A Brief History Of Cyber-Deterrence

Uploaded on 2018-07-04 in NEWS-Cybersecurity News, GOVERNMENT-Defence, FREE TO VIEW

Since 2014 the pace of cyberwar between nation states, attack, counterattack and reprisal has been speeding up. The US government and others have made various attempts to stop hacking attacks by countries including Russia, China, North Korea, and Iran, with mixed results.

 Here is a timeline of the principal events.  

May 2014
A grand jury indicted five Chinese military hackers for computer hacking, economic espionage, and other offences directed at companies in the US nuclear power, metals, and solar energy industries. This was the first time charges were levelled at state-sponsored hackers for economic espionage. 

"For too long, the Chinese government has blatantly sought to use cyber espionage to obtain economic advantage for its state-owned industries," said then-FBI Director James Comey.

December 2014
Internet service in North Korea is disrupted shortly after President Obama said the US would respond to North Korea's attack on Sony Pictures "in a place and time and manner that we choose.

" If this was a US attack, it would be the first publicly known retaliation by the US against a cyberattack.

January 2015
US government imposes sanctions on North Korea following its "destructive, coercive cyber-related actions during November and December 2014." This is the first time sanctions are used to respond to a cyberattack.

April 2015
President Obama declares a national emergency to deal with cyberattacks, saying:

"The increasing prevalence and severity of malicious cyber-enabled activities originating from, or directed by persons located, in whole or in substantial part, outside the United States constitute an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States." 

The executive order authorises a set of new sanctions against individuals or groups whose cyberattacks result in significant threats to the US, and gives authorities the power to freeze assets or apply sanctions against companies that knowingly use stolen trade secrets.

September 2015
Agreement on commercial cyber-espionage. President Obama and China's President Xi Jinping agree that "neither country's government will conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors."

March 2016
Charges are announced against seven Iranians for conducting a coordinated campaign of DDoS attacks against 46 companies, mostly in the US financial sector, from late 2011 through mid-2013. One man was also charged with gaining unauthorized access into the Supervisory Control and Data Acquisition (SCADA) systems of the Bowman Dam, in Rye, NY, in August and September of 2013.

December 2016
US places sanctions on Russia over election meddling.

"Russia's cyber activities were intended to influence the election, erode faith in US democratic institutions, sow doubt about the integrity of our electoral process, and undermine confidence in the institutions of the US government. These actions are unacceptable and will not be tolerated," the White House said. The April 2015 executive order is extended to authorise sanctions against those who: 

"Tamper with, alter, or cause a miss-appropriation of information with the purpose or effect of interfering with or undermining election processes or institutions."

February 2017
The Department of Defense's Defense Science Board Task Force on Cyber Deterrence warns: "It is clear that a more proactive and systematic approach to U.S. cyber-deterrence is urgently needed."

March 2017
The national emergency is extended. "The President believes that the significant cyber-enabled activities continue to pose an unusual and extraordinary threat to our national security and economic prosperity, and therefore he has determined that it was necessary to continue this national emergency," said then-White House press secretary Sean Spicer.

November 2017
Three Chinese nationals are indicted for computer hacking, theft of trade secrets, conspiracy, and identity theft directed at US and foreign employees and computers of three corporate victims in the financial, engineering, and technology industries between 2011 and May 2017.

December 2017
The US National Security Strategy says the country will "impose swift and costly consequences on foreign governments, criminals, and other actors who undertake significant malicious cyber activities." It adds: "We will also invest in capabilities that improve the ability of the United States to attribute cyber-attacks."

February 2018
The US and the UK blame Russia for NotPetya ransomware, saying: "It was part of the Kremlin's ongoing effort to destabilize Ukraine and demonstrates ever more clearly Russia's involvement in the ongoing conflict. This was also a reckless and indiscriminate cyber-attack that will be met with international consequences."

March 2018
More US sanctions on Russia following election meddling and NotPetya. "The Administration is confronting and countering malign Russian cyber activity, including their attempted interference in US elections, destructive cyberattacks, and intrusions targeting critical infrastructure," said Treasury Secretary Steven Mnuchin.

