Former NSA Expert ‘We are in the Cyber War’

Uploaded on 2015-12-01 in NEWS-Cybersecurity News, INTELLIGENCE--International, FREE TO VIEW

The cyber war is here to stay and we are all enlisted. That's the view of Cedric Leighton, a former NSA cyber expert and US Air Force veteran with 26 years' experience in military intelligence, cyber security and conflict resolution.

Leighton, who directed cryptologic training operations at the US National Security Agency before forming his own consultancy, Cedric Leighton Associates, talked about cyber warfare, nation state snooping and the surveillance world in a post-Paris landscape.

"It's very important for all organisations, whether they be governmental, NGO-type or private sector enterprises, to realise one salient thing: we are really all at war," he said. "Whether you like it or not you have been enlisted in this effort to secure your networks and to secure your digital infrastructure."

This digital war will not be fought with guns and bombs but with keyboards and Internet connections. Yet, according to Leighton, many remain unprepared for the inevitable battle. "The cyber security initiatives that many companies undertake are really not sufficient to combat the threats that are out there and which multiply on a minute-by-minute basis," he said. "When you see the nature of the threat and who the threat actors actually are, and what we are doing as a response, there is certainly an imbalance."

"We are looking at a situation where security mechanisms cannot keep up with the threats that state actors produce as well as non-state actors and hacktivists like Anonymous. All of those come together in a very dangerous landscape."

Paris

The recent terrorist atrocities in Paris, which claimed the lives of over 120 people after a co-ordinated attack by Islamic State, will potentially change how intelligence and surveillance is used in the country. Major questions are now being asked about the effectiveness of the French Intelligence Bill, enacted in the wake of the Charlie Hebdo attacks on 7 January 2015, which is similar in content to the UK Investigatory Powers Bill and gives police and intelligence agencies greater surveillance powers.

So was the Paris attack a failure of mass surveillance? "I think there is some truth to that. I think it's also a failure to appreciate the power of big data in intelligence gathering," Leighton said. "What I think is a key ingredient here is that the institutions are not flexible enough to handle big data, to properly assimilate all the different data points that are out there.

"One of the big challenges in intelligence operations in general is that consumers of intelligence want a predictive capability. They want to know if that terrorist is going to commit that act on that particular day, at that time and at that location.

"The problem is that the terrorist doesn't even know what is going to happen. In many cases these things are targets of opportunity." Questions also need to be asked about how vital information was missed by the intelligence agencies.

"You have one terrorist who is allegedly a French citizen, grows up in Belgium, goes to Syria and then comes back and for some reason some of those points in his life story are missed. Now why should that be?" he asked.

"When you look at the French law that was passed in the wake of the Charlie Hebdo situation it seems the bureaucracy has not caught up with the procedures, including the sharing of threat information, that need to happen. It looks like it didn't happen in this case and that's what's damning about it." Despite stressing that mass surveillance is not always the answer, Leighton said that more targeted snooping based on predictive analytics could be the future.

"Law enforcement and intelligence need to remember that, yes, it is about collection, but more importantly it's about refined collection, targeted collection, so that you can go after those who truly need to be watched in order to prevent these kinds of activities," he said. "I don't like the idea that everything is collected all the time. I think that is a faulty paradigm because, first of all you are collecting way too much, and secondly most people are not going to do what happened in Paris."
 
The major threats 

Islamic State and repressive regimes including those of North Korea and Saudi Arabia continue to focus on cyber attacks as a new form of warfare, but the situation quickly becomes more complicated when nation-state actors and hacktivists enter the picture.

Leighton said that it is becoming increasingly important to properly define ‘threat actor' as many continue to blame the worst snooping on the Five Eyes partnership between the US, the UK, Canada, Australia and New Zealand as a result of the ongoing Snowden revelations.

"If you say that anybody who has the capability to hack into a system or actually is hacking into a system is a threat, it changes the definition. Yes, it's the Five Eyes but it's also Russia, China, North Korea, Iran and Israel," he said. "If you look statistically where the threats are coming from it is absolutely true that most analysis will say the US is number one, followed by Western Europe and China. That is not necessarily an accurate reflection of where the true threat is coming from."

The true threat, Leighton warned, is now hidden by the use of proxy servers. "If you use a proxy server somewhere it's not really the point of origin of the attack," he said. "For example, in the Sony hack that North Korea reportedly engaged in, the servers that were used were not in North Korea. You cannot attribute an attack to the location of the server."

Indeed, 2015 has been a record year for breaches as high-profile companies and government departments continue to crack under the weight of cyber attack. TalkTalk, Ashley Madison, the US Office of Personnel Management (OPM), Target and Experian were all hit with major attacks in the past 12 months alone.

According to Leighton, the ramifications of the OPM hack in particular are still being felt in the US. "The fact they allowed data that was that sensitive and that personal to be unencrypted and easily accessible is unconscionable," he said. "In a cyber security environment you need to make sure defences are adaptive because the threat that was there just a few years ago is no longer the predominant threat. There are a lot of different threats out there, things like advanced persistent threats, for example."

