Spies In Cyberspace

Uploaded on 2021-01-15 in INTELLIGENCE--International, GOVERNMENT-National, FREE TO VIEW

The United States government is one amongst many that needs to radically improve their cyber security strategies following the the news  about the massive Russian cyber attack against the US affecting federal agencies and numerous private companies which came to light in December 2020. The impact of this disastrous and still unfolding attack using weaponised SolarWinds software is not yet fully understood

In international relations terms it wasn’t a cyber attack, it was espionage and the victim wasn’t just the US, it was the entire world order. 

Microsoft has said the UK and six other countries outside the US have been affected by a suspected Russian hacking attack that US authorities have warned poses a grave risk to government and private networks. As has been recently revealed SolarWinds hack was similar to a scene from a horror movie: Victims frantically barricaded the doors, only to discover that the enemy had been hiding inside the house the whole time. 

US Secretary of State Mike Pompeo has accused Russia for this cyber attack. "This was a very significant effort, and I think it’s the case that now we can say pretty clearly that it was the Russians that engaged in this activity," he said. For months, intruders have been roaming wild inside the nation’s government networks, nearly all of the Fortune 500, and thousands of other companies and organisations. The breach, believed to be the work of an elite Russian spy agency, penetrated the Pentagon, nuclear labs, the State Department, the Department of Homeland Security (DHS) and other offices that used network-monitoring software made by Texas-based SolarWinds. 

America’s intelligence agencies and cyber warriors never detected a problem. Instead, the breach was caught by the cyber security firm FireEye, which itself was a victim.

The full extent of the damage won’t be known for months, perhaps years. What’s clear is that it’s massive, “a grave risk to the federal government … as well as critical infrastructure entities and other private sector organisations,” declared DHS’s Cybersecurity and Infrastructure Security Agency, an organisation not known for hyperbole.

The immediate question is how to respond. President-elect Joe Biden has said to “disrupt and deter our adversaries from undertaking significant cyber-attacks in the first place” by “imposing substantial costs.” 

Deterrence

To assume that punishing Russia now will stop Russia later would be a mistake and cyber deterrence is likely to fail. The only thing universal about deterrence is a misguided faith in its applicability. Experience suggests that, deterrence works in very limited circumstances:

  • When the culprit can be identified quickly.
  • When the behavior has crossed clear red lines defining unacceptable behavior.
  • When the punishment for crossing them is credible and known in advance to would-be attackers.

These conditions are rare in cyberspace.

Like Russia, China and other nations, the United States engages in cyber espionage on a massive scale all the time. In 2015, after China hacked the Office of Personnel Management and stole 22 million highly classified security-clearance records, James Clapper, then the director of national intelligence, declared, “You have to kind of salute the Chinese for what they did. If we had the opportunity to do that, I don’t think we’d hesitate for a minute.”

US officials face intense domestic political pressures to talk tough now and figure out the details later, but empty threats can undermine credibility with future adversaries. 

A more effective approach for the incoming Biden administration is to get back to basics and focus on preventing cyber intrusions and bouncing back more easily from the ones that inevitably get through. Although cyber security efforts have greatly improved but they are still underpowered and fragmented.  The Cybersecurity and Infrastructure Security Agency (CISA) has enhanced the coordination of public-and private-sector cyber security, but this agency is only two years old and has just over two thousand employees to help secure vital American networks.

The Trump administration fired the head of CISA after first eliminating  the White House subdirector’s office, a move so ill-advised that a bipartisan commission and a recent bipartisan vote of Congress called for re-establishing it.

Better cyber security is urgently required and this includes prioritising counter intelligence efforts to penetrate adversary nations’ intelligence services and their cyber operations.Success requires not just technology but talent. The SolarWinds malware didn’t just make itself. Humans created it. And wherever there are humans, human intelligence can make a difference.

During the Cold War  spying was a constant activity and everyone knew they were playing what decision theorists call a “repeated game”: If one side violated Moscow rules this time, the other could reciprocate in the future, and the whole thing could unravel. In today’s world, Russians and Americans don’t share a strong interest in managing all their potential cyber conflicts. But one area stands out: computer systems related to nuclear weapons. Hacks that penetrate any such systems could change how they operate, making nuclear accidents more likely. And even if hacks didn’t change anything, the other side could never be sure. 

