Former NSA Expert ‘We are in the Cyber War’

Uploaded on 2015-12-01 in NEWS-News Analysis, INTELLIGENCE--International, FREE TO VIEW

The cyber war is here to stay and we are all enlisted. That's the view of Cedric Leighton, a former NSA cyber expert and US Air Force veteran with 26 years' experience in military intelligence, cyber security and conflict resolution.

Leighton, who directed cryptologic training operations at the US National Security Agency before forming his own consultancy, Cedric Leighton Associates, talked about cyber warfare, nation state snooping and the surveillance world in a post-Paris landscape.

"It's very important for all organisations, whether they be governmental, NGO-type or private sector enterprises, to realise one salient thing: we are really all at war," he said. "Whether you like it or not you have been enlisted in this effort to secure your networks and to secure your digital infrastructure."

This digital war will not be fought with guns and bombs but with keyboards and Internet connections. Yet, according to Leighton, many remain unprepared for the inevitable battle. "The cyber security initiatives that many companies undertake are really not sufficient to combat the threats that are out there and which multiply on a minute-by-minute basis," he said. "When you see the nature of the threat and who the threat actors actually are, and what we are doing as a response, there is certainly an imbalance."

"We are looking at a situation where security mechanisms cannot keep up with the threats that state actors produce as well as non-state actors and hacktivists like Anonymous. All of those come together in a very dangerous landscape."

Paris

The recent terrorist atrocities in Paris, which claimed the lives of over 120 people after a co-ordinated attack by Islamic State, will potentially change how intelligence and surveillance is used in the country. Major questions are now being asked about the effectiveness of the French Intelligence Bill, enacted in the wake of the Charlie Hebdo attacks on 7 January 2015, which is similar in content to the UK Investigatory Powers Bill and gives police and intelligence agencies greater surveillance powers.

So was the Paris attack a failure of mass surveillance? "I think there is some truth to that. I think it's also a failure to appreciate the power of big data in intelligence gathering," Leighton said. "What I think is a key ingredient here is that the institutions are not flexible enough to handle big data, to properly assimilate all the different data points that are out there.

"One of the big challenges in intelligence operations in general is that consumers of intelligence want a predictive capability. They want to know if that terrorist is going to commit that act on that particular day, at that time and at that location.

"The problem is that the terrorist doesn't even know what is going to happen. In many cases these things are targets of opportunity." Questions also need to be asked about how vital information was missed by the intelligence agencies.

"You have one terrorist who is allegedly a French citizen, grows up in Belgium, goes to Syria and then comes back and for some reason some of those points in his life story are missed. Now why should that be?" he asked.

"When you look at the French law that was passed in the wake of the Charlie Hebdo situation it seems the bureaucracy has not caught up with the procedures, including the sharing of threat information, that need to happen. It looks like it didn't happen in this case and that's what's damning about it." Despite stressing that mass surveillance is not always the answer, Leighton said that more targeted snooping based on predictive analytics could be the future.

"Law enforcement and intelligence need to remember that, yes, it is about collection, but more importantly it's about refined collection, targeted collection, so that you can go after those who truly need to be watched in order to prevent these kinds of activities," he said. "I don't like the idea that everything is collected all the time. I think that is a faulty paradigm because, first of all you are collecting way too much, and secondly most people are not going to do what happened in Paris."
 
The major threats 

Islamic State and repressive regimes including those of North Korea and Saudi Arabia continue to focus on cyber attacks as a new form of warfare, but the situation quickly becomes more complicated when nation-state actors and hacktivists enter the picture.

Leighton said that it is becoming increasingly important to properly define ‘threat actor' as many continue to blame the worst snooping on the Five Eyes partnership between the US, the UK, Canada, Australia and New Zealand as a result of the ongoing Snowden revelations.

"If you say that anybody who has the capability to hack into a system or actually is hacking into a system is a threat, it changes the definition. Yes, it's the Five Eyes but it's also Russia, China, North Korea, Iran and Israel," he said. "If you look statistically where the threats are coming from it is absolutely true that most analysis will say the US is number one, followed by Western Europe and China. That is not necessarily an accurate reflection of where the true threat is coming from."

The true threat, Leighton warned, is now hidden by the use of proxy servers. "If you use a proxy server somewhere it's not really the point of origin of the attack," he said. "For example, in the Sony hack that North Korea reportedly engaged in, the servers that were used were not in North Korea. You cannot attribute an attack to the location of the server."

Indeed, 2015 has been a record year for breaches as high-profile companies and government departments continue to crack under the weight of cyber attack. TalkTalk, Ashley Madison, the US Office of Personnel Management (OPM), Target and Experian were all hit with major attacks in the past 12 months alone.

