This Is How They Tell Me the World Ends: The Cyberweapons Arms Race

A computer program is a set of instructions that tells a computer what to do in order to solve a particular problem or execute a specific function. It is part of the software of a computer and consists of formulaic lines of unambiguous commands. 

The readable form of a program is called source code, which much be written in a programming language such as Javascript, Python, or Ruby. Programming languages have a prescribed syntax and semantics that allow humans to communicate with computers. Although there are thousands of these artificial languages in existence, only a few dozen are in common use. 

People who write and manipulate computer programs are called programmers or coders. Hackers manipulate computer programs by taking apart and changing the program’s code, substituting or adding their own instructions to the original text so that when the program is executed, the computer carries out their wishes. The flaws in a computer program that are vulnerable to hackers are called “bugs” or “exploits.”

Infrastructure denotes the system of facilities and structures that supports the essential functioning of a community. This can include public and private elements such as water and power grids, public institutions like schools and prisons, and transportation systems like roads and railways. The phrase “digital infrastructure” can refer to computerized elements of this general infrastructure, such as the programs that monitor electrical power grids. Digital infrastructure can also refer to the system of services and facilities that support critical information technology capabilities within a community or society. (Examples include the data routes that compose the internet backbone, mobile and broadband networks, and software governing automated systems.) Damage to this infrastructure would disrupt the everyday functioning of a community, negatively affecting private citizens, businesses, and public services.

Because digital infrastructure is vulnerable to infiltration and disruption by hackers, it can be targeted by cyberattacks (such as the Russian “NotPetya” attack on Ukraine). Digital infrastructure remains a tempting target to factions that are hostile to a particular community because these attacks can be carried out from a significant distance and without direct contact. These attacks can also be difficult to trace and can cause significant damage or disruption. For this reason, Perlroth stresses the importance of The Responsibility to Safeguard Digital Infrastructure.

Encryption is the process of reversibly transforming information into an unintelligible form that cannot be read by unauthorized parties. In computing, an algorithmically generated key converts the original message, called “plaintext,” into an encrypted form called “cyphertext.” The data is then transmitted—usually over the internet—in its encrypted form. The intended recipient receives the key along with the message, at which point the message is automatically decoded and presented in its original form. Anyone intercepting the message would not gain access to the key and would therefore either need to dedicate significant computational resources to brute-force decoding or would ideally be unable to read the original message at all. Encryption is built into many messaging apps like Signal and WhatsApp, protecting the privacy of users as data is transferred between end points.

Hardware denotes the physical components of a computer, such as the motherboard and battery. Software denotes the programming—a set of instructions written in coding languages such as C+ or Python—in order to  control what a computer does. Firmware is the most basic level of software—the programming that is most closely connected to the hardware and directly affects the functioning of the computer’s physical parts. Firmware is generally written in machine programming languages such as binary, which are far less intelligible to humans but are well-suited for dictating the physical functioning of the hardware.

Hardware is susceptible to physical tampering, particularly during the manufacturing process. By contrast, software is the primary target of hackers because it can be influenced by zero-day exploits and other security vulnerabilities in the coding. Exploits that allow hackers to infiltrate firmware are amongst the most valuable and critical because they can be used to affect the computer’s most fundamental processes in ways that are very difficult to detect or prevent, thereby providing access to all of the machine’s systems.