The information technology (IT) industry has evolved remarkably over the last half-century. The progress has been continuous and exponential, especially in memory capacity and processing power, which has made hardware faster, smaller, easier to use, and lighter. In parallel with the increasing use of IT, policymakers and experts have expressed concerns about protecting the information and communications technology (ICT) systems from cyber attacks.
Cyber attacks lead to the unauthorized entry of rogue individuals, nations or criminal networks into ICT systems. These groups usually intend to disrupt, damage, and steal vital information, among other criminal actions. Experts in the field expect the number of cyber attacks to continue increasing in the foreseeable future. For this reason, ICT systems need protection from these attacks. So what are cyber attacks? This content highlights what they are, how they are used in modern warfare, the targets, and tactics on how to prevent such attacks.
The Use Of Cyber Attacks In Modern Warfare
Cyber attacks are deliberate attempts by an unauthorized person, group, or organization to gain access to the ICT systems, usually with ill intentions. There are many incidences of cyber attacks. Individuals who undertake cyber attacks are criminals who are usually focused on monetary gain from a variety of data-related crimes, including extortion and theft. Spying is another area where cyber attacks continue to grow.
Espionage in modern warfare is done with the goal of stealing proprietary or classified information that is mainly used by governmental entities or the companies they contract with. State-sponsored hackers have the funds to develop capabilities and implement complex and sophisticated attacks, usually to support a nation’s strategic aims and objectives.
Cyber espionage results in exfiltration of proprietary, financial, or personal information which an attacker can benefit from. This is usually done without the victim ever realizing an attack has even taken place. Other attacks can prevent, slow down or intentionally prevent legitimate users from accessing the system such as denial-of-service attacks.
State-sponsored attacks often lead to non-monetary gains. These types of attacks are growing in number and sophistication,
but there is no clear sense of what an appropriate response should look like. Zachary Goldman, the executive director of NYU’s Center on Law and Security said, “We don’t have a well-developed concept of deterrence. We don’t have a well-developed concept of strategic interaction in cyberspace.”
The globally accepted regulations for defense against attack, Article 51 of UN Charter, is considered by many nations to include the defense against cyber attacks even though cyber conflict is not referred to specifically. Beyond that, there are many gray areas in cyber defense. According to an expert on international cyberspace law at the renowned think tank the Council on Foreign Relations, David Fidler, “In all of the controversies about cybersecurity we only have one incident that really sort of pushes that threshold and the one incident that sort of does bump up against that is the Stuxnet attack on the Iranian centrifuge facilities allegedly conducted by Israel and the United States. Everything else falls well underneath that.”
The US has been linked to cyber attacks. Stuxnet was a computer worm designed to destroy the Iranian nuclear program’s centrifuges. A similar attack was launched against North Korea but failed. It is possible that the US can face a similar cyber assault.
Cybersecurity is considered an arms race where on one side there are attackers while on the other side there are defenders. Even though ICT systems are complex, attackers are always on the move to find vulnerabilities and weaknesses. The attacks in most instances, if successful, will compromise the integrity, confidentiality, and the availability of the ICT system or the information contained.
Even though many of the cyber attacks have limited targets, attacks intended for critical infrastructure could be widely detrimental and usually have significant effects on the economy, national security, and the safety of citizens. Even though such attacks are rare, successful ones pose a greater risk compared to other types of attacks. It is paramount that cyber attacks are managed and mitigated in time before they happen.
Cyber Attack Targets
The following are just a few highlights of cyber attacks targeted at various infrastructures including the financial sector, government, and businesses.
In September 2018, the US Department of Justice (DOJ) announced the extradition and indictment of a Russian hacker who allegedly participated in hacking JP Morgan Chase in 2014 stealing data from over 80 million clients.
In September 2018, the DOJ announced the indictment of Park Jin Hyok, a North Korean hacker who was accused of hacking Sony in 2014, a Bangladeshi bank in 2016 where $81 million was stolen, and the WannaCry ransomware attacks
Also, in September 2018, researchers revealed a new cyber-espionage campaign that was linked to attacks against the Vietnamese energy, defense, and government organizations in 2013 and 2014.
In August 2018, North Korean hackers stole $13.5 million from India’s Cosmos bank after breaking in the bank’s system and authorizing thousands of unlawful withdrawals and illegal money transfers through the SWIFT financial network.