During the Cold War the offense had distinct advantages over the defense. Each side came to recognise that the other had an ability to annihilate its adversary no matter the defender’s efforts. But unlike in the nuclear arena, cyber vulnerabilities change over time, software flaws pop in and out of existence as they are created, discovered, exploited, and patched. Malware often must be custom-made to take advantage of specific flaws, and its effectiveness ends when the flaws and exploits are detected. 

Unlike a nuclear-tipped missile that retains its capabilities for decades, whose presence and potential are clear to all concerned, cyber weapons are ephemeral and easily camouflaged phenomena. They require an unending process of finding and exploiting ever more vulnerabilities on the other side, in the expectation that each exploit will eventually be discovered and neutralised. 

Neither side in the competition can ever be confident that its offensive capabilities have produced a stable state of mutual cyber deterrence. Cyber conflict is here to stay and policy makers need to be very clear about what steps will actually make us safer. 

Foreign Affairs:       DefenseOne:    The Atlantic:        Guardian:   The Hill:    National Interest:   

You Might Also Read:

Solving Mr. Biden’s Wicked Cyber Problem:

 

« The Coronavirus Is Increasing Investments In AI
New Zealand Central Bank Cyber Attack »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CW Jobs

CW Jobs

CWJobs.co.uk is a leading specialist IT recruitment website covering all areas of IT including Cyber Security.

CGI Group

CGI Group

CGI is a leading IT and business process services provider. Services include IT consulting, Systems Integration, Application Development, Infrastructure, Business Processes, Digital IP.

Arcanum Information Security (AIS)

Arcanum Information Security (AIS)

Arcanum Information Security is a specialist Information Assurance Consultancy and a leading provider of Cyber Security services to UK Defence, UK Government, Enterprise businesses and SMEs.

Q-Net Security

Q-Net Security

Protect your critical networks. Q-Net Security make hardware that provides the strongest drop-in security for your existing critical infrastructure.

LogMeIn

LogMeIn

LogMeIn makes it possible for millions of people and businesses around the globe to do their best work simply and securely—on any device, from any location and at any time.

Sixteenth Air Force (Air Forces Cyber)

Sixteenth Air Force (Air Forces Cyber)

Air Forces Cyber provides mission integration of Information Warfare at operational and tactical levels, creating dilemmas for adversaries in competition and, if necessary, future conflicts.

Association of anti Virus Asia Researchers (AVAR)

Association of anti Virus Asia Researchers (AVAR)

AVAR's mission is to prevent the spread of and damage caused by malicious software, and to develop cooperative relationships among anti-malware experts in Asia.

BDO Global

BDO Global

BDO is an international network of public accounting, tax and advisory firms which perform professional services under the name of BDO.

Cyber Security Authority (CSA) - Ghana

Cyber Security Authority (CSA) - Ghana

The Cyber Security Authority has been established to regulate cybersecurity activities in Ghana.

SpireTec Solutions

SpireTec Solutions

SpireTec Solutions is an IT management training company offering 1500+ courses with state of art training facilities backed by a team of industry experts in various domains including cybersecurity.

BlueSteel Cybersecurity

BlueSteel Cybersecurity

BlueSteel is a compliance consulting firm that leverages deep system, data and application expertise to build sustainable cybersecurity solutions.

UK Cyber Cluster Collaboration (UKC3)

UK Cyber Cluster Collaboration (UKC3)

UKC3 has been launched to support Cyber Clusters and encourage greater collaboration across regions and nations of the UK.

Synoptek

Synoptek

Synoptek is a global systems integrator and managed IT services provider (MSP). We offer comprehensive IT management and consultancy services to organizations worldwide.

Mobilicom

Mobilicom

Mobilicom is an end-to-end provider of cybersecurity and smart solutions for drones, robotics & autonomous platforms.

NANO Corp

NANO Corp

At NANO Corp, we keep your network visible, understandable, operational and secure with state-of-the-art technology.

ZAG Technical Services

ZAG Technical Services

ZAG Technical Services is an award-winning information technology consulting firm delivering digital transformation solutions, IT assessments, managed services, security, and support.