What is cyberwarfare? “A true act of cyberwar would be a wider targeting of critical infrastructure but also incorporate attacks on military infrastructure. For example, the Russian attacks during the Russo-Georgian war over South Ossetia. We have seen and will continue to see cyber-attacks on a nation state level towards other nations to test capabilities impacting infrastructure, industries and government operations. Some recent examples include infecting accounting software with ransomware, taking out power grid operations and impacting national healthcare organisations. The lines are blurred today as attribution is not always clear and detection often takes months if not years in some cases. Cyber is not always timely or immediately visible like a direct hit in traditional attacks like 911 or suicide bombings at cafes or train stations.”
Tom Clare, Sr. manager, product marketing at Fidelis Cybersecurity
“The noble institutions that we created for noble reasons in 1945, were not necessarily created to deal with some of these challenges,” said Nick Carter while talking about the threat of cyberwarfare on the Andrew Marr show. He continued “if you want to protect that multilateral system, that has really secured our security system, stability and prosperity, we need to make sure that it is fit for purpose, for the modern world.”
Is he right about the threat of cyberwarfare?
He was “absolutely right to point out the need for stronger cybersecurity regulations,” said Oz Alashe MBE. He should know a thing of two about cyberwarfare and its potential threat, he is a former Lieutenant Colonel in the British Army and UK Special Forces and is now CEO of cybersecurity training software platform, CybSafe.
“What we are seeing is that attackers continue to demonstrate their ability to penetrate the perimeter, steal sensitive data and intellectual property, and disrupt operations. Their attacks are widespread and exacerbated by an unpredictable political climate,” said Kieran O’Driscoll, Defence Business Lead at CyberArk.
We are already seeing “attacks against critical national infrastructure on a daily basis…The National Cyber Security Centre (NCSC) has said that there may be a level 1 attack hitting the UK, and meddling with elections, this is happening everywhere,” said Max Heinemeyer, Director of Threat Hunting, Darktrace.
When “it comes to acts of cyberwar, organisations and government agencies are facing a well-funded, tenacious, technically able, and highly motivated adversary,” warned Ian Pratt, co-founder and president, Bromium.
“Adversaries have already tried to manipulate elections and target critical infrastructure in Europe and US through cyberattacks. Escalating hostilities – whether by nations or criminals – is one of the most basic rules of human history. The UK is vulnerable to cyberwarfare because many organisations – both in the public and private sectors – are simply bad at doing the basics right,” said Kevin Bocek, VP threat intelligence at Venafi.
What about regulation, do we need a re-boot?
Mike Gillespie – Managing Director and co-founder of Advent IM Ltd, vice president of the The Centre for Strategic Cyberspace + Security Science (CSCSS), warned that: “The current legislative framework hasn’t been fit for purpose for some time.” He added: “The rate of change in technology is outstripping legislation by a huge margin.”
US government hacked again: experts say it’s time for them to take the offensive in the global cyber war
“Now that the pitfalls of the cyber world are becoming fully realised,” commented Oz Alashe, “legislation hasn’t caught up.” The former Lieutenant Colonel said: “There is no recognised legal entity for ‘cyberwar’ [or cyberwarfare]. The international community readily understands and manages physical conflicts, but digital wars don’t merit the same level of attention, even though they can sometimes be just as damaging. Little collaboration takes place on an international level, and consequently, legal enforcement is weak. The cyber world we see today probably isn’t so far removed from the old American wild west; state-sponsored hackers are the modern gunslingers and outlaws.”
“Cybersecurity discussion should be much more prominent at a global level. Only when the effort is internationally concerted can the cyber espionage threat be properly dealt with.”
How should institutions prepare?
“What institutions, of all kinds, need to do is to proactively prepare for attacks,” said Cyberark’s O’Driscoll, “not adopt a wait-and-see approach. The pace of technological change is expanding the attack surface, making it easier for the persistent attacker to find a way into the network. Privileged access is everywhere, from deep within IT infrastructure, right through to the endpoint. We must focus less on the ‘who’ but the ‘how’ in order to protect this privileged access from exposure.”
Ian Pratt, from Bromium said: “The cybersecurity industry must play an active role in defending against these adversaries. During peacetime, these actors will focus on staying hidden and taking time to obtain state secrets and insert backdoors, ensuring long-term access. During times of cyberwarfare, actors will attempt to destroy or corrupt data in lightning fast fashion, giving no chance to react.
“Security teams need to hunt for threats in the system to reduce the time hackers have access to unauthorised systems and limit the damage from a breach. However, if the industry is to help win this game of cat and mouse, we need to get better at spotting the clues. Government agencies and organisations boast millions of employees across the globe, offering a large and porous attack surface to exploit. Providing protection in this environment is challenging, because despite collecting data from monitoring tools, security teams often can’t see the big picture. This is because these tools work in isolation, meaning that security teams focus on putting out fires instead of proactively hunting for threats in the network.
