The Recent ‘Sonic Attacks’ Are a Glimpse at Cyber’s Impact on Warfare
Between late 2016 and early 2018, U.S. diplomatic personnel at facilities in China and Cuba may have been targeted by weaponized sonic frequencies that caused symptoms including hearing loss, dizziness, headaches, and cognitive issues. While the national security community debates and investigates the nature of these incidents, these possible “sonic attacks” have brought attention to the cyber resiliency of the defense industrial base sector, at a time when billions of dollars are being spent to modernize defense systems around the world.
As we may have just seen, digital weapons such as those produced by a sonic attack have the potential to inflict harm on targeted populations virtually anywhere in the world. These types of attacks can even be delivered via malware on personal mobile devices, making them a potential tool for nation-states, cyber jihadists, mercenaries, or cybercriminal gangs in future attacks.
An even greater risk, however, is not how digital weapons may be used against military or civilian personnel, but the exploitation of potential vulnerabilities that may exist in the next generation of weaponry that is being developed today by and for domestic and foreign governments. These advanced weapons—vessels, tanks, drones, artillery, etc.—are built with technologies such as artificial intelligence and advanced robotics that improve operational preparedness, speed, and accuracy.
While these advancements are certainly necessary to ensure that the future of warfare is successful for the United States and its allies, the defense industrial base must make certain that these weapons are developed in strict accordance with principles of security by design to maximize the effectiveness of post-deployment cybersecurity and insider threat efforts.
One example of next-generation weaponry is the U.S. Army’s focus on long-range precision fire, which the Secretary of the Army Mark Esper cited as a “No. 1 priority,” in an interview with Warrior Maven. This capability is being delivered by a number of initiatives, most notably the Army’s long-range precision fires technology (LRPF) that uses next-generation guidance technology.
As part of a counter-attack, a cyber adversary may target LRPF or any other guidance platform used by our armed forces to cause the artillery to miss its intended target or, at worst, hit a civilian target to create both an unintended loss-of-life event and a public relations incident which would harm public support for the campaign.
Another major area of development is unmanned tanks and robotic weaponry driven by artificial intelligence. Imagine a scenario in which a single weapon (or network of weapons) is hacked and reprogrammed to make different decisions on the battlefield. The combination of potential consequences, from a simple lack of response to a command to a deliberate attack on civilians or on our own forces, is virtually unlimited and possibly devastating.
While the potential for life-saving and improved performance outcomes from the digitization and automation of warfare is undeniable, it is imperative that this new generation of weaponry be developed according to principles of security-by-design to preserve the integrity of the mission and the safety of warfighters and citizens. Functionality, profits, and politics cannot supersede the ethical obligation our society has for cybersecurity, and the defense industrial base must ensure it does not make the mistakes other critical infrastructure sectors have made by rushing to adopt new technologies without doing due diligence to first understand and eliminate as many cybersecurity risks as possible.
Parham Eftekhari is executive director of the Institute for Critical Infrastructure Technology (ICIT).