Five Eyes Intelligence Chiefs Point The Finger

Uploaded on 2019-05-07 in INTELLIGENCE--International, FREE TO VIEW

Western countries are naming cyber-attacks by other countries. One of the ideas behind naming and shaming is to discourage cyber-attacks and to encourage potential victims into improve their cyber security strategy and tactics, according to 5Eyes Intel leaders.

Intelligence experts from the Five Eyes Intel group, which is the UK, the USA, Canada, Australia and New Zealand, spoke at CYBERUK 19, the National Cyber Security Centre's (NCSC) cybersecurity conference in Glasgow, in an unusual public discussion.

Recently the Five Eyes have accused some countries of cyber-attacks, such as North Korea and Russia of NotPetya. They group have also accused the Iranian and Chinese governments of hacking.

"There's a small set of nations who are not behaving within international norms," said Rob Joyce, senior cybersecurity advisor for the USA's National Security Agency. 

"If you look at the countries that have blatantly come out and attacked other countries in cyberspace, countries who are stealing wealth to avoid sanctions, literally bank-robbing in the cyber realm, it's a small group, you can name them on one hand," he said.

Joyce said Five Eyes members have "got to get comfortable as nations going out and saying these countries are behaving in a way that's unacceptable and turning up that pressure," adding, "we won't get international norms without being able to speak that truth".

"An important enabling component for making like-minded coalitions is bringing that intelligence forward, doing that attribution and having a specific entity that we have to rally around and deter," said Joyce.

"If we're not talking about the bad actors in this space, we're not going to be able to rally and bring the coalitions, and it's much wider than the Five Eyes."

Some question what real impact calling out attacks in this way can have, but Ciaran Martin, CEO of the NCSC, argued that it makes a difference.

"Do any of us do attribution for its own sake? No, we do it as a means to an end and that end being better cybersecurity and better national security," he said, arguing that it "sometimes" alters the behaviour of attackers, although he did not discuss how this happens. 

Martin told the Glasgow audience that attribution also plays a role in helping organisations protect against potential attacks.

"It matters because we're trying to tell people how to understand risk. So it does help to be able to say what are the Russians interested in, what sort of attacks do they do, what sort of organisations and assets do they tend to be interested in, the same as the Chinese? They're not the same," he said.

"That means you can frame your defence, because some people need to be worried about one country over another, some need to be worried about organised crime, some need to be aware about all of them"

Ultimately, Martin explained, attributing a threat to a particular nation state or malicious actor appears to provide additional incentives for organisations to act on information on how to protect against coming cyber-attacks.

"When we used to put out anonymised, non-attributable attacks, we'd say we'd seen something somewhere and this is how you can fix it, you can get a certain response. When you say this is Russia, you get a bigger response and that does matter," he said.

For all of the Five Eyes nations, attribution is a big deal and the intelligence agencies will only issue public accusations about cyberattacks if they're confident about their conclusions, it's why the official attribution of WannaCry to North Korea only came over six months after the global ransomware attack.

"We'll only attribute an attack to another country if it's within our own national interests to do so," said Jan Thornborough, unit manager of outreach and engagement at New Zealand's National Cyber Security Centre, making four attributions in 18 months.

"We took a lot of time to think about what it means for the country and we were very considerate in the approach," she added.
Australia takes the same approach, ensuring that all the pieces of the puzzle have been put together before public attribution is made.

"Attribution is not trivial: there are people who think they understand attribution and can pull something out and just say something. It's not that easy. We need time for an attribution, it's a very, very high bar for us," said Scott McLeod, first assistant director-general at Protect, Assure & Enable.

Scott Jones, head of the Canadian Centre for Cyber Security, agreed with the idea that attribution must be solid before action is taken. "The bar is very high. We set the bar high for ourselves because we have to have extremely high confidence," he said.

Canada's approach to attribution is the same as that of the US, engaging in order to warn about the actions of nations who are engaging in aggressive behaviour in cyberspace. "The key thing is to say no, this is too far: this is going into a space where this is unacceptable," Jones said.

ZDNet:

You Might Also Read: 

Five Eyes Spies Turn To Commercial Innovation:

 
 
 
« AI Will Shape The Future 6G Network
Cybercrime Cost US Business $2.7B In 2018 »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Cryptus Cyber Security

Cryptus Cyber Security

Cryptus Cyber Security is an Information Security Training company providing advanced training and services to IT Professionals.

National Cybersecurity and Communications Integration Center (NCCIC) - USA

National Cybersecurity and Communications Integration Center (NCCIC) - USA

NCCIC is a cyber situational awareness, incident response, and management center for the US Government, intelligence community, and law enforcement.

Cyberra Legal Services (CLS)

Cyberra Legal Services (CLS)

Cyberra Legal Services provides cyber law advisory, cyber crime consultancy, cyber law compliance audit, cyber security, cyber forensics and cyber training services.

Eseye

Eseye

Eseye is a global specialist supplier of cellular internet connectivity for intelligent IoT (Internet of Things) devices.

Egyptian Supreme Cybersecurity Council (ESCC)

Egyptian Supreme Cybersecurity Council (ESCC)

ESCC is responsible for developing a national strategy to face and respond to the cyber threats and attacks and to oversee its implementation and update.

URS Certification

URS Certification

United Registrar of Systems (URS Certification) is an independent certification body operating in more than 30 countries within the multinational URS Holdings.

Envieta

Envieta

Envieta is a leader in cryptographic solutions. From server to sensor, we design and implement powerful security into new or existing infrastructure.

BlueAlly

BlueAlly

BlueAlly helps clients scale, optimize, and manage their IT resources to reach their business goals.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Infuse Technology

Infuse Technology

Infuse Technology provide the highest level of cybersecurity support, implementing practical solutions to protect against cyber-attacks, from simple phishing scams to complex data security breaches.

V2X

V2X

V2X delivers IT support, networking, and cybersecurity solutions that ensure optimal mission support and performance.

Cyber & Data Protection

Cyber & Data Protection

Cyber & Data Protection Limited supports Charities, Educational Trusts and Private Schools, Hospitality and Legal organisations by keeping their data secure and usable.

Xcelerate Solutions

Xcelerate Solutions

Xcelerate Solutions is a leading defense and national security company, providing integrated solutions in three service areas – Enterprise Security, Digital Transformation, and Strategic Consulting.

Aura Information Security

Aura Information Security

Aura Information Security consists of a team of highly-skilled and renowned information security professionals spanning Australia and New Zealand.

Superna

Superna

Superna is the global leader in data security and cyberstorage solutions for unstructured data, both on-prem and in the hybrid multi-cloud.

Styx Intelligence

Styx Intelligence

Styx Intelligence’s platform provides visibility and supports remediation against threats targeting your digital assets.