Spies In Cyberspace

The United States government is one amongst many that needs to radically improve their cyber security strategies following the the news  about the massive Russian cyber attack against the US affecting federal agencies and numerous private companies which came to light in December 2020. The impact of this disastrous and still unfolding attack using weaponised SolarWinds software is not yet fully understood

In international relations terms it wasn’t a cyber attack, it was espionage and the victim wasn’t just the US, it was the entire world order. 

Microsoft has said the UK and six other countries outside the US have been affected by a suspected Russian hacking attack that US authorities have warned poses a grave risk to government and private networks. As has been recently revealed SolarWinds hack was similar to a scene from a horror movie: Victims frantically barricaded the doors, only to discover that the enemy had been hiding inside the house the whole time. 

US Secretary of State Mike Pompeo has accused Russia for this cyber attack. "This was a very significant effort, and I think it’s the case that now we can say pretty clearly that it was the Russians that engaged in this activity," he said. For months, intruders have been roaming wild inside the nation’s government networks, nearly all of the Fortune 500, and thousands of other companies and organisations. The breach, believed to be the work of an elite Russian spy agency, penetrated the Pentagon, nuclear labs, the State Department, the Department of Homeland Security (DHS) and other offices that used network-monitoring software made by Texas-based SolarWinds. 

America’s intelligence agencies and cyber warriors never detected a problem. Instead, the breach was caught by the cyber security firm FireEye, which itself was a victim.

The full extent of the damage won’t be known for months, perhaps years. What’s clear is that it’s massive, “a grave risk to the federal government … as well as critical infrastructure entities and other private sector organisations,” declared DHS’s Cybersecurity and Infrastructure Security Agency, an organisation not known for hyperbole.

The immediate question is how to respond. President-elect Joe Biden has said to “disrupt and deter our adversaries from undertaking significant cyber-attacks in the first place” by “imposing substantial costs.” 

Deterrence

To assume that punishing Russia now will stop Russia later would be a mistake and cyber deterrence is likely to fail. The only thing universal about deterrence is a misguided faith in its applicability. Experience suggests that, deterrence works in very limited circumstances:

  • When the culprit can be identified quickly.
  • When the behavior has crossed clear red lines defining unacceptable behavior.
  • When the punishment for crossing them is credible and known in advance to would-be attackers.

These conditions are rare in cyberspace.

Like Russia, China and other nations, the United States engages in cyber espionage on a massive scale all the time. In 2015, after China hacked the Office of Personnel Management and stole 22 million highly classified security-clearance records, James Clapper, then the director of national intelligence, declared, “You have to kind of salute the Chinese for what they did. If we had the opportunity to do that, I don’t think we’d hesitate for a minute.”

US officials face intense domestic political pressures to talk tough now and figure out the details later, but empty threats can undermine credibility with future adversaries. 

A more effective approach for the incoming Biden administration is to get back to basics and focus on preventing cyber intrusions and bouncing back more easily from the ones that inevitably get through. Although cyber security efforts have greatly improved but they are still underpowered and fragmented.  The Cybersecurity and Infrastructure Security Agency (CISA) has enhanced the coordination of public-and private-sector cyber security, but this agency is only two years old and has just over two thousand employees to help secure vital American networks.

The Trump administration fired the head of CISA after first eliminating  the White House subdirector’s office, a move so ill-advised that a bipartisan commission and a recent bipartisan vote of Congress called for re-establishing it.

Better cyber security is urgently required and this includes prioritising counter intelligence efforts to penetrate adversary nations’ intelligence services and their cyber operations.Success requires not just technology but talent. The SolarWinds malware didn’t just make itself. Humans created it. And wherever there are humans, human intelligence can make a difference.

During the Cold War  spying was a constant activity and everyone knew they were playing what decision theorists call a “repeated game”: If one side violated Moscow rules this time, the other could reciprocate in the future, and the whole thing could unravel. In today’s world, Russians and Americans don’t share a strong interest in managing all their potential cyber conflicts. But one area stands out: computer systems related to nuclear weapons. Hacks that penetrate any such systems could change how they operate, making nuclear accidents more likely. And even if hacks didn’t change anything, the other side could never be sure. 