In August 2018, Facebook identified disinformation campaigns on the platform sponsored by Iranian and Russian groups. The campaigns targeted uses in Latin America, the US, the Middle East, and Britain, and involved 652 fake Facebook accounts, groups, and pages.
In August 2018, security researchers reported that Iranian hackers had targeted the websites and login pages of 76 universities in over 14 countries. The attackers stole the credentials of users who attempted to sign in and gain access to library resources for the purpose of intellectual theft.
Also, in August 2018, Microsoft announced that Russian hackers had targeted the US Senators and conservatives critical of Russia.
July 2018 saw the DHS reveal a campaign by Russian hackers in 2017 which had compromised the networks of multiple US electric utilities and put the attackers in a position where they could potentially cause blackouts.
In July 2018, security researchers reported that an Iranian hacking group was targeting the industrial control systems of utility companies in the US, East Asia, the Middle East, and Europe.
In July 2018, Senator Claire McCaskill revealed that her 2019 re-election campaign had been targeted by hackers affiliated with a Russian intelligence agency. However, they unsuccessfully targeted staffers in the office of the Senator with phishing emails intended to harvest passwords.
Tactics To Prevent And Counter Cyber Attacks
A viable tactic for preventing and countering cyber attacks is continuous monitoring. Continuous monitoring is a risk management approach to cyber security that maintains an accurate picture of an agency’s security risk picture while providing visibility into assets and leverages the use of automated data feeds to quantify risks, ensure the effectiveness of security controls, and implement prioritized remedies.
Continuous monitoring is a well-designed program intended to achieve near real-time security status. Since the theater includes widespread cyber attacks, insider threats, and advanced persistent threats, it is essential for agencies to have real-time accurate knowledge of their IT security so that countermeasures are initiated quickly. We've outlined some initiatives below.
National Cybersecurity And Communications Integration Center (NCCIC)
NCCIC is housed in the Department of Homeland Security and is a 24/7 cyber situational awareness, incident response, and management center vital for collaboration on cyber defense between law enforcement, the intelligence community, and the federal government. It shares security information in the public and private sectors to provide an understanding of cybersecurity and awareness of intrusions, vulnerabilities, incidents, mitigation of risk, and recovery actions.
Continuous Diagnostics And Mitigation (CDM)
CDM is a program that dynamically fortifies the cybersecurity of government networks and systems. It provides federal agencies with capabilities and tools for identifying cybersecurity risks, prioritizing them, and facilitating their mitigation. The Congress established CDM as an adequate, risk-based, and cost-effective cybersecurity program for efficiently allocating cybersecurity resources.
The National Cybersecurity Protection System (NCPS) is an integrated system-of-systems that delivers a range of capabilities, such as intrusion detection, analytics, information sharing, and intrusion prevention. NCPS is operationally known as EINSTEIN and is an important program that aids in federal network defense. It provides a common baseline of security across the federal civilian executive branch and helps agencies manage cyber risks. EINSTEIN detects and blocks cyber attacks from compromising federal agencies. It provides DHS with situational awareness to use threat information detected in one agency to protect the rest of the government and private entities.
Cyber attacks result in unauthorized entry to the ICT systems of infrastructure, governments, businesses, and banks. These attacks intend to disrupt operations, damage systems and steal vital information. It is increasingly becoming common for the attackers to use a variety of means and have multiple intentions. More of the attacks are targeting government agencies than they have in the past. Cyber espionage is an aspect of modern warfare and has the goal of stealing proprietary or classified information used by private or governmental entities
Cybersecurity is an arms race where on one side there are attackers while on the other side there are defenders. The attacks in most instances, if done successfully, will compromise the integrity, confidentiality, and the availability of the ICT system or the information contained therein. This is why the government has invested in continuous monitoring initiatives.
Continuous monitoring is a risk management approach to cyber security that maintains an accurate picture of an agency’s security risks. It monitors assets and leverages the use of automated data feeds to quantify risks, ensure the effectiveness of security controls, and implement prioritized remedies. This is achieved via NCCIC, CDM, and EINSTEIN programs. Cyber attacks have become a reality of the modern world. In the same way that navies and coast guards were developed to protect the exchange of goods, we must continue to develop our cybersecurity to protect the data and networked systems we've grown to rely upon.