Executive Department of Defense takes this issue seriously,

Executive
Summary

State
sponsored cyber-attacks is becoming an increasingly difficult information
security issue to address. A cyber-attack is the exploitation of computer
systems and networks.  Cyber Attackers
change computer programming or data, then use this exploit to commit crimes against
people, businesses or sovereign governments. 
Hackers that are backed by nation-sates will remain a significant
challenge for governments and businesses to handle.  Nation-states perform large scale technical
attacks without provocation, notification or attribution.  State-sponsored hackers will use the most
sophisticated techniques to sabotage, misinform or wreak mayhem on the network.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

Laws and warfare in general have not caught up with how to deal with this. 

The
Department of Defense takes this issue seriously, to the point of designating a
combatant command names the United States Cyber Command (USCYBERCOM).

USCYBERCOM plans, coordinates, integrates, synchronizes and conducts activities
to: direct the operations and defense of specified Department of Defense
information networks and; prepare to, and when directed, conduct full spectrum
military cyberspace operations in order to enable actions in all domains,
ensure US/Allied freedom of action in cyberspace and deny the

same to our
adversaries. (“U.S. Cyber Command (USCYBERCOM)”)

Define the core problem(s)

Over the past year, the
American political landscape has been marred by a near-constant and persistent
stream private or protected information finding its way into the media or into
the hands of an unknown element. The headlines are found almost monthly in your
favorite newspaper or national media outlet. In particular, we don’t know if
this information may have changed the outcome of the 2016 United States
Presidential election; however, Russian hackers released volumes of stolen data
in an effort to harm Hillary Clinton’s campaign. (Assessing Russian Activities,
2017)  Months have now passed since the
election of the President of the United States and the presidency is still
besieged with leaks that the new Chief of Staff and others have been tasked to
fix in very short order.

The Internet today is at
the center of economic activity and social life of enterprises and citizens
around the globe. Every day, it becomes more important and more fundamental to
the lives of everyone because of the massive investment in infrastructure made
by businesses. Recently, there has been an escalating
sequence of cyber-attacks involving, in some cases, millions of people across
the Internet. According to Geoff Dyer, director of the US National
Intelligence, “cyber-attacks are now the most pressing threat to the US
security, ahead of Islamist terrorism.” (Dyer, 2013)

Current State of Affairs

The
Internet and communications infrastructure are becoming a critical platform to
conduct business, connect people, classmates, meet future business partners and
provide fundamental government services. But, its nature lends it to exist on a
global platform where the Internet is becoming more ubiquitous in our lives:
any Internet services block or denial have major economic and/or social
impacts.

            The
Internet and Internet Access is a part of the critical infrastructure that
binds today’s society together.  It
serves as a conduit of information between communities, businesses, government
officials, industry, medical and emergency services, military operations as
well as air and sea traffic control systems. It is so important to the American
way of life that it is a viable target for those seeking to assert their
influence and agendas on the rest of humanity. The reliance on the Internet
creates opportunities for cyber-attacks.

            The rate of growth and sophistication in cyber-attacks
has affected the national interests of the United States and has required our government
to adjust their national security policies and national defense strategies.

According to a 2007 Report by the FBI, 108 countries had established offensive
cyber warfare capabilities. Among the countries with the most offensive cyber
warfare capabilities, other surveys mention the USA, China, Russia and Israel. (Markoff,
2010)  At the direction of the President
of the United States, the United States Cyber Command has been elevated to
become a Unified Combatant Command. 
“This new unified combatant command will strengthen our cyberspace
operations and create more opportunities to improve our nation’s defense,”
President Donald J. Trump said in a written statement. (Garamone 2017)

            The elevation of the command demonstrates how the current
state of affairs has given the United States reason to increase its resolve
against cyberspace state and non-state hackers. 
This will also help to ensure that the allies of the United States and their
partners have the necessary tools to deter adversaries.  State sponsored hackers is causing a cyber to
start brewing.  Right now, this may be construed
as to how governments conduct covert/clandestine cyber operations; however, experts
believe that the battleground is shifting from government entities to the
private sector and to civilian targets that provide many essential services to
public. (Violino, 2013) The question then becomes, does
the government consider a deliberate and targeted attack on a personal citizen
an act of war or even cyber war?

Adversary Viewpoint

Take the recent attacks on
the US Democratic National Committee (DNC) as a prime example – not only did
the attackers stand to gain strategically useful information, they demonstrated
their ability to influence a national election, exposing the Clinton email
scandal and bringing the Democratic Party’s internal power politics to light. State-backed
attacks are not contained to corridors of power like the Kremlin and the
Pentagon. Private enterprises that engage in sensitive activities or support
government systems are just as likely to come under attack as public
institutions. The same is true for non-profit and regulatory bodies. As the
recent Russia-based hack by so-called FANCY BEAR on the World Anti-Doping
Agency (WADA) indicates, activity which is perceived to damage the Russian
national character is liable to call down a retributive state-sponsored attack
– in this case, as revenge for banning Russian athletes from the Olympic and
Paralympic Games for drug use.

