Cyber Warfare Takes A New Turn

Uploaded on 2017-07-25 in NEWS-Cybersecurity News, GOVERNMENT-Defence, FREE TO VIEW

The recent ransomware events have created headaches and headlines, but also masked a greater cyber-issue: chaos and disruption on the Internet as the new normal. Earlier this week, in fact, the Alliance for Securing Democracy, a new effort headed by former US national security officials, formed as a separate, nongovernmental program to investigate Russian cyber-meddling.

Previous cyber-incidents focused on information acquisition, network infiltration or precision strikes to sabotage the opposition. What are we seeing now are disruptive cyber-actions, with the apparent goals of signaling capability, disrupting normal systems and demonstrating the instability of Western democratic models.

Ransom is not the issue

A number of analysts described the Petya/NotPetya incident of June and the WannaCry event in May as ransom attacks, aimed at gaining as much bitcoin as possible. But our analysis of cyber-coercion highlights how ransomware events such as the Petya are often strategically motivated and less about gaining funds than they are about sending a signal. The primary goal instead appears to be limited destruction through malware wiping systems.

These events can be classified as cyber-disruptions: the use of malware and website defacements between rivals as a form of coercive bargaining. Rival states use cyber-operations to signal one another. Cyber-operations are a 21st-century form of political warfare.

North Korea and Russia are the likely originators of these attacks. What’s the motivation, beyond simply the chaos factor? For Russia, the Petya attack could be a means of encouraging the perception of Ukraine as a failed state, a view that aligns with Russian interests.

Cyber-operations amplify larger psychological warfare efforts. North Korea’s goal, most likely, could be to cause general chaos in Western systems, as a means of signaling strength, and its capacity to escalate in any future crisis.

This is a new era of cyber-conflict

This wave of cyber-disruptions highlights an evolving strategic logic. Competitive interactions in the digital domain evolved from an early period of cyber-probing and testing (1980-2001) to a more stable recent period of cyber-restraint (2001-2016). With Russia’s brazen attempts to undermine American electoral infrastructure and amplify conspiratorial themes through US media outlets, we entered a new era.

The strategic logic of cyber has now shifted from restraint to one of disruption and constant harassment designed to signal capability and the threat of escalation. Russian hackers targeted US institutions, most likely hoping to gain leverage before entering complex negotiations around sanctions, Ukraine and Syria.

While we have yet to witness the extremes of cyberwar, the more subtle danger since 2016 is the way states like Russia and North Korea use cyber-strategies as a form of political warfare. These attacks create chaos, which challenges the prevailing international order and major institutions, from commerce to hospitals to elections, that represent the foundations of Western societies.

Why cyber-warfare works

States have learned that cyber-operations offer a 21st-century vehicle to conduct old-fashioned covert action and psychological warfare without significant fear of rebuke. Russian cyber-meddling over the past two years went largely unpunished in public. Instead, the United States relied on covert coercion to prevent escalation.

Cyber-strategies have now become indirect forms of coercion designed to weaken adversary resolve and create uncertainty, as well as undermine alliances or create political wedges. A growing number of states are using cyber-intrusions to wage psychological warfare and leak information with propaganda value.

In addition to propaganda, states use cyber-operations to influence elections and conduct disruption operations. Russian interference in the elections of Western states has become so common it is now expected. But instead of just disrupting elections, Russia now seems to be leveraging cyberespionage and propaganda to generate larger crises.

Rival states are using cyberspace to wage political warfare campaigns. Here are recent examples:

1) A new group called Global Leaks, an offshoot of the Russian military-attributed group DC Leaks, released the emails of the United Arab Emirates ambassador to the United States in June, causing tensions among Persian Gulf allies by suggesting an alignment between UAE and Israel.

2) In May, Vietnam covertly released transcripts of Donald Trump’s discussions with Philippines President Rodrigo Duterte to disrupt the relationship. Closer ties among China, the Philippines and the United States are problematic for other members of the Association of Southeast Asian Countries hoping to operate by consensus and ward off encroachments by China. Cyber-operations thus became a useful tool to disrupt that developing relationship.

