Close Menu
TechCentralTechCentral

    Subscribe to the newsletter

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    Facebook X (Twitter) YouTube LinkedIn
    WhatsApp Facebook X (Twitter) LinkedIn YouTube
    TechCentralTechCentral
    • News
      The AI reckoning arrives at South Africa's universities

      The AI reckoning arrives at South Africa’s universities

      3 July 2026
      A degree is no longer enough

      A degree is no longer enough

      3 July 2026
      South Africa's IoT opportunity is smaller than it looks - and already taken

      South Africa’s IoT opportunity is smaller than it looks – and already taken

      3 July 2026
      SA business grows even as optimism sinks to five-year low

      SA business grows even as optimism sinks to five-year low

      3 July 2026
      New rules on how operators can cut off your dormant Sim

      New rules on how operators can cut off your dormant Sim

      2 July 2026
    • World

      SK Hynix ends Samsung’s 26-year reign at the top

      22 June 2026
      Google on the hook for what its AI tells users, court rules

      Google on the hook for what its AI tells users, court rules

      15 June 2026
      How Russians juggle VPNs to outwit the Kremlin

      How Russians juggle VPNs to outwit the Kremlin

      15 June 2026
      Amazon CEO flagged Anthropic AI risks to Washington - Andy Jassy

      Amazon CEO flagged Anthropic AI risks to Washington

      14 June 2026
      Trouble at Xbox

      Trouble at Xbox

      11 June 2026
    • In-depth
      AI boom sparks rally, frenzy and fear

      AI boom sparks rally, frenzy and fear

      11 June 2026
      Every plug-in hybrid on sale in South Africa, ranked by price - Lamborghini Temerario

      Every plug-in hybrid on sale in South Africa, ranked by price

      7 June 2026
      What Wi-Fi 8 will mean for wireless networks

      What Wi-Fi 8 will mean for wireless networks

      1 June 2026
      Alfa's electric rebel - Alfa Romeo Junior Elettrica Veloce

      Alfa’s electric rebel

      29 April 2026
      Africa switches on as Europe dims the lights

      Africa switches on as Europe dims the lights

      9 April 2026
    • TCS
      TCS+ | How Tracker is turning vehicle data into business strategy - Silvia Schollenberger

      TCS+ | How Tracker is turning vehicle data into business strategy

      1 July 2026
      TCS+ | IBM Bob: an AI-powered 'development partner' for the enterprise - David Spurway

      TCS+ | IBM Bob: an AI-powered development partner for the enterprise

      30 June 2026
      Watts & Wheels S1E6: 'A flawless Alfa and a bakkie that divides'

      Watts & Wheels S1E6: ‘A flawless Alfa and a bakkie that divides’

      17 June 2026
      Watts & Wheels S1E6: 'A flawless Alfa and a bakkie that divides'

      Watts & Wheels S1E5: ‘A Bentley of the bush and a car that swims’

