As “cyber cold war” heats up, U.S. seeks new ways to deal with threats

null

The Cyber Cold War is upon us.

While Great Powers would once clash via proxies on real-world battlefields, today, the fight has shifted to the digital arena.

This has changed the nature of the game in a few important ways. First, it has opened the door for exponentially more players. Might used to be measured in military hardware. Today it’s measured in cyber prowess. This means that weak nations, even economically and technologically backward ones, are now able to become formidable adversaries.

Take the cyber threat posed by North Korea. Over the past several years, Pyongyang has slowly developed its cyber army, funding shadow hacker groups such as the Lazarus, a group that has been implicated in several high profile hacks from the past decade. North Korea’s cyber capabilities made headlines after both the American and British intelligence communities confirmed that the country was behind the WannaCry epidemic of last May. WannaCry began as a single infection of ransomware, most likely in a port located somewhere in Asia, and quickly spread to affect tens of thousands of systems around the globe, including those of the British National Health Service (NHS). The lack of access to vital data meant that many hospitals were rendered largely inoperable, and thousands of patients were turned away. WannaCry took the North Korean threat to a different level. The operation demonstrated that North Korea’s hackers were able to affect more than data security, and could extend the consequences of their attacks to the real world. As Thomas P. Bossert, assistant to President Trump for homeland security and counterterrorism put it, “the consequences and repercussions of WannaCry were beyond economic. These disruptions put lives at risk.”  

A similar pattern can be seen with the development of Iran’s cyber capabilities. For years, the US has been fending off Iran-backed hackers targeting its critical infrastructure. In 2013 for instance, Iranian hackers successfully hacked a New York State dam, an event that could have ended in disaster if the floodgates had not been manually disconnected from the digital system at the time.      

The danger of state-backed hacker groups targeting critical infrastructure has only increased in the past months. Recently, several federal agencies including the FBI and Department of Homeland Security reported that a "multi-stage intrusion campaign” had been identified targeting private firms running vital utilities in the “energy, nuclear, water, and aviation sectors.”

To their credit, both policymakers and the administration have been active in addressing this growing threat. Back in May, president Trump signed an executive order on “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.” To help bolster the civilian realm, the order requires several federal agencies, including the Department of Defense, Department of Labor, and DHS, collectively produce regular reports to the president on how to better secure private IT grids.

Congress has also been busy pushing forward legislation designed to defend digital systems. Lawmakers from both sides of the aisle have sponsored bills to regulate technology used in US elections, and deter foreign interference during voting. In December, the House passed H.R. 3359, that established the Cybersecurity and Infrastructure Security Agency (CISA), a federal body now in charge of securing the country’s digital grids.  

Staying safe

Taken together, these trends are sending one clear message: Data infrastructure is the “soft underbelly” of the the United States, a vulnerability that adversaries are fervently trying to target, and the government is racing to protect.

All of this has important implications for the private sector. While businesses may have once only been concerned with guarding their systems from profit-motivated cybercriminals, today, they have become potential targets in a rapidly expanding cyber conflict. The groups charged by state actors with attacking Western grids will continue to exploit all possible weaknesses in order to penetrate systems.

What are some steps that companies can take to secure themselves against this threat?

Taking a look at the most prevalent vulnerabilities in the current IT environment, weaknesses in authentication practices stick out in a big way. This is primarily due to the fact that most authentication systems still largely rely on passwords, a method of identity verification that has always been weak and is growing weaker by the day. Research has shown the overwhelming majority of users create simple, easily breakable passwords, just because they are convenient to remember. With the proliferation of hacking technologies, more and more cyber criminals now have access to the tools necessary to crack even complex passwords. Considering all of this, it is no surprise that Verizon in their 2017 Data Breach Investigations Report (DBIR) stated that 81 per cent of all hacks from the previous year had been executed by hacking passwords.  

Pointing to passwords as the weak point that state-backed cyber criminals will target is no mere speculation. Password cracking was in fact the method of choice for Iranian hackers when they targeted the private accounts of dozens of British parliament members last June.

Simply put, today’s authentication standards, which rest very much on passwords, make organisations and even private users open targets for state cyber teams. The growing threat of state sponsored cyber criminals will almost definitely be a major force in driving the industry of authentication away from passwords and into the growing array of alternative technologies, such as biometrics, authenticator tokens, and other business scalable solutions such as push-notification apps, that circumvent the vulnerabilities of traditional passwords. As the world becomes more aware of the cyber threats posed by rogue governments, these solutions will become the standard tools of authentication, helping to close the security gap currently left wide open by the contemporary password model.       

Raz Rafaeli, CEO and co-founder, Secret Double Octopus
Image Credit: Elena11 / Shutterstock