Correlation Between Cyberspace Attacks and Kinetic Attacks

Abstract

This paper is about the about the relationship between cyberspace attacks and kinetic attacks

Keywords: Cyberattack, Kinetic, Retaliation, Escalation

1. Introduction

Although confrontations in cyberspace stay in cyberspace, the effects sometimes expand to physical world. The paper explores this topic by the following 5 questions.

-Do countries retaliate in the real world for operations in cyberspace?

-Would countries make equivalence between the damage from cyberattacks and from physical attacks?

-Does cyberspace escalation lead to kinetic escalation and is the reverse also true?

-Can cyberspace operations against sensitive targets put them in play for kinetic operations?

-Would the failure to react to cyberattacks embolden attackers to carry out kinetic attacks?

To understand these questions we will look at previous cyberattacks as examples.

2. Distinctions and Caveats

There are not many similarities between physical world and cyberspace. Most of time incidents of cyberspace stay unknown. Even if they are known by victims, they usually stay unacknowledged. Thus, the results of cyber incidents are not war or their modern equivalents and it is unclear whether a cyber operation is escalatory or not. To gain more understanding, let’s look at Morgan’s definition of escalation:” an increase in the intensity or scope of conflict that crosses threshold(s) considered significant by one or more of the participants.” This definition consists of two important concepts: intensity and thresholds. Let’s look at those concepts in detail.

The ability to measure the intensity of cyberspace operations is a controversial topic. Even if we measure the intensity of cyberspace operations by comparing similar ones, intensity is not related to affects, but it is a measure of effort. If an attack does not have big impact, then the intensity of its efforts doesn’t make sense. To solve this dilemma, a cyberattack may be considered as analogous to escalatory if it is unexpected or unprecedented.

Secondly, since it is not clear that whether there are any thresholds in cyberspace or not, the existence of significant thresholds in the definition is questionable. Actually, there is no common consensus which targets are off limits. In 2015, the UN Group of Government Experts tried to put civilians are off limits. However, applying is not as easy as saying. Also, a threshold may put for casualties. Nevertheless, until now, there has not been a cyber incident that directly caused casualties. Actually, there are many indirect casualties, but they are not clear. For example, in Wannacry, even if hospitals are affected, we don’t know that there are any casualties or not. Furthermore, it is not easy to determine whether one attack is a response (or not) to another, since the severity and length of process are unclear. For example, Iran’s response to Stuxnet (2010) was seen after two years (2012). If USA or Israel attacked to Iran’s nuclear plant, the response would be quicker, in conventional world.

The final caveat is the relation between effort and effects (and the effects and perceptions). To determine how big the damage is not easy. Most of cyberattacks remain unnoticed, and the affects may not be determined clearly. If we look at the example, Iran and Stuxnet, The attack took place in late 2009 and Iran discovered the attack in summer of 2010. Moreover, the purpose is not clear in cyberspace. Is the purpose just espionage or cyberattack? Even if it is clear that there is a fully- completed cyberattack, the effects are still unclear like Russian cyberattack to Ukraine.

3. Proposition: Cyberattacks can Lead to Kinetic Retaliation

Theoretically, it is possible that a sufficiently grave cyberattack that has serious escalatory consequences may lead to a kinetic retaliation. If we evolve this theory and add some imagination, we reach the following scenario. A cyberattack can cause a kinetic retaliation. Then, the kinetic retaliation may evolve into a war. If one side has a nuclear weapon, the war would evolve into nuclear Armageddon. Of course, this scenario sounds like a fantastic story, but some government persons’ expressions support some part of this idea. For example, in 2009, an anonymous U.S. administration source asserted that “If you shut down our power grid, maybe we will put a missile down of your smokestacks” (Gorman and Barnes 2011).

We see the famous retaliation dyads in cyberspace such as India and Pakistan or Israel and Palestinians. However, the most famous dyads are Iran and U.S. Iran’s revenge of Stuxnet is the usage of wiper malware against Saudi Aramco and Qatar.

