Former NSA Expert ‘We are in the Cyber War’

Uploaded on 2015-12-01 in NEWS-Cybersecurity News, INTELLIGENCE--International, FREE TO VIEW

The cyber war is here to stay and we are all enlisted. That's the view of Cedric Leighton, a former NSA cyber expert and US Air Force veteran with 26 years' experience in military intelligence, cyber security and conflict resolution.

Leighton, who directed cryptologic training operations at the US National Security Agency before forming his own consultancy, Cedric Leighton Associates, talked about cyber warfare, nation state snooping and the surveillance world in a post-Paris landscape.

"It's very important for all organisations, whether they be governmental, NGO-type or private sector enterprises, to realise one salient thing: we are really all at war," he said. "Whether you like it or not you have been enlisted in this effort to secure your networks and to secure your digital infrastructure."

This digital war will not be fought with guns and bombs but with keyboards and Internet connections. Yet, according to Leighton, many remain unprepared for the inevitable battle. "The cyber security initiatives that many companies undertake are really not sufficient to combat the threats that are out there and which multiply on a minute-by-minute basis," he said. "When you see the nature of the threat and who the threat actors actually are, and what we are doing as a response, there is certainly an imbalance."

"We are looking at a situation where security mechanisms cannot keep up with the threats that state actors produce as well as non-state actors and hacktivists like Anonymous. All of those come together in a very dangerous landscape."

Paris

The recent terrorist atrocities in Paris, which claimed the lives of over 120 people after a co-ordinated attack by Islamic State, will potentially change how intelligence and surveillance is used in the country. Major questions are now being asked about the effectiveness of the French Intelligence Bill, enacted in the wake of the Charlie Hebdo attacks on 7 January 2015, which is similar in content to the UK Investigatory Powers Bill and gives police and intelligence agencies greater surveillance powers.

So was the Paris attack a failure of mass surveillance? "I think there is some truth to that. I think it's also a failure to appreciate the power of big data in intelligence gathering," Leighton said. "What I think is a key ingredient here is that the institutions are not flexible enough to handle big data, to properly assimilate all the different data points that are out there.

"One of the big challenges in intelligence operations in general is that consumers of intelligence want a predictive capability. They want to know if that terrorist is going to commit that act on that particular day, at that time and at that location.

"The problem is that the terrorist doesn't even know what is going to happen. In many cases these things are targets of opportunity." Questions also need to be asked about how vital information was missed by the intelligence agencies.

"You have one terrorist who is allegedly a French citizen, grows up in Belgium, goes to Syria and then comes back and for some reason some of those points in his life story are missed. Now why should that be?" he asked.

"When you look at the French law that was passed in the wake of the Charlie Hebdo situation it seems the bureaucracy has not caught up with the procedures, including the sharing of threat information, that need to happen. It looks like it didn't happen in this case and that's what's damning about it." Despite stressing that mass surveillance is not always the answer, Leighton said that more targeted snooping based on predictive analytics could be the future.

"Law enforcement and intelligence need to remember that, yes, it is about collection, but more importantly it's about refined collection, targeted collection, so that you can go after those who truly need to be watched in order to prevent these kinds of activities," he said. "I don't like the idea that everything is collected all the time. I think that is a faulty paradigm because, first of all you are collecting way too much, and secondly most people are not going to do what happened in Paris."
 
The major threats 

Islamic State and repressive regimes including those of North Korea and Saudi Arabia continue to focus on cyber attacks as a new form of warfare, but the situation quickly becomes more complicated when nation-state actors and hacktivists enter the picture.

Leighton said that it is becoming increasingly important to properly define ‘threat actor' as many continue to blame the worst snooping on the Five Eyes partnership between the US, the UK, Canada, Australia and New Zealand as a result of the ongoing Snowden revelations.

"If you say that anybody who has the capability to hack into a system or actually is hacking into a system is a threat, it changes the definition. Yes, it's the Five Eyes but it's also Russia, China, North Korea, Iran and Israel," he said. "If you look statistically where the threats are coming from it is absolutely true that most analysis will say the US is number one, followed by Western Europe and China. That is not necessarily an accurate reflection of where the true threat is coming from."

The true threat, Leighton warned, is now hidden by the use of proxy servers. "If you use a proxy server somewhere it's not really the point of origin of the attack," he said. "For example, in the Sony hack that North Korea reportedly engaged in, the servers that were used were not in North Korea. You cannot attribute an attack to the location of the server."

Indeed, 2015 has been a record year for breaches as high-profile companies and government departments continue to crack under the weight of cyber attack. TalkTalk, Ashley Madison, the US Office of Personnel Management (OPM), Target and Experian were all hit with major attacks in the past 12 months alone.

According to Leighton, the ramifications of the OPM hack in particular are still being felt in the US. "The fact they allowed data that was that sensitive and that personal to be unencrypted and easily accessible is unconscionable," he said. "In a cyber security environment you need to make sure defences are adaptive because the threat that was there just a few years ago is no longer the predominant threat. There are a lot of different threats out there, things like advanced persistent threats, for example."

