Dr. Craig Albert, director of the Master of Arts in Intelligence and Security Studies, will be the keynote speaker at the Military and Veteran Services’ professional development series on May 1.
When it comes to terrorism around the world, state-sponsored cyberattacks are an entirely different ball game, according to Dr. Craig Albert, the director of the Master of Arts in Intelligence and Security Studies (MAISS) at Augusta University.
“Unlike terrorist attacks, most states don’t claim cyberattacks because they don’t want anybody to know,” said Albert, a leading expert on war and terrorism at Pamplin College of Arts, Humanities, and Social Sciences. “They don’t want to be on the radar, so they’ll deny any involvement. They’ll say, ‘We didn’t do that. What are you talking about?’”
That approach is completely opposite from past physical attacks and, therefore, it allows foreign countries or other entities to avoid any blame, he said.
“In most types of attacks, you want people to know that you’re responsible so that you can assert your power,” Albert said. “But cyberspace is really a new battle space that is emerging. We are just not sure what is going on. That’s what’s tricky about it.”
It is a whole new world for those combating cyberattacks, Albert said.
“A lot of political scientists are trying to look at cyberattacks through the same lens that we looked at nuclear technology and nuclear deterrence,” he said. “But we know who fired a missile and we can deter against that, but we can’t do that in cyberspace. Therefore, we kind of have to create or adjust everything that we know about security studies to account for strategic cybersecurity.”
During the Military and Veteran Services’ professional development series at Fort Gordon’s Command Support Center on May 1, Albert has been invited to discuss a research paper that he recently co-authored with Dr. Lance Hunter, an associate professor of political science at Augusta University and the lead author of the study, and a graduate student in MAISS, Eric Garrett, that is entitled, “The Initiation of State-Sponsored Cyberattacks.”
“This paper looks at what are the factors that contribute to a state wanting to attack another state in cyberspace,” Albert said.
Specifically, Albert said the paper created a database of various countries around the world that have either been a victim of a cyberattack or initiated an attack in cyberspace.
“There were two hypotheses in the literature. One hypothesis said that cyberspace and cyberattacks would be utilized just like any other form of a weaponry by the most powerful states to assert their will,” Albert said. “And the other hypothesis said, ‘No, it is going to be used more by weaker states because you can’t really tell what state initiated a cyberattack, so that’s kind of a sneaky way for weaker states to attack bigger states.’”
The idea was that these weaker countries that can’t afford major military expenses such as ground-to-ground missiles could hurt an enemy using cyberattacks, he said.
“So we wanted to test that theory, but we discovered it was actually the most powerful states doing the cyberattacks,” he said. “The other hypothesis that we were checking was, what type of regime would be the most likely to initiate cyberattacks: Would it be an authoritarian regime against a democratic government? Or a democratic against an authoritarian? And what we found was that the more authoritarian the regime, the more likely it was to initiate state attacks.”
That data supports the reports provided to Congress by the U.S. intelligence community, he said.
“If you can expect powerful authoritarian regimes are going to initiate most state-sponsored cyberattacks, what countries come to mind?” Albert asked. “Russia, China and North Korea. So that’s important for policy implications for the United States because that tells us that we need to look at those types of regimes and step up our defensive tactics against those specific regimes.”
But just because a cyberattack could possibly be committed by countries such as Russia, China or North Korea, that doesn’t necessarily mean those countries are responsible for the attacks, Albert said.
“Nations might not be responsible. ISIS could do it,” Albert said, referring to the Islamic State of Iraq and Syria. “Or, like Donald Trump said, a 14-year-old in the basement could just as sophisticatedly launch the same type of attack that Russia could.”
In addition, as our government is trying to figure out how to protect information in cyberspace, there’s always someone else simultaneously plotting a potential cyberattack, he said.
And once a cyberattack occurs, it’s difficult to learn additional information about how to stop a future attack, he said.
“It’s extremely daunting because we don’t know how to investigate it. We don’t know how to analyze it. And you can’t be 100 percent sure where an attack came from,” Albert said. “You can narrow it down pretty convincingly, but it’s not 100 percent. And, of course, anybody can do cyberattacks.”
In fact, nations across the world have been extremely fortunate that a cyberattack has not yet resulted in the loss of human life, Albert said.
“One person with superior skills could knock out a dam,” he said. “And while we haven’t had any real instances of cyber war, I believe it’s coming.”
Albert said the closest example of cyber war was probably Stuxnet, a virus which was used against Iran’s nuclear program more than a decade ago.
The virus, which was widely believed to have been developed by the United States and Israel, was discovered in 2010 after it was used to attack a uranium enrichment facility at Iran’s Natanz underground nuclear site.
That was the first publicly known example of a virus being used to attack industrial machinery in a cyberwar context, Albert said.
“That’s a clear example of something approaching an instance of cyber war, even though it wasn’t called cyber war,” he said. “I personally define cyber war as you need physical destruction to occur and most people don’t think that will happen because it hasn’t happened. But it is only a matter of time.”
Albert is convinced that the threat of cyber war is extremely real.
“We are quickly approaching the realm where a cyberattack will result in human fatalities,” he said. “There soon won’t be an argument over whether it’s cyber war or not. By then, it won’t matter. People can die over it.”
In fact, cyberattacks could easily knock out a power grid for an entire city or region, Albert said.
“Some people say, ‘Well that’s not physical destruction.’ But it would cause indirect destruction,” Albert said. “Just look at what Augusta went through five years ago with that ice storm. You would have thought we were in an apocalypse. If someone knocked out our electrical grid for three months, there might not be any coming back from that. It could be devastating.”
For those reasons, Albert said he is extremely grateful to be speaking at Fort Gordon during the Military and Veteran Services’ professional development series on May 1.
“We need to make sure that the technicians and the tactical operators on the ground understand strategically what’s going on,” he said. “So as theorists and political scientists, we need to communicate more with technicians and operators, so we don’t miss anything. It’s very important that we make sure we can speak each other’s languages in order to help prevent something catastrophic from happening.”
Dr. Craig Albert on “The Initiation of State-Sponsored Cyberattacks” at the Military and Veterans Service’s Professional Development Series
- Wednesday, May 1
- 11:30 a.m.
- Fort Gordon’s Command Support Center, Classroom 201
- Free lunch will be provided. Registration is preferred by April 24, but not required.
- To register, contact Alejandra Miles at firstname.lastname@example.org