Disclaimer: This blog post solely reflects the opinion of the authors and should not be taken to represent the general views of IPPR’s management/ editorial team or those of fellow authors.
The 7th of May 2021 marked a significant step forward in cyberwarfare, foretelling the digital future of transnational violence. On this day, the USA’s largest oil pipeline, the Colonial Pipeline, suffered a ransomware cyberattack that forced it to temporarily shut down. Stretching from Texas all the way to New York, much of the East Coast was left without gasoline or fuel supply. President Biden subsequently declared a state of emergency and Colonial Pipeline paid 75 bitcoin (equivalent to around $5 million) to recover stolen data from the hacker group- DarkSide.1 Only then was the pipeline able to start running again.
The Colonial Pipeline case study represents much of the vulnerabilities that the automation of infrastructure has exposed. Like many other pipelines in the world, Colonial Pipeline is highly digital, involving pressure sensors, pumps and more that are all routed to a central system run by computers, not people. In this way, the entire network is susceptible to cybercrime. Given the newness of this digitisation, the defence against cybercrime is even more infant. Ever since the birth of computers and the Internet, other industries and services have followed the same digitising trend, increasing the cybercrime risk in every sector. The Covid-19 pandemic has only accelerated this process, a physical presence being something that cannot be taken for granted anymore.
Despite being arguably the largest infrastructural cyberattack in American history, the Colonial Pipeline attack was a step forward in, not the beginning of, cyberwarfare in the modern age. In 2017, a ransomware called WannaCry crippled the NHS by locking doctors out of its central networks so that appointments and operations were cancelled and A&Es across the country were thrown into a frenzy.2 Whilst the attack was solved without paying out, unlike Colonial Pipeline, this was only done by the accidental finding of a ‘kill switch’, showing how unprepared the NHS was for a cyberattack. This kill switch also could not resolve damage which proved irreparable, the health service losing an estimated £92 million because of the fiasco.3 The same recently happened to the Irish health service, which their minister for eGovernment said was possibly, “The most significant cybercrime attack on the Irish state.”4 Only after the attack occurred did Ireland announce that they were designing a human-operated anti-ransomware system. Cyber Warfare has been significantly ramping up in recent years and governments across the world are clearly on the backfoot, threatening businesses, livelihoods and even lives.
Digitisation has helped bring about the changing nature of warfare. Traditional army-based warfare has been on the decline in favour of the weaponization of the Internet. Consequently, groups are able to extort countries on the other side of the world. Cybercrime is evidently much more cost effective and much harder to trace. Technology has also enfranchised insurgent groups that previously would not have had the money to engage in traditional warfare. Much of the hacks reported were carried out by independent hacking groups, which were not affiliated to their central government. Whilst cyberwarfare is still harnessed by whole countries, individuals now have the power to threaten entire economies.
Militaries across the world have responded accordingly to the new cyberthreat through changing their composition and focus. The UK defence secretary announced in March that the army’s size will be cut to its lowest level since 1714 with funding concentrated on Trident (Britain’s nuclear capability) and cyber-defence.5 Given the established legacy of nuclear proliferation and the tide of Cyberwarfare, it is no longer necessary to have a physical standing army of the same size as during the 20th century. The US is following the same pattern. After losing around $1.2 trillion in intellectual property in the last decade to China, Iran, Russia and more, the Pentagon has finally begun investing in cyber-defence, by creating the Cyberspace Solarium Commission which aims to implement policy on this issue specifically. Sky News characterises cyberwarfare as part of the ‘Grey Zone’, the area between war and peace. This zone includes methods of disinformation and intimidation that threaten or indirectly cause violence.6 This Grey Zone and cyberattacks are the future of warfare, which has become much more sophisticated and less self-evident. In an increasingly globalised and digitised world, countries must adapt both against each other as well as against smaller groups that now have the ability to wreak havoc, all from a single computer that is part of a much larger network.
1 M. Shear, N. Perlroth and C. Krauss, ‘Colonial Pipeline Paid Roughly $5 Million in Ransom to Hackers’, The New York Times, (2021), https://www.nytimes.com/2021/05/13/us/politics/biden-colonial-pipeline-ransomware.html.
2‘The NHS Cyber Attack’, Acronis, (n.d.), https://www.acronis.com/en-gb/articles/nhs-cyber-attack/.
3 O. Hughes, ‘Government Puts Cost of WannaCry to NHS at £92m’, digitalhealth, (2018), https://www.digitalhealth.net/2018/10/dhsc-puts-cost-wannacry-nhs-92m/.
4‘Cyber Attack ‘Most Significant on Irish State’, BBC News, (2021), https://www.bbc.co.uk/news/world-europe-57111615.
5 D. Sabbagh, ‘UK Army, Navy and RAF All to be Cut Back, Defence Review Confirms’, The Guardian, (2021), https://www.theguardian.com/uk-news/2021/mar/22/uk-army-navy-and-raf-all-to-be-cut-back-defence-review -confirms.
6‘Into the Grey Zone’, Sky News, (n.d.), https://news.sky.com/story/into-the-grey-zone-exploring-the-murky-evolution-of-warfare-12184358.
By Ryan Ratnam
Ryan is a first year BA History student at University College London from London. His interests include post-Capitalist ideologies, sustainable development and how historical education impacts social identities.