In this edition of Cyber Insider we look at what happens when cyber attacks threaten to cause the collapse of an entire nation, and what it's like to be part of the team trying to stop that from happening.
The date was the fifteenth of April 2021, and it was the first time I had been out in quite a while. After months of the same four walls and endless zoom calls, I was free. Free enough to enjoy underground travel in the overcast weather at least.
I was travelling into central London, making my way to the Ministry of Defence Head Office. It was my first trip to Whitehall, and I felt excited, if not a little displaced.
While I was shrugging off the last sleepy vestige of my commuter’s daze, on the other side of the country a small group of people were trying to hold back their own tiredness. They’d been up all night, several nights in fact, frantically working to stop a small island nation from falling into chaos.
They were MOD defensive cyber specialists, and for the last several days they had been locked in a battle with hostile hackers, who were intent on causing the political and economic collapse of a whole country.
The team were highly skilled, but their expertise was being sorely tested. Since they’d been called in to assist, they’d had to combat increasingly complex cyber attacks on the nation’s financial sector. Numerous banks were suffering from DDOS attacks, and hackers had infiltrated payment networks and begun making huge fraudulent transactions. At the same time cashpoints were being targeted with “jackpotting” attacks – where they spit out large sums of money at random.
All of this was threatening to break the economy of an already unstable country which was struggling with the repercussions of the COVID-19 pandemic. A country which had seen widespread anti-government protests fuelled by social media.
To make matters worse, an airliner belonging to the nation’s commercial provider had just crashed – a tragedy which killed 160 people. Social media was already abuzz with theories, some of which suggested that a cyber attack may have contributed to the crash, with others suggesting that it may have been shot down by an aggressive neighbouring country and long time rival.
This was a political and economic crisis, on the verge of breaking out into an outright conflict. One which I had been called in to help to resolve. My first cup of coffee was not enough.
I’d finally found my way to the right building, and as I looked around at collection of experts, specialists, and military commanders I could only reflect on the idea of “imposter syndrome”. We’d all been called here as UK government representatives to help try and manage this crisis, and stood ready to use whatever political, diplomatic, or economic means we had at our disposal.
As I met the team, and became increasingly overwhelmed with the wealth of their collective experience, I began to doubt my own utility. Listening to the background briefing, I wondered what resolution we’d be able to reach in such a complex situation.
Both nations had been in an uneasy stalemate for years. Recently though, the rivalry had become increasingly hostile, and the aggressive neighbour was now operating military forces pretty much on the other’s doorstep; capitalising on regional instability as justification for enforcing their own objectives.
This latest series of cyber attacks were the sparks which would ignite a conflict if not handled properly. As we were briefed by the cyber experts on the ground, and heard first hand how they’d fought to keep critical national infrastructure (such as power and water) safe from hackers, my uncertainty only compounded. We were in for a tough time, and I desperately needed another coffee.
The questions started coming at us thick and fast: thorny legal issues and tricky policy problems with no perfect solution. I listened intently as my fellow teammates mused over the particular challenges posed by each new event. The situation continued to worsen, and our cyber counterparts were coming under increasingly sophisticated attacks, which were now beginning to affect essential services like power and water – and most concerningly, military systems.
I was busy monitoring the news landscape. Nothing in this world happens in a vacuum, and this was no different. I was watching the national news outlet, and social media feeds were awash with rumour and half-truths.
We were then told that the hackers had infiltrated the news website and were posting fake stories and ‘deep fake’ videos to spread misinformation and fear. Unsure of what I could trust, I tried my best to discern what was actually happening on the ground and realised again how dangerous it could be to believe everything we see and hear online.
It was clear to me at that point that the nation of Berylia was only hours away from complete collapse and, to make matters worse, there was a real risk of war with their neighbours Crimsonia.
If you’ve never heard of these places, don’t worry, you haven’t slipped into an alternative timeline. Berylia and Crimsonia are fictional countries, but the attacks taking place on the computer systems were very real. This was all part of Exercise Locked Shields, the world’s largest and most complex international cyber exercise.
It had been organised by the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) based in Tallinn, Estonia. There were 22 teams from 30 nations who were defending against attacks on over 5000 virtualised systems. While the cyber experts were battling it out in cyberspace, struggling against some to the world’s best ‘white hat’ hackers, I was a member of the strategic decision making team, trying to balance the political challenges and resolve this crisis.
The fake news, deepfake videos, and social media manipulation were all part of a targeted Information Operations campaign; a first for Exercise Locked Shields. All of it was designed to compound already difficult decisions that our team needed to make.
Ask yourself: when was the last time you fact checked something you read online? What research do you do when you see a headline? Who can you really believe?
Trust is a commodity. Our whole society runs on the trust we place in each other to fulfil our obligations honestly. This time, I was being challenged to consider what happens when an adversary abuses that trust and uses it against us, and I didn’t like the result.
I’m no cyber expert. I couldn’t explain to you in any real detail the methods which were used to try and damage those 5000 virtual systems. But I can tell you that it was made clear to me the reliance we all have on computerised systems for every single aspect of our lives.
Without strong cyber security the things we all take for granted everyday: power from the plugs, water from the taps, wifi from the router; all of it would disappear. You probably know yourself the frustration of not being able to get a mobile signal. I’m figuratively lost without 4G – and if I am relying on google maps, then I’m literally lost without it.
My personal experience of being at the heart of a major cyber attack taught me a few things: firstly, it opened my eyes to how critical it is that all of us, regardless of service, rank, or experience understand and help defend this essential domain. It also taught me how vulnerable we could be. It taught me how your enemy doesn’t need to be on the doorstep armed to the teeth with tanks, warships, or aircraft, but instead they can be thousands of miles away and still do real damage from cyberspace.
Finally, it taught me how amazing our MOD cyber experts are, and impressive our allies and partners from across the world are too. All the teams from each of the 30 nations taking part shared the same ideals – to protect us from the cyber threat.
When we finally finished the exercise, and the buzz of what was probably coffee number 6 was just wearing off, I left main building, heading back out into the overcast April evening. I hopped on the tube with the other weary eyed commuters, all of them staring at their phones. I got mine out too and plugged straight back into the cyber connected world that we’re all spending more and more of our lives in – often unaware of the people who fight to keep it safe.
Did you want to know what happened in the end? How was the situation between Berylia and Crimsonia resolved? Well, the answer is that it wasn’t.
In these kinds of situations there is rarely a neat resolution at the end of the day. Conflicts like these drag on for decades, with uneasy stalemates causing resentment on both sides.
Often, the fighting will continue just below the threshold of full-blown war, with nations engaging in what we call grey zone conflict (which you can find out more about here).
It’s because of this reality that we must be ready to meet the challenges posed by our adversaries, and to be prepared fight and win when necessary.