China's 'power status' aspirations

China is continuously cited as one of the worst offenders when it comes to emerging cyber threats. The hackers employed by the government tend to focus on intellectual property theft and this, according to Leighton, is central to the country's economic success.

"When you look at the Chinese their main effort is economically based. They have 1.3 billion people and they have to keep that economy humming along," he said. "What they have chosen to do, which is kind of a neat idea from a balancing perspective, is to achieve a great deal of technical progress, and the way they have done it is from an intellectual property standpoint.

"In essence they go [into organisations] and steal. What you find is that there are repeated instances of them going in and saying ‘We need to get that intellectual property.' Then they will create a company that does similar or the same things."

Yet China appeared recently to be on a mission to win over the hearts of global governments, as diplomats travelled across the US, UK and Germany to discuss cyber crime and come up with cyber peace deals to curb the rise of such theft. However, Leighton believes that China had an ulterior, more selfish, motive for these deals.

"The reason the Chinese have done this, I think, is because they are beginning to develop their own R&D and the intellectual property that results from it. Once you do that you become part of the club of developed counties that have intellectual property worth saving," he explained.

"They realise that, if they become a knowledge economy like the US and UK, that puts them in the same playing field as more developed nations.

"The Chinese are very interestingly going about a divide and conquer strategy. What we have noticed in the US is that cyber espionage continues unabated from basically the same sources. They in essence have continued their practices."

Protecting data at all costs

Leighton predicts that cyber activities will become more sophisticated in 2016 and will have a greater focus on stealth. "You will see a greater volume of cyber threats and new advanced persistent threats that are harder to detect and reside on networks and remain dormant for much longer times and that are activated in a way that is very subtle and very hard to detect," he warned.

Leighton added that it is vital to protect sensitive data at all costs in the face of increasing breaches and global threats. "What needs to be protected is the data that makes an organisation unique, and failure to protect that, whether its customer data or intellectual property, is going to be a big differentiator," he said.

"If you fail to protect it, your organisation runs the risk of losing that data and potentially being eliminated."
Ein News: http://bit.ly/1Nng48E

 

« Presidential Candidate John McAfee Talks Cyber
The Road to Measuring and Interpreting Big Data »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CIO

CIO

CIO provides technology and business leaders with insight and analysis on information technology trends

Atos

Atos

Atos provides a unique Cyber Security end to end solution with a data-centric and pre-emptive security approach.

Upstream Security

Upstream Security

Upstream Security is the first cloud-based cyber-security solution that protects the technologies and applications of connected and autonomous vehicles.

exceet Secure Solutions

exceet Secure Solutions

exceet Secure Solutions is your experienced specialist for Internet of Things (IoT), Heath Telematics, electronic signatures and timestamps and IT security.

Private Internet Access

Private Internet Access

Private Internet Access is a Virtual Private Network services provider offering secure encrypted access to the internet.

ICTSecurity Portal - Austria

ICTSecurity Portal - Austria

The ICTSecurity Portal is an interministerial initiative in cooperation with the Austrian economy and acts as a central internet portal for topics related to security in the digital world.

SBD Automotive

SBD Automotive

SBD Automotive are specialists in automotive technology providing independent research and consultancy to help create smarter, more secure, better connected, and increasingly autonomous cars.

ICT Reverse

ICT Reverse

ICT Reverse is one of the UK’s leading, fully accredited providers of ICT asset disposal and secure data erasure.

White Hawk Software

White Hawk Software

White Hawk provides code tamper-proofing solutions to protect mission critical software applications from malicious and Zero day attacks and reverse engineering at run time.

UTMStack

UTMStack

UTMStack is a Unified Security Management system that includes SIEM, Vulnerability Management, Network and Host IDS/IPS, Asset Discovery, Endpoint Protection and Incident Response.

SECUINFRA

SECUINFRA

SECUINFRA has been supporting companies in detecting, analyzing and defending against cyber attacks since 2010.

International Cyber Threat Task Force (ICTTF)

International Cyber Threat Task Force (ICTTF)

The International Cyber Threat Task Force is a not-for-profit initiative promoting the ecosystem of an International independent non-partisan cyber security community.

NACVIEW

NACVIEW

NACVIEW is a Network Access Control solution. It allows to control endpoints and identities that try to access the network - wired and wireless, including VPN connections.

Zorus

Zorus

Zorus provides best-in-class cybersecurity products to MSP partners to help them grow their business and protect their clients.

Brightworks Group

Brightworks Group

BrightWorks Group offer comprehensive technology operations and security operations consulting services, tailored to meet your specific needs.

Framework Security

Framework Security

With Framework Security, you get more than a consultancy; you get a partner dedicated to simplifying cybersecurity and protecting your business in the most efficient way possible.