Spies In Cyberspace

Uploaded on 2021-01-15 in INTELLIGENCE--International, GOVERNMENT-National, FREE TO VIEW

The United States government is one amongst many that needs to radically improve their cyber security strategies following the the news  about the massive Russian cyber attack against the US affecting federal agencies and numerous private companies which came to light in December 2020. The impact of this disastrous and still unfolding attack using weaponised SolarWinds software is not yet fully understood

In international relations terms it wasn’t a cyber attack, it was espionage and the victim wasn’t just the US, it was the entire world order. 

Microsoft has said the UK and six other countries outside the US have been affected by a suspected Russian hacking attack that US authorities have warned poses a grave risk to government and private networks. As has been recently revealed SolarWinds hack was similar to a scene from a horror movie: Victims frantically barricaded the doors, only to discover that the enemy had been hiding inside the house the whole time. 

US Secretary of State Mike Pompeo has accused Russia for this cyber attack. "This was a very significant effort, and I think it’s the case that now we can say pretty clearly that it was the Russians that engaged in this activity," he said. For months, intruders have been roaming wild inside the nation’s government networks, nearly all of the Fortune 500, and thousands of other companies and organisations. The breach, believed to be the work of an elite Russian spy agency, penetrated the Pentagon, nuclear labs, the State Department, the Department of Homeland Security (DHS) and other offices that used network-monitoring software made by Texas-based SolarWinds. 

America’s intelligence agencies and cyber warriors never detected a problem. Instead, the breach was caught by the cyber security firm FireEye, which itself was a victim.

The full extent of the damage won’t be known for months, perhaps years. What’s clear is that it’s massive, “a grave risk to the federal government … as well as critical infrastructure entities and other private sector organisations,” declared DHS’s Cybersecurity and Infrastructure Security Agency, an organisation not known for hyperbole.

The immediate question is how to respond. President-elect Joe Biden has said to “disrupt and deter our adversaries from undertaking significant cyber-attacks in the first place” by “imposing substantial costs.” 

Deterrence

To assume that punishing Russia now will stop Russia later would be a mistake and cyber deterrence is likely to fail. The only thing universal about deterrence is a misguided faith in its applicability. Experience suggests that, deterrence works in very limited circumstances:

  • When the culprit can be identified quickly.
  • When the behavior has crossed clear red lines defining unacceptable behavior.
  • When the punishment for crossing them is credible and known in advance to would-be attackers.

These conditions are rare in cyberspace.

Like Russia, China and other nations, the United States engages in cyber espionage on a massive scale all the time. In 2015, after China hacked the Office of Personnel Management and stole 22 million highly classified security-clearance records, James Clapper, then the director of national intelligence, declared, “You have to kind of salute the Chinese for what they did. If we had the opportunity to do that, I don’t think we’d hesitate for a minute.”

US officials face intense domestic political pressures to talk tough now and figure out the details later, but empty threats can undermine credibility with future adversaries. 

A more effective approach for the incoming Biden administration is to get back to basics and focus on preventing cyber intrusions and bouncing back more easily from the ones that inevitably get through. Although cyber security efforts have greatly improved but they are still underpowered and fragmented.  The Cybersecurity and Infrastructure Security Agency (CISA) has enhanced the coordination of public-and private-sector cyber security, but this agency is only two years old and has just over two thousand employees to help secure vital American networks.

The Trump administration fired the head of CISA after first eliminating  the White House subdirector’s office, a move so ill-advised that a bipartisan commission and a recent bipartisan vote of Congress called for re-establishing it.

Better cyber security is urgently required and this includes prioritising counter intelligence efforts to penetrate adversary nations’ intelligence services and their cyber operations.Success requires not just technology but talent. The SolarWinds malware didn’t just make itself. Humans created it. And wherever there are humans, human intelligence can make a difference.

