy – is down to one mid-tier aircraft carrier and a dozen other ships. I.e.: you could probably sink it with a single salvo of missiles. The US Navy is absurdly expensive but it’s basically the only major navy left.