            Clearly,
being seen to support a particular state’s interests can put an organization in
serious danger of attack. Organizations of all kinds need to be aware of this
powerful type of threat – the days when companies had nothing worse to fear other
than enterprising thieves are long gone. It is essential that security
directors have the knowledge and the tools to defend their businesses against
state-prompted cyber threats. To do this, they must first understand the key behaviors
of state-sponsored hackers. Anonymity and the cyber spy prefer to use tactics
that would be equivalent to ‘denial and deception’ – essentially the practice
of using a false identity to throw investigators off the trail. The anonymity
of web-based attacks means that nation-states can operate via puppet actors,
making it extremely difficult to prove links between individual hacks and state
intelligence. Even if those links are made, it is still unlikely that analysts
will be able to determine the exact origin and purpose of the orders behind
them. For example, FANCY BEAR carried out the WADA breach using patterns which
are strikingly similar to known Russian modus operandi. The waters are muddied,
however, by the fact that they also claim allegiance with Anonymous Poland, a
hacker group which ordinarily operates within the Polish political sphere and
with Polish interests in mind.

Anatomy of a Hacker

With today’s technology, it is not hard to be a good hacker within
the personal/non-state/private or state sponsored sector. The odds of success are
actually in favor of hackers because while the governments or businesses they
target have to make sure every tool, system and interaction is secure, the
hacker needs to find just that one vulnerability or zero-day exploit, that one
open seam to gain access. Through technology, it is possible to become a good
hacker, but it’s hard to become a great hacker, much less find an Army of
hackers. Great hackers have four critical personality traits: social, curious,
adaptable and motivated.

Curious: Great hackers have a morbid and are insatiable curiosity.  They will consistently question the inner
workings of a system, how an organization is constructed, the motivations of
the employees until they get to their ultimate end state.  That end state is a deeper understanding the
of the technology/code and the people who operate it.  If a hacker were to merely depend on luck,
instinct or pre-conceived notions that is an easy way to ensure your failure or
worse, get caught by the authorities. (Arora, 2017)

Social: “Every hacker attacks technology, but smart hackers attack people
and how they interact with technology and the best hackers know when to do
which and when.” (Arora, 2017) The
popular belief or stereotype is that hacker are lacking in social graces.  In order to be successful, cyber-attackers need
to be observant of the behavior of their human targets as well as the have a
detailed understanding of the technology that will be exploited. People,
sometimes known as “wet-ware” has proven to be the weakest link when it comes
to security. The number of spam emails containing malicious content (links or
attachments) is on the rise, partly in part because of their success. 

Adaptable: To be successful, hackers need to learn from their mistakes and
successes, especially from the cyber-attacker at large. Although adaptability
is important, there are still exploits that work to this day.  Buffer overflows, distributed denial of
service attacks still work to this day. 
Also, no matter how much training is given to users, email remains as an
attack vector for hackers to get access to networks and to critical data.  Hackers still get caught because they
overestimate their ability to be either clandestine or covert.  Truly gifted and well-resourced hackers must
constantly change and adapt their tactics, techniques and procedures to accomplish
their goals. (Arora, 2017)

Motivated: Making headlines in the news is the sign of someone who had
malicious intent. They may intend on getting rich, influence politics, or even
to just embarrass their victim(s). State sponsored hackers have a need to
protect the people and governments they represent. They are motivated by doing
the right thing from their vantage point. 
That is the difference between those who hack to protect the integrity
of data and those who look to expose it those who were not meant to see it.

Current Approach to a Way Ahead

The Risk
Management Framework provides a process that integrates security and risk
management activities into the system development life cycle. The risk-based
approach to security control selection and specification considers
effectiveness, efficiency, and constraints due to applicable laws, directives,
Executive Orders, policies, standards, or regulations. (Risk Management, 2017)
The following activities related to managing organizational risk are an effective
information security program and can be applied to both new and legacy systems
within the context of the system development life cycle:

One
of the strategies that an organization can do to prevent attacks in the future
is to transition to a risk-based approach as outlined by the National Institute
of Standards and Technology.  The
approach is simple – provide access to the least amount of network-based
resources for the least number of individuals, who are then granted the lowest
level of privileges required to perform their job. (Taddeo, 2017) Network and
Software access is defined by policies which fact in all aspects of the server,
client and software architecture as a part of the authentication process.

Anyone can be a victim of a “state-sponsored”
cyber threat whether it takes the form of identity theft, malware or DDoS
attack. Therefore, it is crucial for organizations to learn how to defend
themselves. Although there isn’t a way to completely diminish “state
–sponsored” attacks, there is a way to make them less successful by educating
users to stay alert, recognize and report threats, while working from an
‘invisible’ network. Is there a truly defined goal/outcome.  Is the US
trying to eliminate the threat or trying to protect NS data? Are these goals
achievable? How is the US doing in that regard?

Conclusion

After defining the core problem
and outlining the current state of affairs an analysis can begin on
understanding the viewpoint of the adversary and what motivates them. Finally,
a discussion of what the current way ahead is for the government. The risk
management framework is the most important tool in the toolkit of the business
to protect their data.

The emerging information
security issue is state-sponsored cyber-attacks and those that conduct
them.  Hackers that are starting to be
resourced by nation-sates and will remain a significant force for governments
and businesses to manage in the future. 
State-sponsored hackers will use the most sophisticated techniques to
sabotage, misinform or wreak mayhem on the network. Laws and warfare in general
have not caught up with how to deal with this.  

Comments are closed.