3) In the Middle East, cyber-operations undermine alliances and isolate actors. In June, a Russian hack on Qatar’s state news agency and fake information incorrectly attributing positive statements about Hamas and Iran to the Emir of Qatar may have provoked the first online international crisis. The moves re-sparked a long-standing dispute in the Middle East.

The embargo and ejection of Qatar from the Gulf Cooperation Council (GCC) demonstrates how cyber-operations can have heavy diplomatic ramifications. Russia manipulated the entire Gulf region to turn its back on Qatar by planting stories to be picked up by Saudi news agencies. This led to a cascading diplomatic crisis. Saudi Arabia severed relations with Qatar. Bahrain, Egypt, Jordan and the UAE quickly followed suit.

All of these examples suggest a different character of cyber-conflict, and any new efforts to monitor and curtail these efforts will face no shortage of challenges. To date, cyber-exchanges operated largely under relatively stable international norms, as suggested by Joseph Nye. Yes, China stole intellectual property and rivals probed each other’s networks, but these events didn’t create dangerous crises or seek to undermine faith in Western institutions.

Russia now appears to be using Ukraine as more than a testing ground for cyberwar, it is demonstrating its ability to disrupt faith in public institutions. While the resulting crises after a cyber-event risk inadvertent escalation, the real danger is the erosion of cyber norms. With each new cyber-disruption, the shock decreases, and we grow to expect disorder.

The resulting uncertainty and chaos undermines our trust in the open Internet architecture and risks upsetting stability inherent in cyber-exchanges to date.

Ein News

You Might Also Read: 

Cyberwar: A New Front For US Military:

NATO Could Go To War In Response To A Cyber Attack:

 

« The Impact Of AI On Employment Demands New Thinking
Dark Web Marketplaces Shut Down »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

AlgoSec

AlgoSec

The AlgoSec platform enables the world’s most complex organizations to gain visibility, reduce risk and process changes at zero-touch across the hybrid network.

Mako Group

Mako Group

The Mako Group specializes in protection - providing security through auditing, testing, and assessments. And, we do it all with the highest quality standards possible.

ZyberSafe

ZyberSafe

ZyberSafe is an innovative Danish company specialized within building hardware encryption solutions.

BitSight Technologies

BitSight Technologies

BitSight transforms how companies manage information security risk with objective, verifiable and actionable Security Ratings.

Israel Aerospace Industries (IAI)

Israel Aerospace Industries (IAI)

IAI offers a holistic approach that provides defense forces, governments, critical infrastructures and large enterprises with end-to-end cyber security & monitoring tools.

Telecommunications Industry Association (TIA)

Telecommunications Industry Association (TIA)

TIA works to secure trust in networks by advocating public policy positions on the security of ICT equipment and services related to critical infrastructure, supply chain and information sharing.

Spherical Defense

Spherical Defense

Spherical Defense offers an alternative approach to WAFs and first generation API security tools.

Momentum Cyber

Momentum Cyber

Momentum Cyber provides world-class M&A and strategic advice combined with unparalleled senior-level access to the Cybersecurity ecosystem.

ITRecycla

ITRecycla

ITRecycla are specialists in the protection of sensitive computer data by data destruction, re-marketing of reusable computer equipment, computer recycling and disposing of electronic e-waste.

Aries Security

Aries Security

Aries Security provides a premiere cyber training range and skills assessment suite and develops content for all levels of ability.

Camel Secure

Camel Secure

Camel Secure is a company specialized in the development of products for information security and technology risk management.

Cybrella

Cybrella

Cybrella offers professional cybersecurity services for small to medium sized businesses and to larger enterprises looking to expand their cybersecurity capabilities.

Aleo

Aleo

Aleo is building the world's leading developer platform for enabling absolute privacy on blockchains.

Gleam Cloud Security Solutions (GCSS)

Gleam Cloud Security Solutions (GCSS)

GCSS Security is an information security firm providing cyber security protection with a highly skilled and experienced team focused on technology that creates best-in-class customer experiences.

KTrust

KTrust

KTrust provides Continuous Threat Exposure Management for Kubernetes environments.

Hunt & Hackett

Hunt & Hackett

Hunt & Hackett helps European companies prevent, detect and respond to today’s most advanced adversaries, safeguarding them against cyberthreats and espionage.