Although cyber retaliation has been seen so far, the retaliation shifts from cyber world to kinetic world remain in theory except some examples. The first example is about the assassination of Mojtaba Ahmadi, the commander of Iran’s Cyber War Headquarters, several weeks after the traffic controls of Haifa’s Carmel Tunnel had been hacked. Nevertheless, both of the sides, Israel and Iran deny the claims and the relation. The second example is that a physical attack on a Gaza building said to house Hamas hackers.

Conclusion: in theory, a kinetic retaliation to a cyberattack is possible, but for now, this type of consequence is not foreseen.

4. Proposition: Cyberattacks will be Taken as Seriously as Equally Damaging Kinetic Attacks

Since Kinetic actions usually cause death and destruction, and most of cyber operations are not directly related to death and destruction, the comparison is not possible for now. However, the results of cyberattacks can be devastating. The cost can be huge. For example, The NotPetya attack attacks were said to have cost their victims up to 8 billion (Greenberg 2018). Thus, we think the Kinetic attacks that are not cause any death close to a cyberattack. It is hard to think this type of kinetic attack, but there are some examples in recent history. The Iranian take-down of a $150 million U.S. Global Hawk in the summer of 2019 was this type of attack. The response of this attack from U.S. is a cyberattack, again non-lethal. Other, U.S. army thought to sink an Iranian craft, but they let its sailors to get away. Another one is the Russian cyberattack to Turkey as a result of Turkish shoot down of a Russian jet. Therefore, cyberattacks are thought as less important and less serious than kinetic attack.

Conclusion: Since cyberattacks are thought as less serious and more easily recovered from, and they are non-lethal (for now), the kinetic attacks that levy comparable costs are more preferable than kinetic responses.

5. Cyberattacks Presage Kinetic Attacks

An opening cyber-attack may be a precursor to a broader armed attack. Cyberattacks can be used to make easier to a conventional war or attack. Cyberattacks can be used to wear down a country before a real kinetic attack since cyberattacks are unpredictable. Unlike cyberattacks, kinetic attacks as a prelude to wider hostilities would remove the element of surprise.

Russia and Georgia war in 2008 is a good example for this. The attack was done as DDoS attacks from Russia to Georgia to limit Georgia’s access to the Web. Russian cyber or at least electronic interference may have hindered Georgia’s mobile phone system, which had military uses. Unlike Georgia, the DDoS attacks to Estonia did not precede any kinetic military operations.

Unlike DDoS attack, not all cyberattacks are instant and unpredictable. Thus, not all the cyberattacks can be used to precede kinetic conflicts. Most of the cyberattacks require a long term preparation. If cyberattacks are used to precede kinetic operation, and their effects detected, then this shows the opponent side this is not a surprise for attacker.

Every major country would have implants in the military systems of anyone they have the remotest chance of having to fight against. But this is not applicable currently. However, countries would distribute implants into adversary networks for cyberespionage. Cyberespionage is seen as an innocent activity today. Even friends do cyberespionage activity, but the actual aim can never be predicted. Every cyberespionage penetration is a potential cyberattack penetration. U.S. is successful in terms of placing implants in the military systems of other countries. Iran’s attack to U.S.’s Global Hawk missile was followed by a cyberattack on Iran’s ship-tracking database done by U.S. The database was leaked before the Global Hawk shot down. Most probably, preparatory intrusions could not have started not much earlier than the cyberattacks did.

Let’s look at the other dyad, Russia and Ukraine. The attacker side is Russia, in general. Actually, Russia had been planning to use cyberattacks to support the future kinetic operations. However, as Ukraine’s President resigned, Russia renounced the kinetic attack plans, but DDoS attacks had continued for some time.

Until now, there is no known example of the target of a surprise kinetic attack having pre-empted cyberattack.

Conclusion: cyberattacks that presage a kinetic combat are again remained in theory today. If a country is highly cyberspace-dependent country, a cyberattack may be the best choice, but since conventional attacks begin surprisingly, and most of cyberattacks require a long time, this idea is not applicable currently.

6. Proposition: Cyberattacks may put Hitherto Sacrosanct Targets in Play for Kinetic Attacks

In history, some sacrosanct areas are determined by sides that no one should touch the area. In WW2 cities were considered as sacrosanct. With some expectations, the sides obey the rule. Today, space systems and nuclear command-and-control systems are sacrosanct. However, there are some concerns that cyberattacks on space and/or nuclear command-control-and-communications (NC3) systems may put targets in play for kinetic attacks.

