By Bryan Becker, DAST Product Manager, WhiteHat Security
The terms cyberattack and cyberwar have similar meanings, but there are differences to how we should characterize and regard them. Typically, a cyber attack is a single instance attack that may or may not be part of a larger “war” between parties. Conversely, a cyberwar – or cyberwarfare – usually encompasses a strategy that drives long-term offensive and defensive operations and is likely waged by a nation-state backer. Cyberwarfare is an ongoing event that encompasses many aspects of information security.
When we look at the state of cybercrime in the U.S., attackers continue to demonstrate an ability to penetrate the perimeter, steal sensitive data and intellectual property, and disrupt operations of large and small corporations and private business, as well as federal, state and local government entities. Attacks are widespread, and as we’ve seen during recent elections, exacerbated by an unpredictable political climate.
Given how prevalent cyberattacks are in the U.S., it’s exponentially more complex to consider what’s necessary to defend the entire country against a full-blown cyberwar – and it quickly becomes apparent how woefully behind the rest of the developed world the U.S. remains, with regard to preparedness and ability to defend against a sustained and coordinated cyberwarfare campaign. Based on today’s climate, it will easily take at least a decade for the U.S. to catch up with its allies and competitors in terms of nation-state attack protection.
It may or may not come as a surprise that North Korea is near the top of the U.S. cyber adversary list, with Russia posing the largest threat – both immediate and long term. The reason for this is that Russia and North Korea have invested in and continually grown their respective cyber operations dating back as far as the Cold War. Therefore, their experience is decades ahead of the rest of the world. The biggest differences between these two countries are that North Korea tends to focus its efforts on stealing money to enrich the current regime, while the broader Russian strategy is clearly about destabilizing a country by amplifying existing divisions.
China is near the top of the list, as well. Their main goals in cyberwarfare are separate from those of Russia and North Korea – they are more interested in technology theft and obtaining personal identifying information on citizens to target for espionage efforts. On the first topic, China’s “Five-year plan” (currently from 2016 – 2020) can be viewed as a shopping-list for targeted cyber attacks attempting to steal information. If you are in an industry that aligns with a goal in their plan, expect to see activity coming from China’s direction.
On the topic of targeting individuals to further China’s espionage efforts: How do you pick a target who is likely to commit a crime for money? You start by making a list of people who both have the access you need and need the money. You may not be willing to copy a few documents in exchange for a new car, but you might be willing to do it to pay for your sister’s chemotherapy – this is one reason why healthcare is such a big target.
Cybercrime is international or transnational – meaning, there are no ‘cyber-borders’ separating countries. For this reason, international cybercrimes often challenge the effectiveness of domestic and international law and law enforcement. It’s important to make a distinction between defense and offense here. The United States Cyber Command can put on a formidable offense based upon previous operations (with the assumption that its full capabilities are protected as highly classified). Despite this, U.S. defensive capabilities are near the worst when compared to the rest of the world.
Presently, the greatest asset for the U.S. is its cybersecurity industry, which is somewhat fitting for a capitalist nation – but, the challenge is procuring support from organizations that may not be aware that they need strong cybersecurity measures to protect against foreign powers. For example, there is a troublesome hole in the security postures for infrastructure and industrial control systems (ICS) that run our utilities. The old adage, “you’re only as strong as your weakest link” can be applied here – this vulnerability presents a great danger to our country. Of course, more and more companies are trying to eliminate the vacuum that exists in this landscape – but generally, it has yet to be fully addressed. To understand just how dangerous this type of attack could be, consider this: Russia has already infiltrated the control rooms of multiple power plants across the U.S. The full extent of these intrusions does not seem to be public information, but this is the same thing Russia did to Ukraine in 2015 and 2016, before Crimea was annexed and tensions escalated to armed conflict.
It’s important to consider that threats in the cyber realm can easily evolve to the physical realm and therefore, U.S. cyberwarfare defenses are best left to the military, and perhaps some very specialized contractors, as opposed to relying on the technical expertise of those in the cybersecurity industry. In the InfoSec world, there is little relationship between offense and defense – that is to say, “the best defense has nothing to do with the offense.”
Challenges are looming in the rest of the world, too. Brexit is poised to cause a weakened national security posture for both the UK and the whole of the EU, including cybersecurity. Pushing the UK away from Europe only decreases information sharing and trust, while increasing skepticism towards “motives” when sharing or cooperating on intelligence operations.
The fact is, the wider international community understands and manages physical conflicts, how to provide recovery efforts and humanitarian aid. But cyberwars remain somewhat unknown, even though they can sometimes be as damaging, and there is a scarcity of international laws to regulate the incidents. The digital world we have come to know is something akin to American western frontier days; the difference is that now, the outlaws are state-sponsored black hats, available to champion any malicious cause for a price. It will take a careful collaboration of resources and very many summits to elevate international cybersecurity to the necessary level of priority and urgency so that the U.S. and each allied country can achieve more careful collaboration and protection for citizens and global interests.
About the Author
Bryan Becker is the DAST Product Manager at WhiteHat Security. Bryan has been working in application development and security since the startup scene in 2003. Before working at WhiteHat Security, he worked as a contractor in the startup hub of Asia, Shenzhen, China. There, he helped multiple startups develop internal and external facing applications, as well as developed strong security policies that are realistically achievable with strapped resources. He has also been heavily involved in the blockchain startup industry in Hong Kong, where he helped small teams get proof-of-concept blockchain apps up and running to present to venture capitalists.