Former NSA Expert ‘We are in the Cyber War’
The cyber war is here to stay and we are all enlisted. That's the view of Cedric Leighton, a former NSA cyber expert and US Air Force veteran with 26 years' experience in military intelligence, cyber security and conflict resolution.
Leighton, who directed cryptologic training operations at the US National Security Agency before forming his own consultancy, Cedric Leighton Associates, talked about cyber warfare, nation state snooping and the surveillance world in a post-Paris landscape.
"It's very important for all organisations, whether they be governmental, NGO-type or private sector enterprises, to realise one salient thing: we are really all at war," he said. "Whether you like it or not you have been enlisted in this effort to secure your networks and to secure your digital infrastructure."
This digital war will not be fought with guns and bombs but with keyboards and Internet connections. Yet, according to Leighton, many remain unprepared for the inevitable battle. "The cyber security initiatives that many companies undertake are really not sufficient to combat the threats that are out there and which multiply on a minute-by-minute basis," he said. "When you see the nature of the threat and who the threat actors actually are, and what we are doing as a response, there is certainly an imbalance."
"We are looking at a situation where security mechanisms cannot keep up with the threats that state actors produce as well as non-state actors and hacktivists like Anonymous. All of those come together in a very dangerous landscape."
Paris
The recent terrorist atrocities in Paris, which claimed the lives of over 120 people after a co-ordinated attack by Islamic State, will potentially change how intelligence and surveillance is used in the country. Major questions are now being asked about the effectiveness of the French Intelligence Bill, enacted in the wake of the Charlie Hebdo attacks on 7 January 2015, which is similar in content to the UK Investigatory Powers Bill and gives police and intelligence agencies greater surveillance powers.
So was the Paris attack a failure of mass surveillance? "I think there is some truth to that. I think it's also a failure to appreciate the power of big data in intelligence gathering," Leighton said. "What I think is a key ingredient here is that the institutions are not flexible enough to handle big data, to properly assimilate all the different data points that are out there.
"One of the big challenges in intelligence operations in general is that consumers of intelligence want a predictive capability. They want to know if that terrorist is going to commit that act on that particular day, at that time and at that location.
"The problem is that the terrorist doesn't even know what is going to happen. In many cases these things are targets of opportunity." Questions also need to be asked about how vital information was missed by the intelligence agencies.
"You have one terrorist who is allegedly a French citizen, grows up in Belgium, goes to Syria and then comes back and for some reason some of those points in his life story are missed. Now why should that be?" he asked.
"When you look at the French law that was passed in the wake of the Charlie Hebdo situation it seems the bureaucracy has not caught up with the procedures, including the sharing of threat information, that need to happen. It looks like it didn't happen in this case and that's what's damning about it." Despite stressing that mass surveillance is not always the answer, Leighton said that more targeted snooping based on predictive analytics could be the future.
"Law enforcement and intelligence need to remember that, yes, it is about collection, but more importantly it's about refined collection, targeted collection, so that you can go after those who truly need to be watched in order to prevent these kinds of activities," he said. "I don't like the idea that everything is collected all the time. I think that is a faulty paradigm because, first of all you are collecting way too much, and secondly most people are not going to do what happened in Paris."
The major threats
Islamic State and repressive regimes including those of North Korea and Saudi Arabia continue to focus on cyber attacks as a new form of warfare, but the situation quickly becomes more complicated when nation-state actors and hacktivists enter the picture.
Leighton said that it is becoming increasingly important to properly define ‘threat actor' as many continue to blame the worst snooping on the Five Eyes partnership between the US, the UK, Canada, Australia and New Zealand as a result of the ongoing Snowden revelations.
"If you say that anybody who has the capability to hack into a system or actually is hacking into a system is a threat, it changes the definition. Yes, it's the Five Eyes but it's also Russia, China, North Korea, Iran and Israel," he said. "If you look statistically where the threats are coming from it is absolutely true that most analysis will say the US is number one, followed by Western Europe and China. That is not necessarily an accurate reflection of where the true threat is coming from."
The true threat, Leighton warned, is now hidden by the use of proxy servers. "If you use a proxy server somewhere it's not really the point of origin of the attack," he said. "For example, in the Sony hack that North Korea reportedly engaged in, the servers that were used were not in North Korea. You cannot attribute an attack to the location of the server."
Indeed, 2015 has been a record year for breaches as high-profile companies and government departments continue to crack under the weight of cyber attack. TalkTalk, Ashley Madison, the US Office of Personnel Management (OPM), Target and Experian were all hit with major attacks in the past 12 months alone.
According to Leighton, the ramifications of the OPM hack in particular are still being felt in the US. "The fact they allowed data that was that sensitive and that personal to be unencrypted and easily accessible is unconscionable," he said. "In a cyber security environment you need to make sure defences are adaptive because the threat that was there just a few years ago is no longer the predominant threat. There are a lot of different threats out there, things like advanced persistent threats, for example."
China's 'power status' aspirations
China is continuously cited as one of the worst offenders when it comes to emerging cyber threats. The hackers employed by the government tend to focus on intellectual property theft and this, according to Leighton, is central to the country's economic success.
"When you look at the Chinese their main effort is economically based. They have 1.3 billion people and they have to keep that economy humming along," he said. "What they have chosen to do, which is kind of a neat idea from a balancing perspective, is to achieve a great deal of technical progress, and the way they have done it is from an intellectual property standpoint.
"In essence they go [into organisations] and steal. What you find is that there are repeated instances of them going in and saying ‘We need to get that intellectual property.' Then they will create a company that does similar or the same things."
Yet China appeared recently to be on a mission to win over the hearts of global governments, as diplomats travelled across the US, UK and Germany to discuss cyber crime and come up with cyber peace deals to curb the rise of such theft. However, Leighton believes that China had an ulterior, more selfish, motive for these deals.
"The reason the Chinese have done this, I think, is because they are beginning to develop their own R&D and the intellectual property that results from it. Once you do that you become part of the club of developed counties that have intellectual property worth saving," he explained.
"They realise that, if they become a knowledge economy like the US and UK, that puts them in the same playing field as more developed nations.
"The Chinese are very interestingly going about a divide and conquer strategy. What we have noticed in the US is that cyber espionage continues unabated from basically the same sources. They in essence have continued their practices."
Protecting data at all costs
Leighton predicts that cyber activities will become more sophisticated in 2016 and will have a greater focus on stealth. "You will see a greater volume of cyber threats and new advanced persistent threats that are harder to detect and reside on networks and remain dormant for much longer times and that are activated in a way that is very subtle and very hard to detect," he warned.
Leighton added that it is vital to protect sensitive data at all costs in the face of increasing breaches and global threats. "What needs to be protected is the data that makes an organisation unique, and failure to protect that, whether its customer data or intellectual property, is going to be a big differentiator," he said.
"If you fail to protect it, your organisation runs the risk of losing that data and potentially being eliminated."
Ein News: http://bit.ly/1Nng48E