Over the past three years, catastrophic security breaches have stolen information, probed the critical infrastructure of major western countries, provided economic advantages to China, political advantages to Russia, fueled the North Korean and Iranian need for revenge, and have fed the espionage machine of all nations that spy. Even ISIS and other terrorist organisations are getting into the game as they amass the capability to launch digital attacks.
Motivations behind state-sponsored hacking
Cyber espionage and cyber terrorism are the most critical threats facing the public and private sector in the United States and the United Kingdom. These cyberattacks are a greater threat than even kinetic terrorism. They are cheaper to launch, easier to design and benefit from an inherent difficulty to track cyberattacks to their source.
However, something that still needs to be answered is the motivation behind these attacks. Cyber espionage and cyber terrorism share the same motivations that traditional espionage and kinetic terrorism pursue. Indeed, cyber espionage has supplanted traditional spy craft as the primary intelligence gathering method for state-sponsored spies.
The traditional spy playbook provides a clear understanding of the motivations behind cyber espionage. Russia’s attack against the American DNC and Hillary Clinton’s presidential campaign, for example, sought to mine critical policy information for a potential incoming president and sabotaged the presidential campaign through the targeted release of information. Gathering intelligence and disruption are hallmark purposes of espionage. Iran and Russia have probed certain power companies in the United States through malware attacks. These probe attacks typically suggest that an infrastructure attack may be forthcoming.
China has preyed upon both the United States government and private business – particularly in the technology and healthcare sectors. China’s attack on the Office of Personnel Management stole critical personal information about US government employees that can be used to recruit sources – through blackmail, greed or ideology. China’s attack on Anthem through a clever spear phishing attack using social media collected further information about numerous government employees insured by Anthem as well as private citizens.
Growth of state-sponsored hacking
State-sponsored attacks have grown since 2010 and will continue to grow at a sharp incline. Kinetic warfare is expensive and inconsequential in a world where cyber terrorism and warfare can cause significantly more damage. A nation can also carefully launch cyberattacks behind a veil of anonymity and deniability. This has been the modus operandi of China and Russia for years. Cyberattacks allow a nation to strike tactically to pursue an often-unknown agenda without the repercussions and proportional responses a kinetic attack demands.
I am concerned that we will see a catastrophic cyberattack on a Western country’s critical infrastructure in the near future. Many Western nations have not prepared adequately to prevent such an attack. Outdated and decentralised systems are poorly patched and are vulnerable, and most governments do not have sufficient response plans. Cybersecurity requires both the private and public sectors to combine their efforts in stopping attacks. Prevention and defense requires hardening our cyber infrastructure, protecting our information systems, training personnel in analytics, and providing the tools and practices that give threat hunters visibility into the threats. At Carbon Black we have advocated an understanding that cybersecurity is national security. If we seek a world safe from cyberattacks, the world needs to catch up to the attackers. Too often, security and governments play defence against attacks after the enemy has launched them.
Effective cybersecurity requires active threat hunting to discover attacks before they land and prevent damage. Cybersecurity and counterintelligence must align to stop the threats. In other words, just as the