When’s the Best Time to Launch a Cyberattack?

This article was originally posted on RealClearScience.

Let’s pretend that you’re a cyberterrorist, or if you prefer, a rogue agent working for a super-secret government intelligence program that develops cyberweapons. And let’s further imagine that you’ve developed a pretty cool computer virus that steals money from people’s bank accounts, and you’re really itching to try it out against somebody, say, Mr. Wonderful from Shark Tank. When’s the best time to deploy your little bundle of digital joy?

University of Michigan researchers Robert Axelrod and Rumen Iliev believe they know, and their answer is reported in the latest issue of PNAS.

The team developed a rather simple mathematical equation that takes into account three major factors. The first is thestakes. What is the payoff? In our example, if Mr. Wonderful keeps several billion dollars in his bank account, then the stakes are enormous. But, if he keeps only a few thousand dollars in his account, then the stakes aren’t very high.

The second factor is the persistence of your cyberweapon. As clever as you might be, your cyberweapon won’t be effective forever. If your weapon exploits a security vulnerability on the website of Mr. Wonderful’s bank, there’s a very good chance that the bank will discover and fix the problem if you wait too long. In other words, time is working against you. It may be better to launch your cyberweapon earlier instead of later.

The third factor is the stealth of your cyberweapon. After your weapon has been deployed, eventually your attack is going to be discovered. Whether you are discovered tomorrow or a year from now depends on how stealthy your virus is.

Combining these factors into a single mathematical formula, the authors conclude that if your weapon has low persistence (i.e., its effectiveness is not likely to last very long), then you should deploy it immediately, even if the stakes are low. However, if the weapon has high persistence, you should wait to launch your attack until the stakes are sufficiently high. For instance, if Mr. Wonderful is planning on making a large deposit into his savings account at some point in the future, you should hold off your attack if you believe that your weapon will remain effective until then. Patience is, after all, a virtue.

The reverse is true for stealth. A cyberweapon that has high stealth should be used early and often, even when the stakes are low. But if the weapon is not particularly stealthy, then it should only be deployed when the stakes are high enough.

Thus, the authors conclude: “The three factors that favor patience are low Stealth, high Persistence, and large stakes.”

If all this seems rather obvious, well… it is. However, the authors’ attempt to quantify nebulous concepts may provide a useful tool for intelligence analysts. For example, their model successfully described the implementation of the Stuxnet worm, which caused massive disruption inside one of Iran’s nuclear enrichment plants. The authors believe the worm had low persistence and high stealth, explaining why the cyberweapon appeared to have been deployed quickly after it was developed.

Of course, hindsight is always twenty-twenty and putting a specific number on fuzzy abstractions like “stealth” is far more art than science. So it is difficult to say just how useful their model will be in practice. Still, Mr. Wonderful ought to keep an eye on his money, just in case.

Source: Robert Axelrod and Rumen Iliev. “Timing of Cyber Conflict.” PNAS. Published online before print. 13-Jan-14. doi: 10.1073/pnas.1322638111



, ,