Former NSA Expert ‘We are in the Cyber War’

Uploaded on 2015-12-01 in NEWS-Cybersecurity News, INTELLIGENCE--International, FREE TO VIEW

The cyber war is here to stay and we are all enlisted. That's the view of Cedric Leighton, a former NSA cyber expert and US Air Force veteran with 26 years' experience in military intelligence, cyber security and conflict resolution.

Leighton, who directed cryptologic training operations at the US National Security Agency before forming his own consultancy, Cedric Leighton Associates, talked about cyber warfare, nation state snooping and the surveillance world in a post-Paris landscape.

"It's very important for all organisations, whether they be governmental, NGO-type or private sector enterprises, to realise one salient thing: we are really all at war," he said. "Whether you like it or not you have been enlisted in this effort to secure your networks and to secure your digital infrastructure."

This digital war will not be fought with guns and bombs but with keyboards and Internet connections. Yet, according to Leighton, many remain unprepared for the inevitable battle. "The cyber security initiatives that many companies undertake are really not sufficient to combat the threats that are out there and which multiply on a minute-by-minute basis," he said. "When you see the nature of the threat and who the threat actors actually are, and what we are doing as a response, there is certainly an imbalance."

"We are looking at a situation where security mechanisms cannot keep up with the threats that state actors produce as well as non-state actors and hacktivists like Anonymous. All of those come together in a very dangerous landscape."

Paris

The recent terrorist atrocities in Paris, which claimed the lives of over 120 people after a co-ordinated attack by Islamic State, will potentially change how intelligence and surveillance is used in the country. Major questions are now being asked about the effectiveness of the French Intelligence Bill, enacted in the wake of the Charlie Hebdo attacks on 7 January 2015, which is similar in content to the UK Investigatory Powers Bill and gives police and intelligence agencies greater surveillance powers.

So was the Paris attack a failure of mass surveillance? "I think there is some truth to that. I think it's also a failure to appreciate the power of big data in intelligence gathering," Leighton said. "What I think is a key ingredient here is that the institutions are not flexible enough to handle big data, to properly assimilate all the different data points that are out there.

"One of the big challenges in intelligence operations in general is that consumers of intelligence want a predictive capability. They want to know if that terrorist is going to commit that act on that particular day, at that time and at that location.

"The problem is that the terrorist doesn't even know what is going to happen. In many cases these things are targets of opportunity." Questions also need to be asked about how vital information was missed by the intelligence agencies.

"You have one terrorist who is allegedly a French citizen, grows up in Belgium, goes to Syria and then comes back and for some reason some of those points in his life story are missed. Now why should that be?" he asked.

"When you look at the French law that was passed in the wake of the Charlie Hebdo situation it seems the bureaucracy has not caught up with the procedures, including the sharing of threat information, that need to happen. It looks like it didn't happen in this case and that's what's damning about it." Despite stressing that mass surveillance is not always the answer, Leighton said that more targeted snooping based on predictive analytics could be the future.

"Law enforcement and intelligence need to remember that, yes, it is about collection, but more importantly it's about refined collection, targeted collection, so that you can go after those who truly need to be watched in order to prevent these kinds of activities," he said. "I don't like the idea that everything is collected all the time. I think that is a faulty paradigm because, first of all you are collecting way too much, and secondly most people are not going to do what happened in Paris."
 
The major threats 

Islamic State and repressive regimes including those of North Korea and Saudi Arabia continue to focus on cyber attacks as a new form of warfare, but the situation quickly becomes more complicated when nation-state actors and hacktivists enter the picture.

Leighton said that it is becoming increasingly important to properly define ‘threat actor' as many continue to blame the worst snooping on the Five Eyes partnership between the US, the UK, Canada, Australia and New Zealand as a result of the ongoing Snowden revelations.

"If you say that anybody who has the capability to hack into a system or actually is hacking into a system is a threat, it changes the definition. Yes, it's the Five Eyes but it's also Russia, China, North Korea, Iran and Israel," he said. "If you look statistically where the threats are coming from it is absolutely true that most analysis will say the US is number one, followed by Western Europe and China. That is not necessarily an accurate reflection of where the true threat is coming from."

The true threat, Leighton warned, is now hidden by the use of proxy servers. "If you use a proxy server somewhere it's not really the point of origin of the attack," he said. "For example, in the Sony hack that North Korea reportedly engaged in, the servers that were used were not in North Korea. You cannot attribute an attack to the location of the server."

Indeed, 2015 has been a record year for breaches as high-profile companies and government departments continue to crack under the weight of cyber attack. TalkTalk, Ashley Madison, the US Office of Personnel Management (OPM), Target and Experian were all hit with major attacks in the past 12 months alone.

According to Leighton, the ramifications of the OPM hack in particular are still being felt in the US. "The fact they allowed data that was that sensitive and that personal to be unencrypted and easily accessible is unconscionable," he said. "In a cyber security environment you need to make sure defences are adaptive because the threat that was there just a few years ago is no longer the predominant threat. There are a lot of different threats out there, things like advanced persistent threats, for example."

