Whether it’s state-sponsored attacks, corporate espionage, a moneymaking scheme or simply someone trying their luck, businesses and governments are facing a constant barrage of cyber attacks. The high-profile cases of lone wolves hacking into the systems of government organizations mask the more devastating consequences of attacks carried out or ordered by nation states against other nation states.
They are threatening national security around the world, but the wide variety of attack vectors, as well as the continuous evolution and improvement of methods, means we’re constantly chasing our tails trying to keep up and keep them out.
The head of the UK’s National Cyber Security Center (NCSC) revealed that Britain was threatened by 188 high-level cyber attacks in just three months. It will be essential to understand how hackers and their taskmasters operate, their different motives and the rich variety of tools they have at their disposal, if we are to succeed when it comes to protecting our networks on which all of our lives depend.
When Saudi Arabia governmental agencies were recently targeted in a new spear phishing campaign — where a phishing email infects the user’s system when the attachment is opened as well as automatically forwarded to other contacts via Outlook — it was merely the latest in a long string of cyber attacks against Saudi government organizations.
Only last November, hackers destroyed computers at several Saudi organizations using a highly destructive cyber weapon called Shamoon. It disabled all equipment and services of the organizations involved, including the General Authority of Civil Aviation, and took over the computers’ boot record, preventing them from being turned back on. The attack was timed at the very end of the working week to thwart any early attempts to limit or repair the damage.
Cyber attacks are not always this destructive, but their existence is symptomatic of international power struggles that are increasingly taking place in cyberspace threatening national security on the ground.
If accusations of possible election rigging in the USA by Russia are true, it will undermine the entire democratic process by which our governments and leaders are elected. It will cast doubts over the validity of the government in power and undermine people’s trust in their leaders.
In another example, Ukraine’s power grid came under attack in 2015 for which Russia was blamed. Tensions between the two nations reached fever pitch following the downing of Malaysia Airlines MH17 passenger plane in Ukraine and the hack was one of the first instances where physical infrastructure was compromised.
Cold War superpowers the US and Russia still often find themselves at opposing sides of the table, but international division is no longer restricted to geopolitical lines. With the collapse of the Eastern Bloc, the international community has changed beyond recognition. Nation states have formed new alliances, made new enemies, and new ideological structures have sprung up in a bid to wield their influence unrestricted by physical borders.
For smaller nations and ideological organizations, cyber hacking enables guerrilla warfare against other nations, some of which will be much bigger and more powerful. Non-state actors, such as ISIS, increasingly turn to cyber hacking to keep up the pressure on the international community and strengthen their position in a vulnerable area of the world.
ISIS-affiliated hackers earlier this year attacked NHS websites to show graphic Syrian war images recently. And last year, Syrian hackers claimed responsibility for hacking into Belgian news sites. These attacks will have been inconvenient, but the Ukraine example points to something a lot more dangerous.
Some cyber attacks can cause disruption that exceeds a nation’s military security. For example, cyber attacks that alter databases or documents, known as “fake data,” could bring a country to the brink of collapse. Businesses and governments make decisions based on data that is assumed to be accurate. When this is no longer the case, or people’s trust in the data’s accuracy is undermined then a country’s economy could be quickly brought to its knees.
Farmers, for example, organize their planting schedules based on centrally held key metrics such as soil fertility. Incorrect data could lead to failed crops, food shortages or possibly even famine. Similar attacks on other databases could cause stock markets to crash, power grids to be disrupted and cause havoc to a nation’s effective functioning and stability. When such basics are under threat, civil unrest could soon follow.
The challenge is that with so many players and attack vectors, cyberspace is extremely difficult to police and secure. Hackers can operate from anywhere in the world, and even if the likely culprits are known, proving it can be virtually impossible.
Government organizations themselves are often not equipped or trained to protect themselves against cyber attacks. Legacy systems means that computer equipment is out-dated and potentially more vulnerable to outside attacks, but departments often lack the funds necessary to bring these systems fully up to date.
Government departments will be focused on delivering the core service that justifies their existence. Anything else, like IT security, could remove that focus and jeopardize their ability to operate, so it’s not surprising that departments are unwilling to spend and money on “peripheral” issues.
However, this is “short-termism,” as the cost of doing nothing can be very expensive indeed. The true costs of a cyber attack could be very expensive indeed, not to mention the loss of reputation and trust of the general public. Governments — and businesses for that matter — need to take a long-term, sustainable approach to cyber security.
The NIST Cyber Security Framework now regulates several critical infrastructure sectors in the US. However, their guidelines are not compulsory so players will not be penalized for non-compliance. In the UK, the National Cyber Security Center became operational at the end of 2016 to reduce cyber security risk by improving the UK’s cyber security and resilience. Every country will have similar initiatives to keep their respective departments, infrastructure and citizens safe.
No country is immune and building solid defenses is only one part of a solution. They should equally be capable to take the proverbial bull by the horns. Just as a physical army can perform defensive and combative campaigns, so every nation state should develop both offensive and defensive cyber capabilities.
The challenge of course is to determine the rules of engagement. Authoritarian regimes often have much more freedom to set and change the rules as they please. Democratic nations have fewer options as governments cannot operate above the law and usually act under public scrutiny.
Any effective cyber strategy will require like-minded countries to cooperate and abide by an internationally agreed legal framework. Failing to pool knowledge, resources and capabilities could bring a dystopian future closer in a world where the main aim of hackers and their taskmasters is to cause chaos and disruption.