China's 'power status' aspirations

China is continuously cited as one of the worst offenders when it comes to emerging cyber threats. The hackers employed by the government tend to focus on intellectual property theft and this, according to Leighton, is central to the country's economic success.

"When you look at the Chinese their main effort is economically based. They have 1.3 billion people and they have to keep that economy humming along," he said. "What they have chosen to do, which is kind of a neat idea from a balancing perspective, is to achieve a great deal of technical progress, and the way they have done it is from an intellectual property standpoint.

"In essence they go [into organisations] and steal. What you find is that there are repeated instances of them going in and saying ‘We need to get that intellectual property.' Then they will create a company that does similar or the same things."

Yet China appeared recently to be on a mission to win over the hearts of global governments, as diplomats travelled across the US, UK and Germany to discuss cyber crime and come up with cyber peace deals to curb the rise of such theft. However, Leighton believes that China had an ulterior, more selfish, motive for these deals.

"The reason the Chinese have done this, I think, is because they are beginning to develop their own R&D and the intellectual property that results from it. Once you do that you become part of the club of developed counties that have intellectual property worth saving," he explained.

"They realise that, if they become a knowledge economy like the US and UK, that puts them in the same playing field as more developed nations.

"The Chinese are very interestingly going about a divide and conquer strategy. What we have noticed in the US is that cyber espionage continues unabated from basically the same sources. They in essence have continued their practices."

Protecting data at all costs

Leighton predicts that cyber activities will become more sophisticated in 2016 and will have a greater focus on stealth. "You will see a greater volume of cyber threats and new advanced persistent threats that are harder to detect and reside on networks and remain dormant for much longer times and that are activated in a way that is very subtle and very hard to detect," he warned.

Leighton added that it is vital to protect sensitive data at all costs in the face of increasing breaches and global threats. "What needs to be protected is the data that makes an organisation unique, and failure to protect that, whether its customer data or intellectual property, is going to be a big differentiator," he said.

"If you fail to protect it, your organisation runs the risk of losing that data and potentially being eliminated."
Ein News: http://bit.ly/1Nng48E

 

« Presidential Candidate John McAfee Talks Cyber
The Road to Measuring and Interpreting Big Data »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Cifas

Cifas

Cifas are leaders in fraud prevention, working closely with UK law enforcement partners.

CyberWarrior

CyberWarrior

CyberWarrior deliver training and consulting for some of the world’s top brands and also partner with national systems integrators to augment their teams with our expertise.

Belden

Belden

Belden is a global leader in signal transmission and security solutions for mission-critical applications in enterprise and industrial markets. Belden brands include Hirschmann and Tofino Security.

Digital Law

Digital Law

Digital Law is the only UK law firm to specialise solely in online, data and cyber law.

spiderSilk

spiderSilk

spiderSilk is a Dubai-based cybersecurity firm, specializing in simulating the most advanced cyber offenses on your technology so you can build your best security defenses.

Uptycs

Uptycs

Uptycs combines the open source universal agent, osquery, with a scalable security analytics platform for fleet visibility, intrusion detection, vulnerability monitoring and compliance.

Unlimited Technology

Unlimited Technology

Unlimited Technology offers a wide range of talent and experience, from assessing your requirements to implementing technologically advanced security solutions to best fit your needs.

Bedrock Systems

Bedrock Systems

BedRock Systems is on a mission to deliver a trusted computing base from edge to cloud, where safety and security isn’t just a perception, it’s a formally proven reality.

KSOC Labs

KSOC Labs

KSOC is an event-driven SaaS platform built to automatically remediate Kubernetes security risks.

Devolutions

Devolutions

Devolutions make best-in-class Privileged Access Management, Password Management, and Remote Connection Management solutions available to ALL organizations — including SMBs.

Ridge Security

Ridge Security

Ridge Security enables enterprise and web application teams, ISVs, governments, education, DevOps, anyone responsible for ensuring software security to affordably and efficiently test their systems.

Paubox

Paubox

Paubox offers secure, HIPAA compliant email and marketing solutions to fit the needs of modern healthcare organizations of every size.

OX Security

OX Security

OX is a DevOps software supply chain security solution. Teams can verify the integrity and security of every artifact using a pipeline bill of materials (PBOM).

Technology Innovation Institute (TII)

Technology Innovation Institute (TII)

TII is a UAE-based research center that aims to lead global advances in AI, robotics, quantum computing, cryptography and secure communications and more.

OxCyber

OxCyber

OxCyber's mission is to ignite and encourage cybersecurity and technology growth in the Thames Valley through meetings, webinars, in person events, workshops and mentorship programs.

AI or Not

AI or Not

AI or Not - Leverage AI to combat misinformation and elevate the landscape of compliance solutions.