China's 'power status' aspirations

China is continuously cited as one of the worst offenders when it comes to emerging cyber threats. The hackers employed by the government tend to focus on intellectual property theft and this, according to Leighton, is central to the country's economic success.

"When you look at the Chinese their main effort is economically based. They have 1.3 billion people and they have to keep that economy humming along," he said. "What they have chosen to do, which is kind of a neat idea from a balancing perspective, is to achieve a great deal of technical progress, and the way they have done it is from an intellectual property standpoint.

"In essence they go [into organisations] and steal. What you find is that there are repeated instances of them going in and saying ‘We need to get that intellectual property.' Then they will create a company that does similar or the same things."

Yet China appeared recently to be on a mission to win over the hearts of global governments, as diplomats travelled across the US, UK and Germany to discuss cyber crime and come up with cyber peace deals to curb the rise of such theft. However, Leighton believes that China had an ulterior, more selfish, motive for these deals.

"The reason the Chinese have done this, I think, is because they are beginning to develop their own R&D and the intellectual property that results from it. Once you do that you become part of the club of developed counties that have intellectual property worth saving," he explained.

"They realise that, if they become a knowledge economy like the US and UK, that puts them in the same playing field as more developed nations.

"The Chinese are very interestingly going about a divide and conquer strategy. What we have noticed in the US is that cyber espionage continues unabated from basically the same sources. They in essence have continued their practices."

Protecting data at all costs

Leighton predicts that cyber activities will become more sophisticated in 2016 and will have a greater focus on stealth. "You will see a greater volume of cyber threats and new advanced persistent threats that are harder to detect and reside on networks and remain dormant for much longer times and that are activated in a way that is very subtle and very hard to detect," he warned.

Leighton added that it is vital to protect sensitive data at all costs in the face of increasing breaches and global threats. "What needs to be protected is the data that makes an organisation unique, and failure to protect that, whether its customer data or intellectual property, is going to be a big differentiator," he said.

"If you fail to protect it, your organisation runs the risk of losing that data and potentially being eliminated."
Ein News: http://bit.ly/1Nng48E

 

« Presidential Candidate John McAfee Talks Cyber
The Road to Measuring and Interpreting Big Data »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Cambray Solutions

Cambray Solutions

Cambray Solutions specializes in locating and securing technical professionals, managers, and executives.

Axial

Axial

Axial Systems is one of the UK’s leading solution providers and systems integrators in network, security and services.

CipherPoint Software

CipherPoint Software

CipherPoint Software provides data-centric auditing and protection solutions for securing unstructured information

European Business Reliance Centre (EBRC)

European Business Reliance Centre (EBRC)

EBRC is a leader in integrated Data Center, Cloud and Managed Services and a Centre of Excellence in Europe in the Management of Sensitive Information.

National Cyber Summit (NCS)

National Cyber Summit (NCS)

The National Cyber Summit is the preeminent event for cyber training, education and workforce development aimed at protecting our nation's infrastructure from the ever-evolving cyber threat.

DataArt

DataArt

DataArt is a global technology consultancy that designs, develops and supports unique software solutions. Areas of activity include software security testing.

Secure Blockchain Technologies (SBT)

Secure Blockchain Technologies (SBT)

SBT is a team of Enterprise IT Security Professionals weaving security and Blockchain Technology into our customer’s operational fabric.

Connectria

Connectria

Connectria provides cloud hosting, remote monitoring, and compliant cloud security solutions and services to enterprises, medium and small businesses.

OurCrowd

OurCrowd

OurCrowd is a leading equity crowdfunding platform for investing in global startups.

ThreatReady Resources

ThreatReady Resources

ThreatReady reduces an organization’s risk by delivering cyber security awareness training based on the latest, state-of-the-art learning science to effectively drive long-term cyber-safe behavior.

TrueFort

TrueFort

TrueFort take an application-first approach that offers comprehensive protection for real-time visibility and analysis, protection and better communication across business, IT, and security teams.

Futurae Technologies

Futurae Technologies

Futurae - enabling trust and invisible security for your users on all devices and applications. Strong customer authentication (SCA) made easy.

PKI Solutions

PKI Solutions

PKI Solutions offers Public Key Infrastructure (PKI) products, services, and training to help ensure the security of organizations now and in the future.

Herzing College

Herzing College

Herzing College Ottawa offers an accelerated 12-month Cybersecurity Specialist training program. This program is developed by industry experts and based on leading IT security certifications.

Approov

Approov

Approov provides a comprehensive runtime security solution for mobile apps and their APIs, unified across iOS and Android.

Professional Labs

Professional Labs

Professional Labs specialize in simplifying complex problems for our customers with Cloud Services, Managed Services and Cyber Security.