What the coming “Splinternet” means for cybersecurity


It was good while it lasted. But day by day, it seems as if the ‘global’ internet is slowing splintering along geopolitical lines. This cyber-balkanisation has many fronts, but it’s perhaps seen most clearly in the renewed focus by the US government on integrity in its supply chain. Foreign providers in this complex chain of interdependencies, such as Kaspersky Lab and Huawei, have been caught in the crossfire as collateral damage.

In fact, a kind of “cyber-land grab” is already taking place on a monumental scale by the world’s most powerful nations. Those countries and companies caught in the middle better work out quickly where the threats lie, and which side they want to align with, as the world slips towards a cyber-Cold War.

A divided world

What is cyber-balkanisation? At a very high level it can be characterised as an end to the idea of a globally united internet promoting collaboration, innovation and information sharing. Whether the fault lines come via competing technologies, commerce, politics, nationalism, religion, or other interests, the result is the same: a divided, distrustful and destabilised world.

The splinternet is, in many ways, most evident in China — a nation which has done much to segregate its portion of the internet from the rest. In fact, the so-called “Great Firewall” is a troubling example of how political will — if determined enough — can achieve significant efforts by leveraging technology. In this case, the Communist Party of China has managed to effectively censor and portion off the “Chinternet” of over one billion people from the rest of the world. Now Beijing is a leading voice in the UN advocating what it describes as “internet sovereignty” — the tearing down of global norms, information sharing and online rights in favour of an internet run along geopolitical lines. Most notably, Russia has followed suit. One doesn’t get the sense that the notion is that abhorrent in the West, either.

It’s still unclear how this trend might ultimately impact the world. But we can say for sure that it poses a threat to hard won internet freedoms, international data flows and the possible development of global cybersecurity laws.

The fight for integrity

Perhaps an even more noticeable global trend of late is the cyber-balkanisation of software and systems — a trend which is already having a major impact on cybersecurity. It all boils down to the issue of integrity. The widely accepted “CIA” security model comprises confidentiality, integrity and availability. Confidentiality is perhaps the most obvious element as it covers the threat of data theft which has exploded over the past few years. Availability is also front-of-mind for most organisations faced with Denial of Service and now ransomware attacks. However, integrity has perhaps not quite had the same billing as the other two of late.

That doesn’t mean it’s not still vital to any effective security strategy. Just think back to Stuxnet. It’s now commonly understood that US and Israeli state hackers developed the attack to slow Iran’s nuclear programme. They did this by targeting the centrifuges and the telemetry used by engineers to manage and troubleshoot systems at the Natanz uranium enrichment facility. The Stuxnet attack very effectively exploited the supply chain by first compromising a contractor’s computer, infiltrating his development environment and then injecting malware into the legitimate code he was writing to run on the Siemens industrial control system. In so doing, the state operatives exploited the inherent trust implied in the supply chain, and also made it very hard for the engineers to determine the root cause of the problem.

This is what integrity is all about: ensuring that information is credible, accurate and trustworthy. Remove that, and you have a problem.

A recent Chatham House report outlined an even more serious way in which integrity could be undermined by hackers. Cybersecurity of Nuclear Weapons Systems: Threats, Vulnerabilities and Consequences, describes a scenario in which data manipulation, DOS attacks and “cyber spoofing” could “jeopardise the integrity of communication, leading to increased uncertainty in decision-making”. The outcome could be catastrophic, Chatham House warns, claiming that “inadvertent nuclear launches could stem from an unwitting reliance on false information and data.”

Supply chain segregation

That same report references claims that US cyber-operatives may have already infiltrated the supply chain of North Korean military to scupper missile tests. The supply chain therefore becomes a key frontline in cyberspace: it offers multiple points of attack for hackers and nothing but sleepless nights for defenders. Even worse, the complex web of partners and suppliers to most governments, critical infrastructure (CNI) firms and enterprises today is global, further increasing risk.

That’s why the US is ramping up its efforts to de-risk the supply chain by blocking foreign tech providers from competing for contracts in strategically important sectors. Russian AV firm Kaspersky Lab, despite protesting its innocence, has been accused of being a national security risk and banned for federal use. Proposed legislation would do the same to Chinese telecoms giants Huawei and ZTE, with the former already seeing a deal with AT&T fall through after pressure from Washington. The rhetoric coming from the US would certainly seem to suggest further moves to limit Chinese influence in the supply chain.

This is not just happening in the US, of course. In China, the ultimate aim seems to be self-reliance in the technology sphere. In 2014, Windows 8 was banned for government use, whilst a new Cybersecurity Law will place onerous new requirements on foreign tech companies wanting to sell into the country. In fact, that law can also been seen as an effort to further tighten control of the internet inside the Great Firewall.

On the offensive

The other side of these efforts to reduce supply chain risk is an offensive move by governments to proactively research and develop vulnerabilities and exploits, covertly infect machines in key strategic locations and industries, and conduct reconnaissance against CNI. The NSA’s work has come back to bite it in this respect, after Russian intelligence appeared to discover and then leak some of these exploits. One called EternalBlue was used to spread the notorious WannaCry ransomware. However, this R&D work undoubtedly continues among the major superpowers.

This amounts to nothing short of a cyber version of manoeuvring troops on a contested border, or flying stealth fighters over enemy territory. It’s about finding out as much about the enemy as possible, in a bid to gain tactical supremacy in the event that the worst-case scenario happens and war does indeed break out. Russia is certainly doing it; so much so that the NCSC has publicly acknowledged its attacks on the UK’s media, telecommunications and energy sectors. China is also ploughing billions into its own cyber-warfare capabilities.

The challenge for weaker nations caught in the middle of this slowly developing cyber-Cold War is that, for many, key systems and CNI industries may already be compromised. What do you do if your national sovereignty is essentially built on sand? The only choice remains to ally with a superpower in the hope of some kind of quasi-feudal protection.

In the meantime, organisations must be alert to the possibility that they may also be singled out as strategic pawns in this global game. That makes it vital to focus investments on comprehensive, best practice security that allows you to assess, detect, protect and respond. In a fragmenting world, those who prioritise visibility and rapid response will be in the strongest position.

Charl van der Walt, Chief Security Strategy Officer, SecureData
Image source: Shutterstock/Toria