Spies In Cyberspace

Uploaded on 2021-01-15 in INTELLIGENCE--International, GOVERNMENT-National, FREE TO VIEW

The United States government is one amongst many that needs to radically improve their cyber security strategies following the the news  about the massive Russian cyber attack against the US affecting federal agencies and numerous private companies which came to light in December 2020. The impact of this disastrous and still unfolding attack using weaponised SolarWinds software is not yet fully understood

In international relations terms it wasn’t a cyber attack, it was espionage and the victim wasn’t just the US, it was the entire world order. 

Microsoft has said the UK and six other countries outside the US have been affected by a suspected Russian hacking attack that US authorities have warned poses a grave risk to government and private networks. As has been recently revealed SolarWinds hack was similar to a scene from a horror movie: Victims frantically barricaded the doors, only to discover that the enemy had been hiding inside the house the whole time. 

US Secretary of State Mike Pompeo has accused Russia for this cyber attack. "This was a very significant effort, and I think it’s the case that now we can say pretty clearly that it was the Russians that engaged in this activity," he said. For months, intruders have been roaming wild inside the nation’s government networks, nearly all of the Fortune 500, and thousands of other companies and organisations. The breach, believed to be the work of an elite Russian spy agency, penetrated the Pentagon, nuclear labs, the State Department, the Department of Homeland Security (DHS) and other offices that used network-monitoring software made by Texas-based SolarWinds. 

America’s intelligence agencies and cyber warriors never detected a problem. Instead, the breach was caught by the cyber security firm FireEye, which itself was a victim.

The full extent of the damage won’t be known for months, perhaps years. What’s clear is that it’s massive, “a grave risk to the federal government … as well as critical infrastructure entities and other private sector organisations,” declared DHS’s Cybersecurity and Infrastructure Security Agency, an organisation not known for hyperbole.

The immediate question is how to respond. President-elect Joe Biden has said to “disrupt and deter our adversaries from undertaking significant cyber-attacks in the first place” by “imposing substantial costs.” 

Deterrence

To assume that punishing Russia now will stop Russia later would be a mistake and cyber deterrence is likely to fail. The only thing universal about deterrence is a misguided faith in its applicability. Experience suggests that, deterrence works in very limited circumstances:

  • When the culprit can be identified quickly.
  • When the behavior has crossed clear red lines defining unacceptable behavior.
  • When the punishment for crossing them is credible and known in advance to would-be attackers.

These conditions are rare in cyberspace.

Like Russia, China and other nations, the United States engages in cyber espionage on a massive scale all the time. In 2015, after China hacked the Office of Personnel Management and stole 22 million highly classified security-clearance records, James Clapper, then the director of national intelligence, declared, “You have to kind of salute the Chinese for what they did. If we had the opportunity to do that, I don’t think we’d hesitate for a minute.”

US officials face intense domestic political pressures to talk tough now and figure out the details later, but empty threats can undermine credibility with future adversaries. 

A more effective approach for the incoming Biden administration is to get back to basics and focus on preventing cyber intrusions and bouncing back more easily from the ones that inevitably get through. Although cyber security efforts have greatly improved but they are still underpowered and fragmented.  The Cybersecurity and Infrastructure Security Agency (CISA) has enhanced the coordination of public-and private-sector cyber security, but this agency is only two years old and has just over two thousand employees to help secure vital American networks.

The Trump administration fired the head of CISA after first eliminating  the White House subdirector’s office, a move so ill-advised that a bipartisan commission and a recent bipartisan vote of Congress called for re-establishing it.

Better cyber security is urgently required and this includes prioritising counter intelligence efforts to penetrate adversary nations’ intelligence services and their cyber operations.Success requires not just technology but talent. The SolarWinds malware didn’t just make itself. Humans created it. And wherever there are humans, human intelligence can make a difference.

