The Cyber War Winter Has Arrived

Uploaded on 2016-09-20 in NEWS-Cybersecurity News, GOVERNMENT-Defence, FREE TO VIEW

When Russia placed nuclear missiles in Cuba in 1962, they were, apparently, baiting the US to retaliate with full-scale nuclear war, and it nearly worked. However, the US had earlier placed nuclear weapons inside Turkey, which had then, understandably, up-set Russia and so Cuba going nuclear was their response!

More than 50 years later, we’re reaching a similar position. We’re at the edge of a balancing act that is tipping toward the world’s first war fought online.

In the past month, two major attacks on US government-related agencies, both allegedly perpetrated by Russian hackers, who may or may not be working with the Kremlin, have shown what could be the first publicly acknowledged cards in what has been a years-long tension between two world superpowers. A nation possibly revealing that it has gained access to U.S. systems and actively flaunting the ability to interfere with a presidential election is deliberate bait for our government to take stronger action.

Until now, nation-state cyber activity has amounted to little more than threats and conversations behind closed doors, as illustrated by last year’s anticlimactic US-China cyber pact meant to prevent nation-state hacking of private companies.

The agreement was met with security industry criticism for providing only the illusion of progress while leaving governments free to attack each other. And that’s exactly what they’ve done for years, nations have long been laying the groundwork for cyber combat, launching stealthy, ongoing attacks that have not (yet) been publicly uncovered.

But when one of these threats does come to light, whether by counter-attack or strategic leaking of information, the balance of terror is disrupted and calls for retaliation. Those claiming the recent Guccifer 2.0 and Shadow Brokers attacks are a warning from Russia are likely right, but what’s wrong is that we’re treating this like a new problem.

Powerful nations like the US, Russia and China laid the groundwork for attacks long ago as a “just in case” measure. We’ve seen this type of activity before with the revelation of Stuxnet, a virus thought to be the first public act of cyber warfare to cause physical damage (and that has been rumored to be linked to the Equation Group via technical details of the organization’s exploits).  

And while the recent attacks are a significant indicator of what might be in store as tension with Russia escalates, this is just the start of publicly acknowledged cyber warfare. Further, what we are seeing now is not even the worst case scenario as future attacks will likely go beyond embarrassing government documents, beyond wreaking havoc in elections and instead target citizens directly.

As we saw last year in Russia’s attack on Ukraine’s power grid, governments with aggressive cyber initiatives have unprecedented, direct power over the citizens of other nations. Nations like Russia, China and the US likely already have a stronghold on some aspect of each other’s critical infrastructure. This could mean energy grids and oil plants, or it could mean nuclear power facilities, it’s all dependent on the weapons lurking below the surface.

What’s more, these critical infrastructure facilities are nearly all built with archaic software that doesn’t stand a chance against hackers backed by a cyber-savvy nation. Imagine trying to create a website using only Microsoft Word 97, that’s essentially what it’s like for these tools to try blocking modern threats.

So are we all doomed? Not yet, at least. From where we stand now, it’s likely that the US’s next move is to place sanctions on Russia similar to those used to shut down public cyber conflict with China last year. But while that may work to mitigate the current situation, it’s a band aid over a bullet hole. If government organizations don’t work fast to update critical infrastructure security tools and policies, there’s a significant chance we’ll be facing physical battles as the result of a cold war.

Ein News

 

« High Resolution Cameras to Iraq
Russian Cyber Spies & Hackers Are The New Normal »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

IPVanish

IPVanish

IPVanish has its roots in over 15 years of network management, IP services, and content delivery services. Now we're bringing these finely honed skills to VPN.

D3 Security

D3 Security

D3's Smart SOAR platform is at the forefront of the security automation revolution, helping clients around the world to rapidly identify, analyze, and resolve advanced threats.

Cybint Solutions

Cybint Solutions

Cybint provides customized cyber education and training solutions for Higher Education, Companies and Government.

MedCrypt

MedCrypt

MedCrypt are a team of medical device experts focused on bringing modern cybersecurity features to the next generation of healthcare technology.

Grupo CFI

Grupo CFI

Grupo CFI is the largest Spanish network of data protection and cybersecurity professionals.

ST Engineering

ST Engineering

ST Engineering is a leading provider of trusted and innovative cybersecurity solutions.

Bace Cybersecurity Institute (BCI)

Bace Cybersecurity Institute (BCI)

Bace Cybersecurity Institute focuses on understanding, empowering and taking action across four critical areas driving continual improvement toward a safer, more secure cyber world.

Raqmiyat

Raqmiyat

Raqmiyat provides end-to-end IT Services and business solutions including consultancy, digital transformation, infrastructure and cybersecurity.

InfoLock

InfoLock

Infolock are experts in data governance, providing consulting and advisory services that help organizations effectively secure, manage, and optimize their data.

SecureStrux

SecureStrux

SecureStrux are a cybersecurity consulting firm providing specialized services in the areas of compliance, vulnerability assessment, computer network defense, and cybersecurity strategies.

Zemana

Zemana

Zemana provides innovative cyber-security solutions to deal with complex malicious software and other cyber threats.

Triaxiom Security

Triaxiom Security

Triaxiom Security offers penetration testing, security audits, and strategic consulting customized to meet your needs.

Cyber Capital Partners

Cyber Capital Partners

Cyber Capital Partners build strategic and financial partnerships with small and mid-sized cybersecurity companies in highly regulated markets.

SiyanoAV

SiyanoAV

SiyanoAV's range of antivirus products delivers strong protection against various cyber threats, including malware, ransomware, phishing schemes, and beyond.

TDi Technologies

TDi Technologies

TDI Technologies' flagship solution ConsoleWorks, is an IT/OT cybersecurity and operations platform for Privileged Access Users.

Netarx

Netarx

Netarx provide real-time deepfake detection for enterprise voice, video and email.