According to Leighton, the ramifications of the OPM hack in particular are still being felt in the US. "The fact they allowed data that was that sensitive and that personal to be unencrypted and easily accessible is unconscionable," he said. "In a cyber security environment you need to make sure defences are adaptive because the threat that was there just a few years ago is no longer the predominant threat. There are a lot of different threats out there, things like advanced persistent threats, for example."

China's 'power status' aspirations

China is continuously cited as one of the worst offenders when it comes to emerging cyber threats. The hackers employed by the government tend to focus on intellectual property theft and this, according to Leighton, is central to the country's economic success.

"When you look at the Chinese their main effort is economically based. They have 1.3 billion people and they have to keep that economy humming along," he said. "What they have chosen to do, which is kind of a neat idea from a balancing perspective, is to achieve a great deal of technical progress, and the way they have done it is from an intellectual property standpoint.

"In essence they go [into organisations] and steal. What you find is that there are repeated instances of them going in and saying ‘We need to get that intellectual property.' Then they will create a company that does similar or the same things."

Yet China appeared recently to be on a mission to win over the hearts of global governments, as diplomats travelled across the US, UK and Germany to discuss cyber crime and come up with cyber peace deals to curb the rise of such theft. However, Leighton believes that China had an ulterior, more selfish, motive for these deals.

"The reason the Chinese have done this, I think, is because they are beginning to develop their own R&D and the intellectual property that results from it. Once you do that you become part of the club of developed counties that have intellectual property worth saving," he explained.

"They realise that, if they become a knowledge economy like the US and UK, that puts them in the same playing field as more developed nations.

"The Chinese are very interestingly going about a divide and conquer strategy. What we have noticed in the US is that cyber espionage continues unabated from basically the same sources. They in essence have continued their practices."

Protecting data at all costs

Leighton predicts that cyber activities will become more sophisticated in 2016 and will have a greater focus on stealth. "You will see a greater volume of cyber threats and new advanced persistent threats that are harder to detect and reside on networks and remain dormant for much longer times and that are activated in a way that is very subtle and very hard to detect," he warned.

Leighton added that it is vital to protect sensitive data at all costs in the face of increasing breaches and global threats. "What needs to be protected is the data that makes an organisation unique, and failure to protect that, whether its customer data or intellectual property, is going to be a big differentiator," he said.

"If you fail to protect it, your organisation runs the risk of losing that data and potentially being eliminated."
Ein News: http://bit.ly/1Nng48E

 

« Presidential Candidate John McAfee Talks Cyber
The Road to Measuring and Interpreting Big Data »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

securitycurrent

securitycurrent

Security Current's proprietary content and events provide insight, actionable advice and analysis giving executives the latest information to make knowledgeable decisions.

Systancia

Systancia

Systancia offer solutions for the virtualization of applications and VDI, external access security, Privileged Access Management (PAM), Single Sign-On (SSO) and Identity and Access Management (IAM).

Procilon Group

Procilon Group

Procilon Group specialize in the development of cryptographic software as well as strategic advice on information security and data protection.

4Stop

4Stop

4Stop is a global KYC, compliance and anti-fraud risk management company.

Shieldfy

Shieldfy

Shieldfy is a cloud-based security shield for your website to protect it from cyber attacks and malwares.

Brighter AI

Brighter AI

Brighter AI empowers companies to use publicly-recorded camera data for analytics & AI while being compliant with increasing data privacy regulations worldwide.

Polaris Infosec

Polaris Infosec

Polaris Web Presence Protection (WPP) is powered by our proprietary artificial intelligence and machine learning engine to ensure that attacks are stopped before they affect your business.

BugDazz

BugDazz

BugDazz pentest as a service (PTaaS) platform helps bringing in real-time results, detail coverage, & easy remediation workflows with compliance-ready reports.

Canonic Security

Canonic Security

Canonic streamlines app review, continuously monitors apps, and reduces the risks involved in third-party access to your data.

Abertay cyberQuarter

Abertay cyberQuarter

The Abertay cyberQuarter is a cybersecurity research and development centre housed within Abertay University.

RevealSecurity

RevealSecurity

RevealSecurity's TrackerIQ detects malicious activities in enterprise applications.

ClearShark

ClearShark

Since 2001, ClearShark has been a go-to adviser in the U.S. Public Sector for creating customized and integrated solutions for the most secure of networks.

Gem Security

Gem Security

Gem is on a mission to help security operations evolve into the cloud era, and stop cloud threats before they become incidents.

Myntex

Myntex

Myntex® is a leading encrypted phone provider, managing a world-class on-site Canadian data center. Our solutions protect against data breaches, digital surveillance, and cybercrime.

Verinext

Verinext

Verinext delivers transformative business technology, from intelligently automating time-consuming tasks and protecting data assets to securing infrastructure and improving customer experiences.

Teal Technology Consulting

Teal Technology Consulting

TEAL Technology Consulting is your trusted advisor for all your information security needs.