      8 June 2026
      TCS | Charge's R1.8-billion bet on an off-grid EV future - Charge chairman Joubert Roux

      TCS | Charge’s R1.8-billion bet on an off-grid EV future

      18 May 2026
    • Opinion
      The author, Jannie van Zyl

      South Africa’s broadband future is being decided in orbit, not in Pretoria

      30 June 2026
      The author, Pambos Soteriades

      The pivot South Africa’s MVNOs cannot afford to miss

      23 June 2026
      Brazil's online gambling crackdown is a lesson for South Africa

      Brazil’s online gambling crackdown is a lesson for South Africa

      22 June 2026
      Finish the job Mandela started - Farzam Ehsani

      Finish the job Mandela started

      18 June 2026
      The author, Fanie van Rooyen

      The US just showed it can switch off our AI

      17 June 2026
    • Company Hubs
      • 1Stream
      • Africa Data Centres
      • AfriGIS
      • Altron Digital Business
      • Altron Document Solutions
      • Altron Group
      • Arctic Wolf
      • Ascent Technology
      • AvertITD
      • BBD
      • Braintree
      • CallMiner
      • CambriLearn
      • CM Telecom
      • Contactable
      • CYBER1 Solutions
      • Digicloud Africa
      • Digimune
      • Domains.co.za
      • ESET
      • Euphoria Telecom
      • HOSTAFRICA
      • Incredible Business
      • iONLINE
      • IQbusiness
      • Iris Network Systems
      • Kaspersky
      • LSD Open
      • Mitel
      • NEC XON
      • Netstar
      • Network Platforms
      • Next DLP
      • Ovations
      • Paracon
      • Paratus
      • Q-KON
      • SevenC
      • SkyWire
      • Solid8 Technologies
      • Telit Cinterion
      • Telviva
      • Tenable
      • Vertiv
      • Videri Digital
      • Vodacom Business
      • Wipro
      • Workday
      • XLink
    • Sections
      • AI and machine learning
      • Banking
      • Broadcasting and Media
      • Cloud services
      • Contact centres and CX
      • Cryptocurrencies
      • Education and skills
      • Electronics and hardware
      • Energy and sustainability
      • Enterprise software
      • Financial services
      • HealthTech
      • Information security
      • Internet and connectivity
      • Internet of Things
      • Investment
      • IT services
      • Lifestyle
      • Motoring
      • Policy and regulation
      • Public sector
      • Retail and e-commerce
      • Satellite communications
      • Science
      • SMEs and start-ups
      • Social media
      • Talent and leadership
      • Telecoms
    • Events
    • Advertise
    TechCentralTechCentral
    Home » In-depth » It’s time to write the rules of cyberwar

    It’s time to write the rules of cyberwar

    By Leonid Bershidsky9 July 2017
    Twitter LinkedIn Facebook WhatsApp Email Telegram Copy Link
    News Alerts
    WhatsApp

    [dropcap]A[/dropcap] new report by Bloomberg News about Russia being suspected of recently hacking a dozen US power plants, including a nuclear one, is far more serious than any possible attempt to influence an election. It could be a sign of something even scarier: two military superpowers stepping up a cyberwar in the shadows and without rules of engagement that protect civilians from other kinds of warfare.

    Attacks on power grids have a potential for mass destruction. A temporary power outage doesn’t appear to be all that threatening compared with the use of chemical, biological or nuclear weapons, but blackouts kill people even when they don’t last long.

    During the US East Coast blackout of 2003, some power was restored within seven hours, and still dozens of deaths were ascribed to the event. A lasting power grid breakdown could be an apocalyptic scenario, with hospitals and other critical services running out of fuel for reserve generators and unable to obtain it easily; traffic, food and water supplies disrupted; urban life plunged into chaos. And that’s before we even think of nuclear power plants getting out of control.

    Bold statement

    The US department of homeland security and the Federal Bureau of Investigation are stressing that “there is no indication of a threat to public safety, as any potential impact appears to be limited to administrative and business networks”. But that’s a bold statement, given that a 2015 report by the think-tank Chatham House said this about the security of civilian nuclear facilities:

    There is a pervading myth that nuclear facilities are ‘air gapped’ — or completely isolated from the public Internet — and that this protects them from cyberattack. Yet not only can air gaps be breached with nothing more than a flash drive (as in the case of Stuxnet), but the commercial benefits of Internet connectivity mean that nuclear facilities may now have virtual private networks and other connections installed, sometimes undocumented or forgotten by contractors and other legitimate third-party operators.

    Stuxnet was the malware the US used in its most successful hacking operation to date, the crippling 2010 attack on the Iranian nuclear programme. It’s openly celebrated now as an example of what the US can do to an adversary’s infrastructure if it sets its mind to it. Paranoid security professionals in Russia and elsewhere have long worried about factory-installed backdoors in American-made software and equipment. National Security Agency leaker Edward Snowden revealed a range of such physical and software-based implants.

    Attacks on civilian services, and especially on nuclear plants, are a different matter. They are unambiguous acts of war

    If Russia is behind the power plant hacks, they could very well be responding to US threats to deploy “implants” in important Russian networks. According to a recent Washington Post report, then President Barack Obama ordered the use of implants on Russian networks that would cause “pain and discomfort if they were disrupted”.

    Russia appears to be eager to demonstrate — without admitting it — that it has a similar capability. There’s circumstantial evidence that it has messed with the Ukrainian power grid, causing two brief blackouts. The current attacks on the US power plants can only loosely be attributed to any state agents, let alone to Russia, but they reportedly match the profile of earlier attacks by a hacker group known as Energetic Bear, which has targeted energy companies in Russia’s adversary nations.

    I’ve long written that I consider the story of Russian meddling in last year’s US presidential election overblown. If the actual voting and tabulation weren’t affected — which no one appears to doubt — Americans made up their own minds how to vote; propaganda and the release of stolen e-mails, Russian or not, are par for the course in election campaigns. Only strong evidence of something like collusion between Donald Trump’s campaign and the Russian intelligence services could make this a national security problem.

