Replacing guns for exploits and drones for botnets

The American Heritage dictionary states the definition of war as “a state of open, armed, often prolonged conflict carried on between nations, states, or parties.” Richard A. Clarke, former National Coordinator for Security, Infrastructure Protection and Counter-terrorism for the United States, defined cyberwarfare as “actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption”. The overlap that becomes visible here, lays within the elements of damage and nations.

Scientists believe the first war dates back 13.000 years ago in North Sudan. The old wars concern visibility and directness. However, the current war is far less physical. This is because the continues technological breakthrough, such as weaponized biological toxins and chemicals, has fast risen to the modern warfare. Therefore, according to a study by the Stockholm International Peace Research Institute the world military spend $1.69 trillion in 2016, which is 2.2 % of the global GDP.

With the current economic challenges for many nations, an enormous pressure lays on governments. As an example, the Iraq war has costed the United States $2.2 trillion, including substantial costs for veteran’s care and exceeded the initial estimate by the government of $60 billion.

The in 2013 conducted review by The NATO, stated that the cybersecurity industry is becoming the most important defense industry. It is expected that 40% of this industry will be driven by homeland security agencies and defense.

Cyberwarfare offers nations many benefits including a strong economical aspect. While there are no official numbers on the costs of nation state attacks some researchers provide insightful estimates. As an example, Costin Raiu who is the Head of Global Research and Analysis at Kaspersky Labs, estimated that Stuxnet has cost the United States something close to $100 million to develop.

The Department of Defense (DoD) has requested $8 billion for cyberspace operations for the fiscal year 2017. This is an increase of 19 % compared to the previous year. $647 million of that total budget will be allocated for the U.S. Cyber Command (USCYBERCOM). This is only a small fraction of the overall DoD $582.7 billion budget.

Besides the economical aspect there is also a concern of the fast, undercover and higher effectiveness aspect. According to a study from International Telecommunication Union in 2015 more than 3 billion people are now using the Internet. Almost 2 billion of them are living in developing countries. Much of the connectivity growth comes from mobile broadband. The report confirms that broadband is currently affordable in 111 countries. The digital transformation has become reality and billions of people around the world are connected. The problem is that many nations and commercial customers are still not prepared because they miss the cybersecurity fundamentals. This is because they try to fight today’s cyber threats with yesterday’s technology. There are many nation-state attacks happening every day. Below you can find 3 publicly known nation-state attacks and how they have been executed. It is clear that the cyberspace is an active war zone.

Grizzly Steppe: In an analytic effort between Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) the group published the Joint Analysis Report (JAR-16-20296A). This document provides details regarding the tools and techniques used by the Russian civilian and military intelligence Services (RIS) to compromise the U.S. election, as well as a range of U.S. Government, political, and private sector entities.

OPM: In 2015 the U.S. Office of Personnel Management (OPM) has been compromised and 4 million federal workers’ personal data got stolen. While no clear evidence has been provided the U.S. government mainly Sen. Susan Collins suspected China behind this attack. China allergically denied any involvement in this attack.

Olympic Games: According to anonymous sources in the U.S. government operation Olympic Games were a joint operation among National Security Agency (NSA), Central Intelligence Agency (CIA) and Israel. The operation was led by the CIA and had the objective to slow down Iran’s nuclear program. The exploit that was codenamed Stuxnet had been discovered by security companies in 2010 that caused concerns by U.S. officials but at that point president Barack Obama secretly ordered to continue the operation. This operation has destroyed nearly 1.000 of Iran’s 6.000 centrifuges.

Compared to the physical warfare the cyberspace allows nations to hide and it reduces risks and costs compared to conventional attacks. We are in the middle of a worldwide cyberwar and there is not only one nation behind it.

As part of the Joint Analysis Report (JAR-16-20296A) the U.S. government has published a list of recommended mitigations. It is a symbol of commitment to Cybersecurity best practices and I recommend everyone to familiarize themselves with it. But remember it is not just about technology but also about having the right process and people. The best technology cannot help you If you do not have the right people that can use it with a crisp and transparent process.

Best Practices:

1. Backups: Do we backup all critical information? Are the backups stored offline? Have we tested our ability to revert to backups during an incident?
2. Risk Analysis: Have we conducted a cybersecurity risk analysis of the organization?
3. Staff Training: Have we trained staff on cybersecurity best practices?
4. Vulnerability Scanning & Patching: Have we implemented regular scans of our network and systems and appropriate patching of known system vulnerabilities?
5. Application Whitelisting: Do we allow only approved programs to run on our networks?
6. Incident Response: Do we have an incident response plan and have we practiced it?
7. Business Continuity: Are we able to sustain business operations without access to certain systems? For how long? Have we tested this?
8. Penetration Testing: Have we attempted to hack into our own systems to test the security of our systems and our ability to defend against attacks?

Top Seven Mitigation Strategies:

1. Patch applications and operating systems – Vulnerable applications and operating systems are the targets of most attacks. Ensuring these are patched with the latest updates greatly reduces the number of exploitable entry points available to an attacker. Use best practices when updating software and patches by only downloading updates from authenticated vendor sites.
2. Application whitelisting – Whitelisting is one of the best security strategies because it allows only specified programs to run while blocking all others, including malicious software.
3. Restrict administrative privileges – Threat actors are increasingly focused on gaining control of legitimate credentials, especially those associated with highly privileged accounts. Reduce privileges to only those needed for a user’s duties. Separate administrators into privilege tiers with limited access to other tiers.
4. Network Segmentation and Segregation into Security Zones – Segment networks into logical enclaves and restrict host-to-host communications paths. This helps protect sensitive information and critical services and limits damage from network perimeter breaches.
5. Input validation – Input validation is a method of sanitizing untrusted user input provided by users of a web application, and may prevent many types of web application security flaws, such as SQLi, XSS, and command injection.
6. File Reputation – Tune Anti-Virus file reputation systems to the most aggressive setting possible; some products can limit execution to only the highest reputation files, stopping a wide range of untrustworthy code from gaining control.
7. Understanding firewalls – When anyone or anything can access your network at any time, your network is more susceptible to being attacked. Firewalls can be configured to block data from certain locations (IP whitelisting) or applications while allowing relevant and necessary data through.

In human history there are many examples on how a certain innovation or groundbreaking technology benefited thousands, but at the same time could harm millions. Therefore, it is no surprise that while digitalization offers a tremendous amount of benefits cyberwarfare has become reality. We can no longer close our eyes and ears and pretend this is not happening. Collectively we need to understand the sense of urgency and drive for a secure digital transformation.