During the Cold War the offense had distinct advantages over the defense. Each side came to recognise that the other had an ability to annihilate its adversary no matter the defender’s efforts. But unlike in the nuclear arena, cyber vulnerabilities change over time, software flaws pop in and out of existence as they are created, discovered, exploited, and patched. Malware often must be custom-made to take advantage of specific flaws, and its effectiveness ends when the flaws and exploits are detected. 

Unlike a nuclear-tipped missile that retains its capabilities for decades, whose presence and potential are clear to all concerned, cyber weapons are ephemeral and easily camouflaged phenomena. They require an unending process of finding and exploiting ever more vulnerabilities on the other side, in the expectation that each exploit will eventually be discovered and neutralised. 

Neither side in the competition can ever be confident that its offensive capabilities have produced a stable state of mutual cyber deterrence. Cyber conflict is here to stay and policy makers need to be very clear about what steps will actually make us safer. 

Foreign Affairs:       DefenseOne:    The Atlantic:        Guardian:   The Hill:    National Interest:   

You Might Also Read:

Solving Mr. Biden’s Wicked Cyber Problem:

 

« The Coronavirus Is Increasing Investments In AI
New Zealand Central Bank Cyber Attack »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

NICE Systems

NICE Systems

NICE Systems provide software solutions to ensure compliance, fight financial crime, and safeguard people and assets.

Fasoo

Fasoo

Fasoo provides data-centric security to protect data within the organizational perimeter and beyond by limiting access to sensitive data according to policies that cover both users and activities.

Japan Network Security Association (JNSA)

Japan Network Security Association (JNSA)

JNSA's goal is to promote standardization related to network security and to contribute to greater technological standards in the field.

Assured Information Security (AIS)

Assured Information Security (AIS)

AIS is committed to providing our customers with critical information security products, services, and training. We support diverse needs throughout business and industry.

Wizlynx PTE LTD

Wizlynx PTE LTD

Wizlynx PTE LTD is the Singapore branch of Wizlynx Group located in Singapore, offering Information and Cyber Security Services throughout the entire Asia Pacific (APAC) region.

Data Protection People

Data Protection People

Data Protection People are specialists in Data Privacy, Governance, and Information Security.

C2A Security

C2A Security

C2A Security offers a comprehensive suite of cyber security solutions for the automotive industry, providing in-vehicle end-to-end protection.

Ampliphae

Ampliphae

Ampliphae gives you an easy-to-deploy, sophisticated and affordable cloud-discovery, security and compliance platform.

Nucleus Security

Nucleus Security

Nucleus is a leading Vulnerability Management platform for Large Enterprises, MSPs/MSSPs, and Application Security Teams that want more from their vulnerability management tools.

Soffid

Soffid

Soffid provides full Single-Sign-On experience and full Identity and Access Management features by policy-based centralised orchestration of user identities.

Netlinkz

Netlinkz

Netlinkz has developed the Virtual Secure Network (VSN) overlay technology platform, a breakthrough in connectivity security, speed, and simplicity.

Curity

Curity

The Curity Identity Server brings identity and API security together, enabling highly scalable and secure user access to digital services.

Raxis

Raxis

Raxis is a cybersecurity company that hacks into computer networks and physical structures to perform penetration tests, assessing corporate vulnerability to real-world threats.

Secure Diversity

Secure Diversity

Secure Diversity is an innovative non-profit organization with leaders that think out of the box to create strategies & solutions to increase diversity in the cybersecurity industry.

Conosco

Conosco

Conosco are industry-leading experts throughout the UK in strategic consulting, project delivery, business communications, support, and security.

RiskSmart

RiskSmart

RiskSmart empower risk, compliance, and legal teams with a tech-led and data-driven platform designed to save time, reduce costs and add real value to businesses.