Mutually Assured Destruction refers to the notion that two or more opposing sides have the power to completely annihilate each other. This idea was first realised during the Cold War, where both the USA and USSR had the nuclear capability to ensure each other’s destruction. Although the Cold War ended in 1991, the ominous shadow that is Mutually Assured Destruction may have come back to haunt us - but in a more modern fashion.
 
I’m sure that everybody reading this is aware of the real threat that cyber-attacks pose. However, it is not as commonly known that the ‘top dogs’ in cyberspace (Russia, China, USA, Iran, Israel, and North Korea) all claim to have the ability to shut down each other’s entire electrical grid. That means no power, no heating, no internet for an entire nation. What we have here is a cyber-version of the Mutually Assured Destruction that we are used to. Here one would naturally question how this came to be. 
 
Governments have invested astronomical amounts of money into their cyber units; for example, the United States spend around $10 billion per year on their cyber department. However, of this budget, considerably more is spent on cyber offence than cyber defence. The discounting of strong cyber defence is what has led us into the dangerous situation we are in now, where critical infrastructure can be remotely turned off by any major nation, at any time. We need only to look to the past to discover the true extent of violent power that these nations hold; a prominent and very worrying example is the Stuxnet worm.  
 
First discovered in July 2010 by a Belarusian security company, a worm (a virus which self-replicates) was found on an Iranian client’s systems. This virus - written in C - had a level of sophistication that had never been seen before; it made Iran the victim of what is seen as the first act of cyber warfare. The worrying part is the fact that the targets of this attack were, among others, the Bushehr Nuclear Power Plant and the Natanz Nuclear Facility. The virus had several objectives: gain privileged access to the computer systems while remaining undetected, reprogram & steal data about the industrial systems, and remotely seize control of the systems that handle the facilities’ reactor cooling and generators. According to an expert researching this – “the only thing I can say is that it is something that was designed to go bang”.
 
The worm was able to breach the facility through the Windows systems (yes, a nuclear facility running on Windows) it was running on. It did this by taking advantage of what are known as zero-day vulnerabilities: exploitable bugs in a computer system that have not yet been discovered by those trying to protect it. Until the vulnerability is patched, any bad actor with the knowledge of the zero-day can exploit the system. Security researchers are always looking for zero-days in common systems such as iOS, Android, macOS, and Windows in order to find and release updates to remedy them before the hackers take advantage of the opportunity. So, take this as a reminder to keep your systems updated! As mentioned, the only way for a company to defend oneself from a zero-day is to find it before the hackers do. 
 
Fortunately, the Stuxnet worm was discovered before it was able to unleash its true power, possibly preventing a nuclear catastrophe. This must act as a striking wake-up call. As to who did it: the short answer is that it is incredibly difficult to tell as a result of the anonymous nature of the internet. However, due to the incredible sophistication and huge number of resources it would have taken to develop such a piece of software, experts unanimously agree that this was not merely a rebel cybergang. Rather, it is much more likely that it was a nation state showing off its power.  
 
Stuxnet is just one example of infrastructure coming under attack and like the Cold War, we have only had mere glimpses of the true destruction that this cyber-arms race could cause. With the severity and rapidly increasing frequency of nation-state cyber-attacks, only time will tell if cyber-war is to be the collapse of society as we know it.