RECENT TRENDS IN STATE-SPONSORED CYBERATTACKS
By Andrew Rogan
Governments and industries face the growing threat of cyber warfare on many fronts. In particular, the rise in aggressive state-sponsored and non-state actor cyberattacks has altered perceptions on preparation and has shifted focus onto developing a key strategy for both the defence and industrial sectors. Major aggressors present a risk that many NATO allies and EU member states hope to counter with improved capabilities and that many industry organizations, like Microsoft, hope to prevent with robust security measures. This Round Table Briefing will delineate the key cyber threats at hand, with special attention to recent attacks, while also discussing the defense and industry responses for the fight against cyberattacks.
The threat of cyberattacks is ever-growing, and while it is difficult to measure the amount of cyberattacks at any given time, the digital security provider Gemalto reported an estimated 2 billion records were lost or stolen in the first 6 months of 2017, a 164% increase from 2016. This expanding security gap concerns governments and industries worldwide. In recent times, both have been victims of large-scale malware attacks that shut down networks through harmful emails, links, and websites. These cyberattacks damage critical infrastructure on a scale that only state-sponsored actors could perpetrate. In addition to disrupting daily operations, attackers seek to exploit data and information, gain access to classified and private records, as well as obtain permanent connections to vulnerable networks. The risk of susceptibility to these attacks especially harm sectors like healthcare and energy. This year has seen these two sectors as casualties in major cyberattacks.
In May 2017, it became evident to hundreds of thousands that a particularly damaging strain of ransomware had spread around the world, affecting 74 countries. Through the exploitation of a back-door vulnerability, WannaCry shut down National Health Services networks in the UK, as well as crippled operations from three Spanish organizations. While not immediately life-threatening, the attack delayed patient services and medical operations in the UK. Many specialists point to North Korean affiliated groups as the offender, but it remains unconfirmed.
Petya completely devastated a number of institutions, particularly in Ukraine. By the end of June, it inflicted network shut downs in Ukrainian banks, energy firms, and the Kiev airport. Further, Petya affected the Danish shipping company, Maersk, a Russian oil company, and the American pharmaceutical company, Merck. By targeting similar vulnerabilities as WannaCry, but with a more advanced nature, Petya could attack further networks and inflict more damage, especially in Ukraine. Due to its extreme complex and targeted characteristics, many cyber experts consider Petya to be a state-sponsored attack, with fingers pointed at Russia.
As cyberattacks become more advanced and locating culprits becomes more difficult, these cyber threats will only worsen with time. Evidence points to states like Russia, North Korea, and China as complicit, and even helpful, in cyberattacks carried out by hacker organizations and other groups responsible for malware. Building capabilities to deter, prevent, and manage cyberattacks is an essential goal for any nation or industry vulnerable to their harms.
As cyber war is an emerging threat to security, it lacks representation in international law. Nations, intergovernmental organizations, and international institutions have had to make significant updates to their strategies and competences to better prepare for cyberattacks. Through training programs, multilateral cooperation, and research, the world is working towards a safer cyber space.
NATO established that cyber security was a core task in NATO collective defence. At the Warsaw Summit in 2016, it stressed that international law and Article 5 apply to cyber space, as well as considering cyber space one of its strategic domains, just like land, sea, and air. In the past years, NATO has established a variety of initiatives to combat cyberattacks, some listed below.
- NATO Computer Incident Response Capability (NCIRC) defends the NATO network from attacks
- NATO Defence Planning Process defines targets for allies to reach on cyber security measures
- NATO’s Smart Defence projects assist Allies through a cooperative measure to procure and manage cyber security measures, like software, education and training, and information sharing
- NATO cyber trainings and exercises, like the annual Cyber Coalition Exercise and use of the Cyber Range facility in Estonia
- NATO Cooperative Cyber Defence Centre of Excellence in Tallinn conducts trainings, research, and development in cyber security best practices
- NATO also assists partner nations in trainings and exercises to improve worldwide capabilities
- NATO engagement with other organizations, like the NATO-EU 42-concrete proposal, allow for further fortification
- NATO is working to strengthen its Mission Assurance. NATO itself receives thousands of cyber threats on a daily basis and it must improve its capabilities to fulfill a mission in the event of damage caused by an attack.
NATO Allies themselves have also developed new strategies for cybersecurity. The United States and the United Kingdom have created multiple task forces and commands within their respective agencies to stay on top of threats. Nation’s like France and Germany have developed cyber security strategies to help prepare their cyber defence capacities. Overall, these efforts build NATO’s collective cyber defence.
