2021-02-15 -
`Our adversaries have capabilities to hold at risk US critical infrastructure as well as the broader ecosystem of connected consumer and industrial devices known as the Internet of Things,` said a US intelligence community briefing from January 2017. Connected thermostats, cameras, and cookers could all be used either to spy on citizens of another country, or to cause havoc if they were hacked. Not all IoT devices are in homes; hospitals and factories and smart cities are now filled with sensors and other devices which means that the real-world impact of an IoT outage could be widely felt. How do you defend against cyberwarfare? The same cybersecurity practices that will protect against everyday hackers and cyber crooks will provide some protection against state-backed cyberattackers, who use many of the same techniques. That means covering the basics: changing default passwords and making passwords hard to crack, not using the same password for different systems, making sure that all systems are patched and up-to-date (including the use of antivirus software), ensuring that systems are only connected to the internet if necessary and making sure that essential data is backed up securely. This may be enough to stop some attackers or at least give them enough extra work to do that they switch to an easier target. Recognising that your organisation can be a target is an important step: even if your organisation is not an obvious target for hackers motivated by greed (who would hack a sewage works for money?), you may be a priority for hackers looking to create chaos. However, for particularly high-value targets this is unlikely to be enough: these attacks are called `advanced and persistent`. In this case it may be hard to stop them at the boundary and additional cybersecurity investments will be needed: strong encryption, multi-factor authentication, and advanced network monitoring. It may well be that you cannot stop them penetrating your network, but you may be able to stop them doing any damage. At a higher level, nations and groups of states are developing their own cyber defence strategies. The European Union recently announced plans to work on a cyber defence plan which it will invoke if it faces a major, cross-border cyberattack, and plans to work with NATO on cyber defence exercises. However, not all nations consider such planning to be a particularly high priority. More broadly, to prevent cyberwar incidents, countries need to talk more: to understand where the boundaries lie and which kinds of behaviour are acceptable. Until that is done there is always the risk of misunderstanding and escalation. What is cyber deterrence? Just as nations attempt to deter rivals from attacking in conventional weapons, so countries are developing the concept of cyber deterrence to help to prevent digital attacks from occurring in the first place -- by making the cost of the attack too high for any potential assailant. One way of doing that is securing and hardening their own computer systems so that is becomes very hard -- and very expensive -- for any attacker to find weaknesses
Thanks to the swiss-cheese nature of so many computer systems the attackers will still have the advantage here. The other option is to impose costs on the attackers through sanctions, criminal investigations or even the threat of striking back. Most recently the US in particular has been attempting to create deterrence through a policy of naming-and-shaming, in particular using indictments to name particular individuals it believes are responsible for carrying out state-backed cyber attacks.However, as hackers (from all nations) continue to poke and pry at the computer systems of their rivals, it would seem that cyber deterrence is at best a work in progress. What is cyber espionage? Closely related but separate to cyberwarfare is cyber espionage, whereby hackers infiltrate computer systems and networks to steal data and often intellectual property. There have been plenty of examples of this in recent years: for example the hack on the US Office of Personnel Management, which saw the records of 21 million US citizens stolen, including five million sets of fingerprints, was most likely carried out by Chinese state-backed hackers. Perhaps even more infamous: the hacking attacks in the run up to the 2016 US Presidential elections and the theft of emails from the Democratic National Committee: US intelligence said that Russia was behind the attacks. The aim of cyber espionage is to steal, not to do damage, but it`s arguable that such attacks can also have a bigger impact. Law scholars are, for example, split on whether the hacks on the DNC and the subsequent leaking of the emails could be illegal under international law. Some argue that it mounts up to meddling in the affairs of another state and therefore some kind of response, such as hacking back, would have been justified; others argue that it was just below the threshold required. As such the line between cyberwarfare and cyber espionage is a blurred one: certainly the behaviour necessary is similar for both -- sneaking into networks, looking for flaws in software -- but only the outcome is different; stealing rather than destroying. For defenders it`s especially hard to tell the difference between an enemy probing a network looking for flaws to exploit and an enemy probing a network to find secrets. `Infiltrations in US critical infrastructure -- when viewed in the light of incidents like these -- can look like preparations for future attacks that could be intended to harm Americans, or at least to deter the United States and other countries from protecting and defending our vital interests,` then-NSA chief Rogers said in testimony to the US Senate. Cyberwarfare and information warfare Closely related to cyberwarfare is the concept of information warfare; that is, the use of disinformation and propaganda in order to influence others -- like the citizens of another state. This disinformation might use documents stolen by hackers and published -- either complete or modified by the attackers to suit their purpose. It may also see the use of social media (and broader media) to share incorrect stories. While Western strategists tend to see cyberwarfare and hybrid information warfare as separate entities, some analysts say that Chinese and Russia military theorists see the two as closely linked. Indeed it is possible that Western military strategists have been planning for the wrong type of cyberwar as a result. www.vsoftsystems.co.za
Search
Recent Articles