During the Cold War  spying was a constant activity and everyone knew they were playing what decision theorists call a “repeated game”: If one side violated Moscow rules this time, the other could reciprocate in the future, and the whole thing could unravel. In today’s world, Russians and Americans don’t share a strong interest in managing all their potential cyber conflicts. But one area stands out: computer systems related to nuclear weapons. Hacks that penetrate any such systems could change how they operate, making nuclear accidents more likely. And even if hacks didn’t change anything, the other side could never be sure. 

During the Cold War the offense had distinct advantages over the defense. Each side came to recognise that the other had an ability to annihilate its adversary no matter the defender’s efforts. But unlike in the nuclear arena, cyber vulnerabilities change over time, software flaws pop in and out of existence as they are created, discovered, exploited, and patched. Malware often must be custom-made to take advantage of specific flaws, and its effectiveness ends when the flaws and exploits are detected. 

Unlike a nuclear-tipped missile that retains its capabilities for decades, whose presence and potential are clear to all concerned, cyber weapons are ephemeral and easily camouflaged phenomena. They require an unending process of finding and exploiting ever more vulnerabilities on the other side, in the expectation that each exploit will eventually be discovered and neutralised. 

Neither side in the competition can ever be confident that its offensive capabilities have produced a stable state of mutual cyber deterrence. Cyber conflict is here to stay and policy makers need to be very clear about what steps will actually make us safer. 

Foreign Affairs:       DefenseOne:    The Atlantic:        Guardian:   The Hill:    National Interest:   

You Might Also Read:

Solving Mr. Biden’s Wicked Cyber Problem:

 

« The Coronavirus Is Increasing Investments In AI
New Zealand Central Bank Cyber Attack »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Hack Miami

Hack Miami

HackMiami is the premier resource in South Florida for highly skilled hackers that specialize in vulnerability analysis, penetration testing, digital forensics, and all manner of IT security.

Riverbed Technology

Riverbed Technology

The Riverbed Network and Application Performance Platform enables organizations to visualize, optimize, accelerate and remediate the performance of any network for any application.

Cyber Conflict Studies Association (CCSA)

Cyber Conflict Studies Association (CCSA)

Cyber Conflict Studies Association (CCSA) is a non-profit organization dedicated to leading a diversified research agenda in the field of cyber conflict.

CyberScout

CyberScout

Cyberscout delivers the latest cybersecurity education, protection and resolutions services. We also provide swift incident response services around the world.

Avast Software

Avast Software

Avast Software is a security software company that develops antivirus software and internet security services.

ID Quantique (IDQ)

ID Quantique (IDQ)

ID Quantique is a world leader in quantum-safe crypto solutions, designed to protect data for the long-term future.

Prevalent

Prevalent

Prevalent takes the pain out of third-party risk management. Companies use our services to eliminate the security and compliance exposures that come from working with vendors and suppliers.

LIFARS

LIFARS

LIFARS is a global leader in Digital Forensics and Cyber Resiliency Services.

Slice

Slice

Slice offer subscription based Cyber Insurance for small businesses.

Have I Been Pwned (HIBP)

Have I Been Pwned (HIBP)

Have I Been Pwned is a free resource for anyone to quickly assess if they may have been put at risk due to an online account of theirs having been compromised or "pwned" in a data breach.

Siege Technologies

Siege Technologies

Siege Technologies is a pioneer of multi-purpose cybersecurity products and services that enable customers to leverage both offensive and defensive technologies.

Charles IT

Charles IT

Charles IT is your friendly, no-nonsense IT team focused on helping companies make their technology work for them. We focus on building relationships that deliver results.

Wadilona Cyber Securities

Wadilona Cyber Securities

Wadilona Cyber Securities' sole aim is to bring and secure Information and Communications Technology (ICT) to and work for humans in its simplest terms.

ActiveFence

ActiveFence

ActiveFence enables Trust & Safety teams to be proactive about online integrity so they can keep their users safe from online harm – across content formats, languages, and abuse areas.

Orca Tech

Orca Tech

Orca Tech brings together a portfolio of complimentary vendor in the IT security industry to help provide a complete solution to meet the requirements of our Partners across all sectors.

VPNBlade

VPNBlade

VPNBlade is your go-to resource for expert reviews and advice on VPN services.