“Defeating cyberwarfare attacks requires the ability to isolate any potential threat. If we’re ever going to be able to defend against acts of cyberwarfare, the industry needs to help security teams to combine best of breed security solutions into one harmonised, layered stack that utilises application isolation and containment. This approach prevents damage to the real system, capturing threats within a VM, allowing security teams to see how it behaves, what actions it tries to execute and the data it wants to compromise. This real-time threat intelligence gives a clearer picture of intent and can identify systems that have been compromised and must be remediated, retrofitting protection to other systems. By turning a traditional weakness (the user) into an intelligence-gathering strength, security teams can hunt and prevent threats.”
The good guys are losing the cyber war but is the tide changing?
Tom Clare, product marketing at Fidelis Cybersecurity, says that industry “will have a critical role in a defence capacity.” He explained: “We know that in the event of conflict, that private industry will be targeted. It goes beyond the Defence Industrial Base. Critical infrastructure will be targeted. Financial services will be targeted. Healthcare will be targeted. We would see more information influence campaigns. These are private industries. However, the professionals working security in these industries are extremely good at what they do. They see a large majority of the attack types and work diligently at safeguarding their infrastructure and data held within.”
The AI weapon of attack and defence
“With increasing developments in automation, machine learning and AI, cyber tools are becoming the new WMDs; able to strike not just one nation but many and often and with machine learning, we should all be concerned that nation states, both hostile and our own, appear to view offensive cyber as a legitimate weapon. A weapon that none of the established conventions on war ever considered. Cyber should be now viewed alongside germ and chemical warfare as abhorrent and unacceptable and the international security community needs to act to address this deficiency in existing international controls,” said Advent IM’s Gillespie.
Darktrace’s Heinemeyer, sees AI as a potential solution to cyberwarfare, he said: “If you think about how you secure yourself with a global problem becoming a nationwide problem, while we have this skills shortage, you can’t just throw more and more people at it, it doesn’t scale, it’s too big a topic. That is why we fundamentally believe at Darktrace that we have to leverage machine learning and artificial intelligence…to do the heavy lifting for us.”
Phishing attacks — can AI help people provide a fix?
A potential lull
Then again, Stephen Gailey, Solutions Architect at Exabeam, sees a potential lull. He explained: “One of the features of recent years has been attacks launched by nation states. An easy prediction might be that these will increase, but for the first time in a very long time, we may actually see a lull in nation state attacks.
“The West and NATO’s change in policy went from refusing to comment – for fear that their techniques and intelligence sources might be compromised – to actually calling out and naming names, seems to be having an effect. Russia finds itself severely impacted by this new approach, particularly with the support it is getting from crowd sourced investigators who have then exposed large portions of the GRU’s staff.
“Longer term, however, the use of cyber-warfare does seem to be a tempting weapon to use given its effectiveness, particularly against the more open West. The first half of 2019 will see a decline in nation state sponsored attacks, with a probable increase towards the end of the year, as Russia regroups and China and other states retrench their operations.
Back to AI
Gailey also sees a key role for AI. He said: “Analytics, machine learning and AI will play an important part in defending against these threats. These tools are already available, though their take up has often been delayed by a failure to match these new capabilities with appropriate new workflows and SOC practices. Next year should see some of the pretenders – those claiming to use these techniques but actually using last generation’s correlation and alert techniques in disguise – fall away, allowing the real innovators in this field to begin to dominate. This is likely to lead to some acquisitions, as the large incumbents, who have struggled to develop this technology, seek to buy it instead.”
On the potentially offensive capacity of the cybersecurity industry in a cyberwarfare scenario
Tom Clare said: “Offensive capabilities should be leveraged only by those charged with that mission. However, collaboration is possible, and is happening. There is a relationship between military cyber operations and venture capital to fund and develop new cybersecurity solutions. A prime example is deception defences with many individuals from the IDF 8200 unit (Israeli Intelligence) in key leadership roles at start-ups developing deception defences for commercial and federal use. Most cyber defence solutions can be transformed into a cyber defence or offence with a small effort of creative thinking.”
Kevin Bocek said “Defences that most organisations have in place are useless against a whole set of attacks involving machines and their use of encryption. Last year around 40% of attacks came through encrypted traffic, a figure that would be unthinkable if organisations had a proper grip of whether the identities of these machines communicating via encryption should be trusted or not.
“With security teams being pulled from pillar to post by constant attacks, they don’t have the time to take care of a number of key precautions. And it’s precisely these oversights which can let attackers in! Nick Carter’s comments should serve as a reminder for all organisations to get a handle on their machine identities immediately – otherwise they are simply laying out a welcome mat for those who want to do us harm.”
The elephant in the living room of the future
It is clear that the the threat of cyberwarfare is growing. But what none of our experts referred to, maybe because it is more theoretical at the moment, is what might happen when quantum computing becomes a reality, with the prospect of it being able to hack into any computer system in the world within seconds. The only solution might be quantum computers designed to resist quantum computers and so the cyberwarfare arms race is ratched up, and we are all poorer as a result.