Space systems and NC3 systems should not be reachable by cyber attackers for sure. Both of those systems are extremely critical systems, and even a veriest vulnerability should not be in the systems. There is no need to connect space systems and the Internet. However, the pressure to expand access sensitive systems is often hard to resist, since expanding access can facilitate their support and maintenance. The danger can come from unadvertised connectivity at the factory or repairing process. Trusting just protection systems such as firewalls is not enough. For NC3 systems, like space systems, there has not revealed any hacker has breached NC3 systems. However, it does not mean this scenario will never be faced.

Actually, in conventional space, it is not guarantee that the countries won’t attack another country’s space systems. The United States, China, Russia and India have tested anti-satellite systems, and it is uncertain whether they will be used or not and who will use these systems first.

The major powers are avoiding targeting the inviolability of NC3 systems in conventional world. However, the systems may be put on the target to reduce the target’s nuclear retaliatory capability by cyber actions. This type of action may lead to serious responds such as overreaction of the other side or to use nuclear weapons to protect those systems. Thus, it may be required banning NC3-directed espionage to provide assurance against surprise attack.

Even if space systems and NC3 systems would not be protected from cyberattacks, we cannot say it lead to a kinetic retaliation. The Characterization, intentionality and attribution are almost obvious in conventional world, but not in cyberspace.

The non-lethal and temporary nature of cyber world prevents the idea that cyber-attacks may lead to kinetic attacks to satellites. Actually, a possible satellite attack that is kinetic would probably non-lethal and temporary. Thus, a comparison can be possible between cyber-attacks and kinetic attacks. However, since a harmed satellite will affect the whole system, no country would prefer to attack.

NC3 systems are more privileged than space systems by nature. Thus, cyberattacks against NC3 systems may lead to kinetic attacks.

Conclusion: cyberattacks have potential to put the privileged assets on the target of kinetic attacks, but not necessarily.

7. Proposition: Failures to Respond to Cyberattacks Embolden Kinetic Attacks

A failure to respond could have different meanings. We will concentrate on the possibility of an unanswered escalation in cyberspace emboldening escalation in physical space by the same actor.

The example is conflicts between Iran and Saudi Arabia. Firstly, Iran attacked to the computers of Saudi Aramco by wiping the memories of roughly 30.000 computers. Then, Iran’s main oil expert terminal was attacked. (Most probably, by Saudi Aramco). Interestingly, Iran did not retaliate this attack in cyberspace since the attack has become. In 2019, Iran attack to facilities of Saudi Aramco by missiles. The lack of cyber response could mean that the lack of cyber response may encourage a physical attack. However, there is no direct evidence of that. Moreover, there is no kinetic attack between Russia and Ukraine as a result of a failure of a cyberattack.

Conclusion: there is inadequate evidence that a failure in cyber space encouraged a kinetic attack, especially on critical infrastructures.

8. Overall Conclusions

Overall, there is no known hostile event in cyberspace echo strongly outside so far. Some research claim that even devastating cyberattacks would be less likely than kinetic attacks to induce a response. Since a conventional war surprisingly, a cyberattack wouldn’t be used as precedent. Also, in theory, cyberattacks have the potential to put hitherto sacrosanct targets such as space systems and NC3 systems, but in practice, until now, there is no reported cyberattack target those systems. Moreover, it is claimed that a failure of a cyberattack may engage a kinetic attack. Iran’s missile attack in 2019 is claimed as a response to Saudi Aramco cyber-attack in 2012. However, there is no clear evidence of this.

To sum up, it is hard to say that there is a correlation between cyberspace and physical world because of many reasons. Also, doing cyber-attacks is not as easy as in the past. The defense side is evolving. Even if a serious cyberattack would become, since cyberspace operations are ambiguous, and their effects almost temporary and non-lethal, they may be considered something separate and apart. As time passes and new techniques evolved, the things may change. Time will show whether the separation going on or not.