During the Cold War  spying was a constant activity and everyone knew they were playing what decision theorists call a “repeated game”: If one side violated Moscow rules this time, the other could reciprocate in the future, and the whole thing could unravel. In today’s world, Russians and Americans don’t share a strong interest in managing all their potential cyber conflicts. But one area stands out: computer systems related to nuclear weapons. Hacks that penetrate any such systems could change how they operate, making nuclear accidents more likely. And even if hacks didn’t change anything, the other side could never be sure. 

During the Cold War the offense had distinct advantages over the defense. Each side came to recognise that the other had an ability to annihilate its adversary no matter the defender’s efforts. But unlike in the nuclear arena, cyber vulnerabilities change over time, software flaws pop in and out of existence as they are created, discovered, exploited, and patched. Malware often must be custom-made to take advantage of specific flaws, and its effectiveness ends when the flaws and exploits are detected. 

Unlike a nuclear-tipped missile that retains its capabilities for decades, whose presence and potential are clear to all concerned, cyber weapons are ephemeral and easily camouflaged phenomena. They require an unending process of finding and exploiting ever more vulnerabilities on the other side, in the expectation that each exploit will eventually be discovered and neutralised. 

Neither side in the competition can ever be confident that its offensive capabilities have produced a stable state of mutual cyber deterrence. Cyber conflict is here to stay and policy makers need to be very clear about what steps will actually make us safer. 

Foreign Affairs:       DefenseOne:    The Atlantic:        Guardian:   The Hill:    National Interest:   

You Might Also Read:

Solving Mr. Biden’s Wicked Cyber Problem:

 

« The Coronavirus Is Increasing Investments In AI
New Zealand Central Bank Cyber Attack »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Lastline

Lastline

Lastline is the leader in advanced malware protection.

Puppet

Puppet

Puppet is a leader in IT automation. Our software helps DevOps securely automate configuration and management of machines and the software running on them.

Secure Recruiting International (SRI)

Secure Recruiting International (SRI)

SRI is an industry leader in Information Security , Networking, Wireless and Storage recruitment.

Steptoe & Johnson

Steptoe & Johnson

Steptoe is an international law firm with offices in the USA, Europe and China. Practice areas include Cybersecurity, Privacy & National Security.

Insta Group

Insta Group

Insta are a trusted cyber security partner for security-critical companies and organizations.

CTR Secure Services

CTR Secure Services

CTR Secure Services provides a broad range of security consulting services from asset protection to cyber security.

Norwegian Center for Information Security (NorSIS)

Norwegian Center for Information Security (NorSIS)

NorSIS) is an independent organization that works to increase knowledge and understanding of information security for businesses and individuals.

CyberArrow

CyberArrow

CyberArrow (formerly EBDAA) is a consultancy company providing high quality consultancy services in Risk & Compliance and Awareness & Education.

Meiya Pico Information Co

Meiya Pico Information Co

Meiya Pico is the leading digital forensics and information security products and service provider in China.

Spanish Network of Excellence on Cybersecurity Research (RENIC)

Spanish Network of Excellence on Cybersecurity Research (RENIC)

RENIC is a membership based sectoral association that includes research centers and other agents of the research cybersecurity ecosystem in Spain.

Dell Technologies

Dell Technologies

Dell Technologies Consulting Services enables a highly resilient business amidst the proliferation of cloud-based IT services and constant threats to your most critical information.

Vietnamese Security Network (VSEC)

Vietnamese Security Network (VSEC)

Vietnamese Security Network (VSEC) is an information security company providing website vulnerability scanning and monitoring services.

Bechtle

Bechtle

Bechtle is one of Europe’s leading IT service providers offering a blend of direct IT product sales and extensive systems integration services.

Precursor Security

Precursor Security

Precursor Security are information security specialist, delivering all aspects of Security testing, Cyber Risk Management, and Continuous Security Testing.

Policy Monitor

Policy Monitor

Policy Monitor is a cyber security company founded by experts with extensive experience in operational and risk management.

Fireblocks

Fireblocks

Fireblocks is a digital asset security platform that helps financial institutions protect digital assets from theft or hackers.