The Cyber War Winter Has Arrived

Uploaded on 2016-09-20 in NEWS-Cybersecurity News, GOVERNMENT-Defence, FREE TO VIEW

When Russia placed nuclear missiles in Cuba in 1962, they were, apparently, baiting the US to retaliate with full-scale nuclear war, and it nearly worked. However, the US had earlier placed nuclear weapons inside Turkey, which had then, understandably, up-set Russia and so Cuba going nuclear was their response!

More than 50 years later, we’re reaching a similar position. We’re at the edge of a balancing act that is tipping toward the world’s first war fought online.

In the past month, two major attacks on US government-related agencies, both allegedly perpetrated by Russian hackers, who may or may not be working with the Kremlin, have shown what could be the first publicly acknowledged cards in what has been a years-long tension between two world superpowers. A nation possibly revealing that it has gained access to U.S. systems and actively flaunting the ability to interfere with a presidential election is deliberate bait for our government to take stronger action.

Until now, nation-state cyber activity has amounted to little more than threats and conversations behind closed doors, as illustrated by last year’s anticlimactic US-China cyber pact meant to prevent nation-state hacking of private companies.

The agreement was met with security industry criticism for providing only the illusion of progress while leaving governments free to attack each other. And that’s exactly what they’ve done for years, nations have long been laying the groundwork for cyber combat, launching stealthy, ongoing attacks that have not (yet) been publicly uncovered.

But when one of these threats does come to light, whether by counter-attack or strategic leaking of information, the balance of terror is disrupted and calls for retaliation. Those claiming the recent Guccifer 2.0 and Shadow Brokers attacks are a warning from Russia are likely right, but what’s wrong is that we’re treating this like a new problem.

Powerful nations like the US, Russia and China laid the groundwork for attacks long ago as a “just in case” measure. We’ve seen this type of activity before with the revelation of Stuxnet, a virus thought to be the first public act of cyber warfare to cause physical damage (and that has been rumored to be linked to the Equation Group via technical details of the organization’s exploits).  

And while the recent attacks are a significant indicator of what might be in store as tension with Russia escalates, this is just the start of publicly acknowledged cyber warfare. Further, what we are seeing now is not even the worst case scenario as future attacks will likely go beyond embarrassing government documents, beyond wreaking havoc in elections and instead target citizens directly.

As we saw last year in Russia’s attack on Ukraine’s power grid, governments with aggressive cyber initiatives have unprecedented, direct power over the citizens of other nations. Nations like Russia, China and the US likely already have a stronghold on some aspect of each other’s critical infrastructure. This could mean energy grids and oil plants, or it could mean nuclear power facilities, it’s all dependent on the weapons lurking below the surface.

What’s more, these critical infrastructure facilities are nearly all built with archaic software that doesn’t stand a chance against hackers backed by a cyber-savvy nation. Imagine trying to create a website using only Microsoft Word 97, that’s essentially what it’s like for these tools to try blocking modern threats.

So are we all doomed? Not yet, at least. From where we stand now, it’s likely that the US’s next move is to place sanctions on Russia similar to those used to shut down public cyber conflict with China last year. But while that may work to mitigate the current situation, it’s a band aid over a bullet hole. If government organizations don’t work fast to update critical infrastructure security tools and policies, there’s a significant chance we’ll be facing physical battles as the result of a cold war.

Ein News

 

« High Resolution Cameras to Iraq
Russian Cyber Spies & Hackers Are The New Normal »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Uniken

Uniken

Uniken REL-ID is a safe, simple, and scalable security platform that tightly integrates your identity, authentication, and channel security.

French Expert Center Against Cybercrime (CECyF)

French Expert Center Against Cybercrime (CECyF)

CECyF is a centre of excellence for countering cybercrime in France.

Ergon Informatik

Ergon Informatik

Ergon Informatik AG is Switzerland's leading provider of customised software solutions and software products including fraud detection and the Airlock web security suite.

Safe Security

Safe Security

Safe Security (formerly Lucideus) provides Cyber risk assessment services and platforms to multiple Fortune 500 companies and governments across the globe.

Czech Accreditation Institute

Czech Accreditation Institute

Czech Accreditation Institute is the national accreditation body for the Czech Republic. The directory of members provides details of organisations offering certification services for ISO 27001.

CyberSwarm

CyberSwarm

CyberSwarm is developing a neuromorphic System-on-a-Chip dedicated to cybersecurity which helps organizations secure communication between connected devices and protect critical business assets.

Oceania Cyber Security Centre (OCSC)

Oceania Cyber Security Centre (OCSC)

OCSC engages with government and industry to conduct research, develop training opportunities and build capacity for responding to current and emerging cyber security issues.

Document Security Systems (DSS)

Document Security Systems (DSS)

DSS anti-counterfeit, authentication, and brand protection solutions are deployed to prevent attacks which threaten products, digital presence, financial instruments, and identification.

Field Effect Software

Field Effect Software

Field Effect Software build sophisticated and integrated IT security, threat surface reduction, training and simulation capabilities for enterprises and small businesses.

WolfSSL

WolfSSL

wolfSSL is an embedded SSL/TLS library providing secure communication for IoT, smart grid, connected home, routers, applications, games, phones, and more.

Teleport

Teleport

Teleport is a remote-first technology company. We enable engineers to quickly access any computing resource anywhere on the planet.

link22

link22

link22 offers a high level of expertise within IT security and system solutions. We help public and private actors with highly secure IT-solutions.

VC3

VC3

VC3 provides a full range of Information Technology Solutions and Services to hundreds of municipalities and organizations throughout the USA.

Coffee Cup Solutions

Coffee Cup Solutions

We offer a full spectrum of IT Services, from our UK based Helpdesk to IT Consultancy and Cyber Security. Our team has the skills and experience to develop, deliver and manage IT for your business.

DarkFeed

DarkFeed

DarkFeed is a Threat Intelligence provider that monitors the darknet in real-time, where hackers and Cyber criminals are most active.

Omnex

Omnex

Omnex provides consulting and training services in Quality, Environmental, and Health and Safety standards-based management systems including Automotive Cybersecurity.