March 2018 
The US Department of Justice charges nine Iranians with conducting a massive cyber theft campaign, stealing more that 31 terabytes of documents and data from more than 140 American universities and 30 American companies.

March 2018
Cyber state of emergency extended again. "Significant malicious cyber-enabled activities originating from or directed by persons located, in whole or in substantial part, outside the United States continue to pose an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States," says President Trump.

April 2018
The US, the UK, and more accuse Russia of hacking into networks. "We have high confidence that Russia has carried out a coordinated campaign to gain access to enterprise, small office, home office routers known as SOHO routers and residential routers, and the switches and connectors worldwide," said Rob Joyce, White House cybersecurity coordinator.

May 2018
The US State Department publishes a document on cyber-deterrence that warns "Strategies for deterring malicious cyber activities require a fundamental rethinking."

June 2018
The US Treasury Department announces further sanctions against five Russian companies and three individuals, part of its attempt to tackle "Russia's malign and destabilising cyber activities." 

The Treasury said the sanctions targeted Russia's cyber and underwater capabilities, and said "Russia has been active in tracking undersea communication cables, which carry the bulk of the world's telecommunications data."

TechRepublic

You Might Also Read: 

What War Games Tell Us About The Use Of Cyber Weapons:

Increase In State-Sponsored Cyber Attacks:
 

« Cryptocurrency Cybercrime Surging In The UK
What Does Blockchain Mean To The EU? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Council of European Professional Informatics Societies (CEPIS)

Council of European Professional Informatics Societies (CEPIS)

CEPIS is the representative body of national informatics associations throughout Europe and represent over 450,000 ICT and informatics professionals in 32 countries.

Malomatia

Malomatia

Malomatia is a leading provider of technology services and solutions in Qatar including information security.

NetKnights

NetKnights

NetKnights is an independent IT security company which offers services and products for strong authentication, identity management and encryption.

SevenShift

SevenShift

SevenShift is a security consulting firm with a wealth of experience in the worlds of Cybersecurity and Internet of Things (IoT).

Cyber Risk Aware

Cyber Risk Aware

Cyber Risk Aware provide a security awareness and phishing simulation platform that focuses on real threats and educates and empowers employees to be the first line of defence.

Key Cyber Solutions

Key Cyber Solutions

Key Cyber is an IT consulting firm that specializes in agile software development services, program management and infrastructure services, cyber security and cloud and managed services.

JupiterOne

JupiterOne

JupiterOne is the security product that is changing how organizations manage and secure their software defined assets.

Theta432

Theta432

THETA432 is a cybersecurity firm that provides 24/7/365 managed prevention, detection, response, Hybrid SOC, cyber defense monitoring services with dynamically defined defense (3D™).

Appsian Security

Appsian Security

Appsian provides powerful solutions that help organizations take control of their business critical data and financial transactions.

Legit Security

Legit Security

Legit Security's mission is to secure every organization's software factory by protecting the pipelines, infrastructure, code and people for faster and more secure software releases.

Tozny

Tozny

Tozny offers products with security and privacy in mind that are built on the foundation of end-to-end encryption, and open-source verifiable software.

McKinsey & Company

McKinsey & Company

McKinsey & Company is a global management consulting firm. We are trusted advisor to the world's leading businesses, governments, and institutions.

BreakPoint Labs

BreakPoint Labs

BreakPoint Labs is dedicated to providing the methods and means for sustainable, measurable, and effective cybersecurity operations.

Proaxiom

Proaxiom

Proaxiom are focused on erasing cyber driven panic paralysis for Small and Medium Enterprises through brilliant cyber technologies which drive productivity and support growth.

Information Security Society of Africa – Nigeria (ISSAN)

Information Security Society of Africa – Nigeria (ISSAN)

The Information Security Society of Africa – Nigeria (ISSAN) is a not-for-profit organization dedicated to the protection of Nigeria’s cyberspace.

Silicon Valley Cybersecurity Institute (SVCSI)

Silicon Valley Cybersecurity Institute (SVCSI)

SVCSI aims to investigate, develop, and promote technical excellence and the best security practices for dependable and secure systems and applications.