91成人版抖音

Media contact

Neil Martin
n.martin@unsw.edu.au

Bolstering cybersecurity is becoming ever more important as nation states wage war in new and complex arenas.

That is the view of two UNSW academics in the wake of a wave of online attacks linked to .

As well as the use of tanks and bombs and soldiers on the battlefield, countries are now also waging war in cyberspace in order to weaken their enemies, most notably by targeting crucial infrastructure such as power and communications systems.

For example, in recent days and weeks Ukraine has accused Russian hackers of launching massive denial of service attacks on their government agencies, banks and the defence sector.

The United States government also claims Russia breached the networks of multiple defence contractors and gained sensitive information about weapons-development communications infrastructure.

And back in 2015, a series of power outages across Ukraine were allegedly caused by military hackers in the Russian GRU (Intelligence Agency) Main Center for Special Technologies.

CIA Triad

鈥淐yber warfare has become a tool by nation states to attack other countries,鈥 says , deputy director of the (IFCYBER).

鈥淚n the modern digital world, by attacking a computer server in the network of some critical piece of infrastructure, you can potentially take down an entire power system and with that, you could paralyse large parts of the economy.

鈥淥ther targets might be the banking system or a server that deals with communications systems so these system become unavailable to legitimate users.

鈥淚n cybersecurity any system needs to maintain 聽confidentiality, integrity and availability, aka the 鈥楥IA Triad鈥.

鈥淎vailability is actually very important, and attackers can affect that by launching what is known as a distributed denial-of-service (DDoS) attack where they just bog down a system with junk data that it has to process.

鈥淣owadays attackers can draft 聽20, 30, 50 or 100s of servers all over the world sending packets of information and maybe wasting 99 per cent of the server鈥檚 time dealing with it.

鈥淛ust like in conventional conflict, each party wants to maximize the amount of damage and discomfort to the target.鈥

Ukrainian military vehicles

Ukrainian armoured personnel carriers preparing to defend against military Russian invasion in 2022. But the European country has also had to fend off a series of cyber attacks allegedly ordered by the Kremlin. Photo from Shutterstock

, another cybersecurity expert from UNSW鈥檚 School of Computer Science and Engineering, says finding and then fixing vulnerabilities in computer programs or software is one of the most crucial ways to defend against attacks by state-sponsored hackers and others.

In December 2021, for example, news started to spread of an exploitation in Log4j, a software library that records a wide variety of otherwise mundane information in a vast number of computer systems.

It became clear that attacks on Log4j could allow hackers to submit their own code into the targeted computer and potentially steal information or even take control of the affected system.

鈥淭his particular vulnerability was really bad because Log4j software is used in a wide variety of consumer and enterprise services, websites, and applications,鈥 says Professor Kanhere.

鈥淭he question then becomes, do organisations have the resources to quickly act on the attacks and fix the vulnerability. The big players, and government agencies, will be able to but small-medium enterprises possibly can鈥檛 react very fast, which means those systems are still vulnerable to attacks.

鈥淲hat attackers then do is scan the internet, trying to find a system that still has this weakness and then exploit it.

鈥淭he major problem is that computer systems nowadays are so complex and intertwined that if attackers find one weak link somewhere, that is enough to gain access into critical systems and steal data or launch further attacks.鈥

Social engineering

On top of all that, cyber attacks can also be cleverly targeted not only at computers themselves but also by the humans who use them.

Phishing attacks can trick users into giving out sensitive information that then compromises security and allows nefarious access into systems.

鈥淪ome of the phishing nowadays is so sophisticated,鈥 says Prof. Jha. 鈥淪o much so that even a fairly educated cybersecurity person may be tricked.

鈥淭here are also social engineering tactics where people are manipulated into clicking something that then allows an attacker to install malware, or ransomware, or steal information.鈥

In times of war, such as the current Russian invasion of Ukraine, Prof. Kanhere says gaining access to information has the potential to have a huge impact on the success or failure of actual military attacks.

Discovering battle plans, potential manoeuvres of troops and equipment, or hacking into secure communications systems used by soldiers and their command could help win wars in the modern age.

鈥淚n the past a lot of that information would have been on paper, but now it is all digitised and therefore may be vulnerable,鈥 Prof. Kanhere says.

鈥淚f you can extract that information then it could certainly give you the upper hand militarily. Traditional wars were fought on land, air, and sea. But now we also have space and cyberspace as the fourth and fifth battlegrounds that are emerging.鈥

Military command centre

Military command centres might be a prime target for cyber attacks during a conflict as combatants attempt to obtain crucial information about their enemy's plans. Photo by Shutterstock

And that means that all major governments around the world, not just the Russians, are likely to have cyber experts on hand to play their part in the way 21st-century聽conflicts are now fought.

鈥淭he specific details about that are bordering on national intelligence which I鈥檓 not an expert on, but it鈥檚 not surprising to think that given the importance of information technology and the potential to disrupt networks, that would be a very obvious choice for militaristic efforts,鈥 Prof. Jha says.

鈥淚t would be reasonable to conclude that all governments, not just Russia, have some sort of cyber units placed in different organisations with the capability of launching offensives if needed.鈥

In terms of bolstering cybersecurity, the UNSW academics say it is a constant game of cat-and-mouse as countries try to secure their systems and fix vulnerabilities faster than the hackers can exploit them.

Artificial intelligence

Prof. Jha is currently , funded by Cybersecurity CRC, that aims to help develop tools to identify potential security issues in Australia鈥檚 Distributed Energy Resource Management System (DERMS) that links a range of electrical power industries.

He is also involved in work to improve artificial intelligence models that can identify patterns of cyber attacks and predict future risks using a range of internal and external intelligence.

Prof. Kanhere, meanwhile, is researching the use of machine learning to design network protocol fuzzing tools, which can automatically find vulnerabilities and attack strategies in network routing protocols that are critical to the functioning of the internet.

鈥淭he general advice is for systems to be patched to make sure they are secure and for networks to be configured so they can handle any denial-of-service attacks by doing some early detection,鈥 says Prof. Jha.

鈥淭here is a lot of development in artificial intelligence and machine learning, plus software looking at vulnerability detection.

鈥淏ut as our dependency on computers keeps increasing, these problems and these attacks are not going to go away. As quickly as we come up with a solution, the bad guys are thinking of another way to attack.

鈥淣ow that these vulnerabilities can be exploited during warfare, it鈥檚 becoming absolutely important that we pay a lot attention to cybersecurity going forward.鈥