    Attacks on civilian services, and especially on nuclear plants, are a different matter. They are unambiguous acts of war. It is known that the US is capable of them, and it would stand to reason that Russia wouldn’t let itself be outdone. Nor would China and, given that cyberweapons are relatively cheap to develop, smaller players such as Israel or North Korea. And yet there are no rules of engagement for countries that have the capability to shut off each other’s power grids or, say, traffic light systems. There’s no cyberwar equivalent of the Geneva and Hague conventions, which set rules for the treatment of civilians and ban certain kinds of cruel weapons.

    In the so-called Tallinn Manual, originally published in 2013, a group of experts working for the North Atlantic Treaty Organisation attempted to lay down some rules, warning against attacks on critical infrastructure. It specifically named hospitals and nuclear power plants as facilities that should be out of bounds. But the manual is not even an official Nato document.

    These rules are necessary before the US, Russia and China go after each other with all they’ve got, which is more than we know

    In February, the United Nations Security Council unanimously adopted Resolution 2341 calling on states to arm themselves against terrorist attacks on critical infrastructure. But what about such attacks initiated by other governments, not terror groups? It’s time there were some internationally recognised principles that applied to them, defining, for example, what constitutes an attack, what response is permissible, and what can and cannot be done to civilian networks. It would be helpful to establish some international attribution mechanism; a nation’s intelligence services cannot be trusted to make an assessment that would be used to justify international sanctions.

    Conventions have often been broken in wartime. Some countries still make and use chemical and biological weapons, even if they won’t openly admit it. Some militaries mistreat prisoners and kill civilians. But rules of engagement are still useful: most belligerent parties aim to act honourably and avoid being branded as war criminals. Official cyberwar rules wouldn’t stop attacks, but they would define unacceptable behaviour for all concerned. These rules are necessary before the US, Russia and China go after each other with all they’ve got, which is more than we know.  — (c) 2017 Bloomberg LP

    Follow TechCentral on Google News Add TechCentral as your preferred source on Google


    Leonid Bershidsky top
    WhatsApp YouTube
    Share. Facebook Twitter LinkedIn WhatsApp Telegram Email Copy Link
    Previous ArticleLarry Page must testify in Uber lawsuit
    Next Article Liquid successful in R9.4bn capital raise

    Related Posts

    18GW in unplanned breakdowns cripple Eskom

    2 November 2021

    Nersa kicks the Karpowership can down the road

    13 September 2021

    If you think South African load shedding is bad, try Zimbabwe’s

    13 September 2021
    Company News
    Powertel, Paratus Zimbabwe switch on new digital highway

    Powertel, Paratus Zimbabwe switch on new digital highway

    3 July 2026
    Mitel Workflow Studio wins global remote-work innovation award

    Mitel Workflow Studio wins global remote-work innovation award

    3 July 2026
    The data sovereignty rules African and EU firms can't ignore - BBD Software

    The data sovereignty rules African and EU firms can’t ignore

    2 July 2026
    Opinion
    The author, Jannie van Zyl

    South Africa’s broadband future is being decided in orbit, not in Pretoria

    30 June 2026
    The author, Pambos Soteriades

    The pivot South Africa’s MVNOs cannot afford to miss

    23 June 2026
    Brazil's online gambling crackdown is a lesson for South Africa

    Brazil’s online gambling crackdown is a lesson for South Africa

    22 June 2026

    Subscribe to Updates

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    Latest Posts
    Powertel, Paratus Zimbabwe switch on new digital highway

    Powertel, Paratus Zimbabwe switch on new digital highway

    3 July 2026
    The AI reckoning arrives at South Africa's universities

    The AI reckoning arrives at South Africa’s universities

    3 July 2026
    Mitel Workflow Studio wins global remote-work innovation award

    Mitel Workflow Studio wins global remote-work innovation award

    3 July 2026
    A degree is no longer enough

    A degree is no longer enough

    3 July 2026
    © 2009 - 2026 NewsCentral Media
    Built and maintained by Chronon
    • Cookie policy (ZA)
    • TechCentral – privacy and Popia

    Type above and press Enter to search. Press Esc to cancel.

    Manage consent

    TechCentral uses cookies to enhance its offerings. Consenting to these technologies allows us to serve you better. Not consenting or withdrawing consent may adversely affect certain features and functions of the website.

    Functional Always active
    The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
    Preferences
    The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
    Statistics
    The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
    Marketing
    The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
    • Manage options
    • Manage services
    • Manage {vendor_count} vendors
    • Read more about these purposes
    View preferences
    • {title}
    • {title}
    • {title}