The shadowy international cyber war between states and their proxies has entered a new phase where lives are being put at risk, a cybersecurity conference has heard.
A ransomware attack on the Irish health service in May and assaults on critical infrastructure have shown that the groups behind attacks have little interest in human life, said Ian Hill, the global director of cyber security for construction firm Royal BAM Group.
He told the online Infosecurity Europe conference that states were rapidly building their capabilities to launch attacks and to defend themselves from catastrophic cyber attacks that have the capacity to kill.
“So what we’re seeing now are attacks here, many of which are state sponsored, directly attacking who they see as their adversaries but elements that will put lives at risk and could kill people,” said Mr Hill.
His company, involved in building extra hospital capacity to deal with the Covid-19 crisis, was itself attacked along with other agencies working to counter the pandemic. German police last year also launched a homicide investigation after a woman died because of a cyber attack on a hospital.
The attack disabled computer systems at a hospital in Düsseldorf and the woman died during efforts to transfer her to another site.
“There’s no evidence that these attacks directly intended to kill people but it shows that the actors behind them weren’t particularly interested in life,” said Mr Hill.
He said the coronavirus crisis exposed the vulnerability of supermarket supply lines with shortages due to panic buying and imports blocked because of pandemic-linked restrictions.
The implications of a devastating cyber attack were laid bare in a British defence review document in March when the government warned it could retaliate with nuclear weapons. Officials said that cyber attacks could deliver the same devastation as a weapon of mass destruction.
But modern military arsenals could also be defanged with a cyber attack by a less powerful state on the artificial intelligence systems that operate some modern weaponry, said Mr Hill.
China, Russia, North Korea and Iran have all been accused by the US of widespread hacking to target opponents, spread misinformation and steal state and industrial secrets.
A senior western official said last month that major cyber attacks during warfare were currently the preserve of a few advanced states and actors.
“But we absolutely recognise the risk of proliferation,” said Will Middleton, the cyber director at the UK’s Foreign Office. “It is coming, which is why we need to get before the game.”
In a meeting with his Russian counterpart last month, US President Joe Biden raised the prospect of a cyber security agreement making 16 key sectors off-limits to attacks, to “bring some order”.