I never imagined that World War III would occur within my lifetime. It may be pessimistic of me to call it such, but I think it’s safe to say that de-escalation is not in the books. It’s only a matter of time before the conflict becomes a war.

What is different about this conflict is the ability to attack a nation-state from the comforts of our homes.

Yes, there are hundreds of thousands of people doing this right now, from the comfort of their living rooms. If you don’t believe me, check out the Telegram channel IT ARMY of Ukraine. The channel has over 300,000 subscribers at the time of writing and coordinates Distributed-Denial-of-Service (“DDoS”) attacks against Russian online services.

Anything and everything owned by Russia is getting attacked, by civilians from around the world.

We are now in the Age of Cyber Warfare.

What is Cyber Warfare?

Most of what cyber security entails is covered by three tenants:

1. Confidentiality
2. Integrity
3. Availability

Systems, data, and networks must remain in confidence, in an expected state, and available for use by authorized parties. Anything opposing these tenants is defined as malicious use, or put another way, a cyber attack.

Cyber security professionals uphold these tenants. Hackers oppose these tenants.

Add politics into the mix and that’s what typically defines cyber warfare.

Laws, Regulations, and Compliance

Just like in the medical profession, one of the rules of thumb in cyber security is do no harm. This is reiterated by the Computer Fraud and Abuse Act, the Electronic Communications Privacy Act, and the Identity Theft and Assumption Deterrence Act, among many others, all of which provide criminal penalties for serious cases of computer crime.

Here is some of the language used under these Acts:

• Knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer.
• Protects wire, oral and electronic communications while those communications are being made, are in transit, and when they are stored on computers.
• Knowingly transfers or uses, without lawful authority, a means of identification of another person with the intent to commit, or to aid or abet, any unlawful activity that constitutes a violation of Federal law, or that constitutes a felony under any applicable State or local law.

As we can see, there are strict laws surrounding computer use.

What are the Pros and Hackers Fighting Over?

If there are laws surrounding it, there is something to gain from it. The question is, what is it?

There are many hackers and hacking groups, each with its own agenda. Some are after money, others are after clout, others still are after God knows what. At the end of the day, they are after something they deem valuable.

This essentially means that professionals have to protect everything against everything…

My Opinion on Cyber Warfare

I’d like to discuss my take on the cyber warfare currently taking place.

As a cyber security professional, I’ve been exposed to many domains within the profession. I believe that my experience so far gives me a certain degree of expertise to talk on the topic:

Cyber warfare is no trivial matter.

I am against all such cyber attacks and retaliation.

The Telegram channel dedicated to attacking Russian cyberspace is appalling, but not surprising.

The fallout of such activity has the potential to be much greater than we think. Imagine power plants being knocked offline due to a cyber attack. Worse yet, imagine malware going nuclear, such as the Stuxnet worm – malware that damaged Iran’s nuclear program from 2005 to 2010.

Since everything is online these days, the sky is the limit:

• What happens if a cyber attack is declared an act of war?
• What happens if a cyber attack is redirected to the innocent?
• What happens if a cyber attack involves you, without you knowing about it?

The possibilities and consequences are endless.

What Am I Doing?

What is a cyber security professional to do given the unique circumstances we find ourselves in today? I can’t provide a solution to the problem, but I can tell you what I will do.

I will continue to follow the (ISC)² Code of Ethics:

• Protect society, the common good, necessary public trust and confidence, and the infrastructure.
• Act honorably, honestly, justly, responsibly, and legally.
• Provide diligent and competent service to principals.
• Advance and protect the profession.

Welcome to the Age of Cyber Warfare.