A press of a button a few decades ago could launch nuclear warheads. While this is still true today, war can take a different course and tickling the keyboard can mean launching a cyber attack so deadly that it can paralyze another country or at the least, steal its deepest secrets. And now, a new study has established a mathematical model that can help hackers know when is the best time to strike to create the intended havoc.
"A simple mathematical model is offered to clarify how the timing of such a choice can depend on the stakes involved in the present situation, as well as the characteristics of the resource for exploitation. The model deals with the question of when the resource should be used given that its use today may well prevent it from being available for use later. The analysis provides concepts, theory, applications, and distinctions to promote the understanding strategy aspects of cyber conflict," authors of the study Robert Axelrod and Rumen Iliev of the University of Michigan's Ford School of Public Policy, wrote.
The study takes things from the perspective of a cyber expert that has all the resources available and just waiting for the perfect timing to attack.
"The heart of our model is the trade-off between waiting until the stakes of the present situation are high enough to warrant the use of the resource, but not waiting so long that the vulnerability the resource exploits might be discovered and patched even if the resource is never used," the authors explained their mathematical model.
The study published in the Proceedings of the National Academy of Sciences of the United States of America, suggests that the timing of attack can be based on factors such as persistence, stealth, and threshold.
Upon establishing the mathematical formula for the best time to conduct a cyberattack, the authors looked into famous cyber attacks in history.
One example dissected is the case of Stuxnet where a computer worm was able to crawl into Iran's Natanz nuclear enrichment plant and disabled about 20 percent of its centrifuges. The authors say that the attack was low in persistence as it spread out three functions to accomplish in a matter of four zero-day exploits. However, it is very effective in terms of its stealthiness, being undetected for 17 months. Upon completing its mission, the worm deleted itself. As a result of the cyber attack, Iran's nuclear weapons production was delayed.
Other cases looked into by the study are Chinese cyber-espionage activities, export restrictions implemented by China, and how Iran attacked Saudi Aramco. The authors sees the activities of the Chinese as low on persistence but have considerable stealth.
While the revelations are not astounding to the technology community, the paper can serve as foundation in the development of policies with better understanding of cyber attacks.
"In the near future, cyber conflict will likely allow international sanctions to be more precisely targeted than economic sanctions alone and will provide powerful force multipliers for so-called kinetic warfare," the authors wrote as part of the study's conclusion.