Digital weapons

Digital vulnerability is a great concern for governments and companies

Head, ECFR Madrid
Senior Policy Fellow

This article was first published in Spanish by El Pais on 16 April. Translation by Carla Hobbs.  

Once upon a time, countries sent armies to occupy enemy oilfields or special operation commandos to sabotage vital infrastructure. The First Gulf War that followed the Iraqi invasion of Kuwait is perhaps the final example of a traditional war fought over the control and protection of strategic resources. In those times, the Israeli air force’s only means of halting the Iraqi or Syrian nuclear programmes was to bomb the countries’ secret facilities. Previously, during the Cold War, the administration of Ronald Reagan approved of the extremely expensive programme popularly known as Star Wars which aimed to build weapons that could physically destroy enemy military communication satellites. 

However, as Aramco, the main oil company in Saudi Arabia, was to discover in 2012 when more than 30,000 of its computers were infected by a virus (of suspected Iranian origin) aimed at halting production, today it is easier to attack a country’s oil installations digitally rather than physically. Something similar befell the Iranians in 2010 when they witnessed a virus called Stuxnet alter the functioning of the central Natanz centrifuges and slow their secret nuclear programme. Attributed to Israel and the USA, Stuxnet is considered the first digital weapon in history.

Today, digital vulnerability is fast becoming a main concern of governments and businesses. In a recent cyber security evaluation, just 11 percent of oil sector companies reported feeling secure against such attacks and, worse still, 23 percent admitted they did not monitor their networks for them. In the context of such vulnerabilities one finds the Finnish government, who in 2013 unearthed that its diplomatic communications had been tapped for years by malicious software of unknown origin (though they did not hesitate to label it “Red October” clearly establishing the main suspect). And to the surprise of the United States, in November last year a virus ascribed to China infected its network of meteorological satellites, revealing the potential vulnerability of a network that sustains GPS global positioning, vital for their armed forces.

If a simple USB stick can be more harmful than a laser-guided bomb, if an oil flow can be interrupted from a computer, and if military satellites can be turned off instead of destroyed, it is clear that we are witnessing a revolution in military affairs. The twentieth century was a physical century where physical wars were fought. But the twenty-first century is a digital one, so we must expect that its war will also be digital. The big question is whether the physical death of the enemy will also be obsolete or will remain an indispensable condition for victory. 

The European Council on Foreign Relations does not take collective positions. ECFR publications only represent the views of its individual authors.

Author

Head, ECFR Madrid
Senior Policy Fellow