The EU remains committed to cyber defence fortifications and in the past few years has advanced key regulations, directives, and initiatives to secure European cyber space. A few of these responses are highlighted below.
- Establishment and strengthening of the European Network and Information Security Agency (ENISA), an EU agency tasked with cyber trainings, certifications, and capacity building. While its permanent mandate and expansion is just a proposal, its work thus far proves to be beneficial
- The General Data Protection Regulation requires industries collecting EU citizen data to boost their protection and response efforts
- The Directive on Network and Information Systems requires member states to build cyber defenses and to cooperate on issues of cyber security
- Proposal for an EU Cybersecurity Research and Competence Centre, upon approval, would help develop tools to counter cyber threats
- Cooperative Technical Agreement on cyber defence with NATO to boost cooperation on trainings, information sharing, exercises, and research
The role of industry in cyber security is of crucial value. Industries act as the first line of defense in cyberattacks and their preparation and capabilities are critical in preventing wide-scale consequences, both in cyber space and in the real world. Over the past few years, industry professionals have come to emphasize efforts that reinforce cyber security measures, and developing new protection strategies are a priority. Due to vulnerabilities exposed by attacks and leaks, Microsoft has emerged as a leading cyber secure organization.
Microsoft has developed a CyberSecurity Framework, tasked with providing content, research, and recommendations for not only industry, but also governments. A few of their initiatives are
- Consultation and assessment services for industries that must comply with laws and regulations, like the General Data Protection Regulation
- Cloud services for organizations and governments to provide cyber resilience in the case of an attack
- Policy research and recommendations for governments, as well as for organizations and commercial users
- Research and development for new security measures for software and hardware
- Microsoft’s Cyber Defense Operations Center is a 24/7 facility dedicated to combatting cyber threats
- Microsoft’s launch of the Coco Framework will allow organizations to use blockchains, a more secure form of transactions using cryptocurrency
Security Systems’ Response
Security systems developed by industry are utilized by countless networks and technologies. Their strengths and their vulnerabilities are reflected in the platforms that use them. Software expert Ted Schlein explains that “There are two types of companies: those that know they’ve been breached, and those that haven’t figured it out yet.” As such, software systems like Rapid 7, Bromium, and IBM’s Qradar work to detect and contain breaches early on and can quickly respond to those breaches. On the opposite end, there are systems that are vulnerable to attacks, among them Google Chrome, Adobe Flash, and even Apple TV. Their software systems contain flaws that are easily exploited by malware and 99% of all the world’s computers are vulnerable due to these applications. In response, these software companies have increased their cyber security systems, but as mentioned before, there is no way to remain 100% safe.
Defense and Industry Cooperation
Due to the complex nature of cyberattacks and their high-risk consequences, cooperating on all fronts is a crucial strategy. By developing engagement practices between defense and industry, cyber space can become more secure and resilient. Some programs already exist to bring together professionals from both sides.
NATO Industry Cyber Partnership (NICP)
Launched in 2014, the NICP seeks to bridge NATO allies with industry organizations to advance cyber security through continued collaboration. The NICP focuses on the following, to name a few
- Trainings, exercises, and education for both NATO and Industry
- Industry inclusion in NATO Smart Defence projects
- Information sharing and best practices for preparedness and recovery
- Develop capabilities for cyber defence
- Efficiency and support in response to cyber incidents
These objectives enhance both sides’ ability to fight cybercrime and attacks. Its efforts allow for continued progression in the cyber security fight.
NIAS Cyber Security Symposium
This annual event brings together NATO officials, industry professionals, academics, and more to discuss critical developments and challenges in cyber security. Through these workshops and dialogues, security and industry specialists can gain more understanding of the future of cyber security, as well as how the benefits of cooperation reinforce cyber space fortifications.
As wars move from conventional methods, from land, sea, and air, to more “hybrid” methods, such as cyber, preparing the world for these new challenges is essential. The cyber security landscape is at a crossroads and predicting the threats to come is difficult. Through cooperation across government, defense, and industry, building resilience and establishing adaptable capabilities can prepare nations and their citizens for the increasingly multifaceted battles fought throughout the cyberworld. NATO, the EU and Microsoft remain on the front line of these battles, and their commitment to securing cyber space offers unprecedented protections.